Skip to main content

Security Architecture

SignQuick is built with defense-in-depth controls so independent professionals can send and sign agreements with confidence.

Platform Controls

  • Transport encryption with TLS for all web traffic.
  • Encrypted storage for signed documents and audit events.
  • Role-based access controls for account and team-level permissions.
  • Tamper-evident audit trails for signature activity and document events.

Compliance Posture

SignQuick supports workflows aligned with the U.S. ESIGN Act and UETA. The Service runs on infrastructure providers (Supabase, Vercel) that hold current SOC 2 Type II attestations, and we inherit the corresponding controls at the hosting layer.

SignQuick itself has not completed an independent SOC 2 audit, and the Service is not HIPAA-compliant. We do not sign Business Associate Agreements (BAAs) and the Service is not appropriate for Protected Health Information (PHI/ePHI), cardholder data (PCI DSS), or other regulated data types described in Section 8 of our Terms of Service. Organizations with regulated-data obligations should use a purpose-built vendor.

Report a Concern

Email [email protected] with the subject line "Security Report" and we will respond as quickly as possible.