Trust
Security Policy
SignWorkflow is designed with security-focused application patterns intended to support secure document handling, controlled access, and reviewable operational behavior. AI-assisted document review is part of the product experience, with access controlled through the same workspace and entitlement model.
Application security
The product includes patterns such as authenticated sessions, secure cookies, CSRF protections, access controls, audit logging, and document storage controls.
Implementation details
- Authenticated application routes separate public marketing pages from private workspace actions.
- Workspace roles and plan gates limit sensitive actions such as audit exports, retention changes, billing, and member administration.
- Document events are written into audit-oriented records so teams can review status changes, signer activity, and governance actions.
- AI document review features are gated by workspace access and plan entitlements before summaries, translations, explanations, or risk analysis are generated.
- Retention and legal-hold workflows are designed to prevent premature deletion when a record still needs to be preserved.
- Google Drive and Dropbox exports use per-user connections so completed PDFs are exported only when an authorized user initiates the action.
Document controls
Version history, signing events, audit trails, retention-aware settings, and legal-hold-aware workflows help teams keep completed records understandable after signature. AI summaries, translation, clause explanations, and risk analysis can support review before signature, while customers remain responsible for final business and legal decisions.
Operational responsibility
Security outcomes also depend on environment configuration, storage setup, credentials management, email provider settings, and internal operating practices.
Compliance positioning
This page describes security-oriented product behavior and should not be interpreted as a certification claim unless explicitly stated elsewhere with supporting validation.
View the Trust CenterQuestions
For customer security reviews, rollout questions, or product-behavior clarifications, contact the team directly.