Skip to content
ZiaSignZiaSign
ZiaSign
    • Individuals & TeamsPay by document, unlimited users.
    • DevelopersREST API, SDKs, webhooks, sandbox.
    • EnterpriseSSO, QES, dedicated CSM, on-prem.
    Individuals pricingDevelopers pricingEnterprise pricing
  • Free PDF Tools

  • Browse by topic

    • Getting StartedQuickstart, account, first send
    • Documents & SigningPrepare, send, sign, track
    • Developer APIREST, SDKs, webhooks, sandbox
    • AI FeaturesField detection, summaries, Q&A
    • Billing & PlansSubscriptions, invoices, limits
    • Mobile AppiOS & Android guides

    Quick links

    • Quickstart
    • API reference
    • Authentication
    • Webhooks
    • How-to guides
    • Changelog
    Building with the API?Free sandbox, full REST + webhooks, SDKs in 5 languages.
    Browse all documentation
  • Pricing

  • Company

    • About
    • Blog
    • Investors
    • Security

    Compare

    • vs DocuSign
    • vs Adobe Sign
    • vs PandaDoc
    • vs iLovePDF
    • vs Smallpdf
    • vs PDF24
    • vs Sejda
    Investor connectLatest blog
PDF ToolsFreePricing
Start Free
Start Free
  1. Home
  2. Documentation
  3. Getting Started
  4. Security & Compliance
Getting Started

Security & Compliance

How ZiaSign protects your data: encryption, compliance certifications, infrastructure security, and privacy practices.

Last updated April 10, 2026
Quickstart GuideAccount & Organization SettingsDocument TemplatesSecurity & ComplianceHelp & Support
Sending Documents for SignatureThe Signing ExperienceAudit Trail & Legal ValidityBulk SendPDF ToolsDocument Editor & StudioDocument LibraryAnalytics & Reports
API AuthenticationDocuments APIWebhooksSandbox & TestingEmbedded SigningIntegrations
AI Contract AnalysisAI Smart Workflows
Plans & PricingBilling & InvoicesReferral Program
Mobile App Guide
Changelog & Release Notes

Encryption

In Transit

All data is encrypted in transit using TLS 1.3 with modern cipher suites. We enforce HSTS and certificate pinning.

At Rest

Documents and user data are encrypted at rest using AES-256 encryption. Encryption keys are managed through Azure Key Vault with automatic rotation.

Document-Level Encryption

Each document has its own encryption key, derived from a master key. Even if one key were compromised, it could not decrypt other documents.

Infrastructure Security

ZiaSign is hosted on Microsoft Azure with enterprise-grade security:

  • Network isolation — Services run in private virtual networks
  • DDoS protection — Azure DDoS Protection Standard
  • WAF — Web Application Firewall for API and web traffic
  • Monitoring — 24/7 security monitoring with automated threat detection
  • Backups — Geo-redundant backups with point-in-time recovery

Compliance

StandardStatus
SOC 2 Type II✅ Certified
GDPR✅ Compliant
CCPA✅ Compliant
HIPAA✅ Available on Enterprise plans (BAA provided)
eIDAS✅ Compliant for Advanced Electronic Signatures
ISO 27001🔄 In progress

Access Control

  • Role-based access control (RBAC) for team members
  • SSO/SAML integration for Enterprise accounts (Okta, Azure AD, OneLogin)
  • Multi-factor authentication (MFA) available for all accounts
  • Session management — configurable session timeouts and concurrent session limits

Data Privacy

  • Your documents are never used to train AI models
  • Document content is only accessed for features you explicitly use (e.g., AI analysis)
  • Full data export available via Settings → Data → Export
  • Right to deletion — request complete data deletion via Settings or by contacting support
  • Data Processing Agreement (DPA) available on request for Business and Enterprise plans

Penetration Testing

ZiaSign undergoes annual penetration testing by independent security firms. Enterprise customers can request a summary of findings.

Reporting Vulnerabilities

If you discover a security vulnerability, please report it responsibly:

  • Email: security@ziasign.com
  • We acknowledge reports within 24 hours
  • We aim to resolve critical vulnerabilities within 48 hours
  • We do not pursue legal action against responsible disclosures

Frequently asked questions

Is ZiaSign SOC 2 compliant?

Yes. ZiaSign has completed SOC 2 Type II certification, audited by an independent third party. Contact sales for a copy of the report.

Where is my data stored?

By default, data is stored in Azure data centers in the United States. Enterprise customers can choose EU, Asia-Pacific, or other regional data centers.

Is ZiaSign GDPR compliant?

Yes. ZiaSign is fully GDPR compliant. We act as a data processor for your documents and provide a Data Processing Agreement (DPA) on request.

Related documentation

Audit Trail & Legal Validity

Every document includes a comprehensive audit trail that provides legal evidence of the signing process.

Account & Organization Settings

Manage your account, workspace, team members, sharing policies, and notification preferences.

API Authentication

Authenticate your API requests using API keys with HMAC-SHA256 request signing for maximum security.

Previous

Document Templates

Next

Help & Support

On this page

EncryptionIn TransitAt RestDocument-Level EncryptionInfrastructure SecurityComplianceAccess ControlData PrivacyPenetration TestingReporting Vulnerabilities

Product

  • eSignature
  • AI Document Assistant
  • Templates & Workflows
  • Pricing
  • What's New

Solutions

  • Individuals & Teams
  • Developers & API
  • Enterprise
  • Trust & Security

Free PDF Tools

  • Browse All Tools
  • Merge PDF
  • Split PDF
  • Compress PDF
  • PDF to Word
  • Use-Case Guides

Developers

  • Documentation
  • API Reference
  • How-To Guides
  • Status

Compare

  • vs DocuSign
  • vs Adobe Sign
  • vs PandaDoc
  • vs iLovePDF
  • vs Smallpdf
  • vs Sejda

Company

  • Investors
  • Blog
  • Privacy
  • Terms
  • DPA
  • Sub-processors
ZiaSignZiaSign
ZiaSign

Sign. Automate. Scale — with AI.

© 2026 ZiaSign. All rights reserved.

SOC 2 (in audit)GDPR · DPDPeIDAS · ESIGN