BoopSign LogoBoopSign
Security & Compliance

Your Documents, Protected by Design

We protect documents from upload to signature and beyond — encryption, access controls, auditable trails, and compliance-ready policies.

TLS & AES-256Audit TrailsGDPR-ready
Need a Data Processing Agreement? Request a DPA

Encryption & Data Protection

We use industry-standard encryption and modern key management to keep documents private and tamper-evident.

In transit

All network traffic is protected with TLS 1.3. Uploads and downloads use short-lived signed URLs to reduce exposure.

At rest

Documents are stored encrypted using AES-256. Sensitive keys are managed using HSM-backed key management when available.

Tamper-evidence

Signed PDFs are created with tamper-evident markers; any post-sign modification invalidates the audit chain.

Access Control & Authentication

Control who can view, send, and sign documents. Authentication strength should match the risk of the transaction.

Authentication options

  • Email verification + click-to-sign (low risk)
  • SMS OTP or magic link (medium risk)
  • ID verification & MFA (high risk / regulated)
  • Enterprise SSO (SAML / OIDC) for teams

Link & Session Security

Every document link is signed and time-limited. Sessions use secure, rotating tokens (managed by Clerk or your auth provider) with short cookie lifetimes.

Storage & File Handling

Where files live, how long we keep them, and how we clean up expired artifacts.

Storage providers

Depending on your deployment: Convex Storage, AWS S3, or Google Cloud Storage with server-side encryption and restricted bucket policies.

Temporary URLs & uploads

Uploads use pre-signed URLs. Download URLs are short-lived and signed to prevent hotlinking and unauthorized access.

Retention & limits

Default retention: 90 days (configurable by plan). Example file size limits: Free 10MB / Pro 100MB — configurable per tenant.

Compliance & Legal

We design our processes to be compatible with major regulatory frameworks and to support enterprise requirements.

Data privacy

  • GDPR-ready: data subject rights supported (export, delete, rectification)
  • Privacy-by-design: minimal data collection
  • Data Processing Agreement (DPA) available on request

Standards & audits

  • Hosted on SOC 2 / ISO 27001-compliant cloud infrastructure (customers may request evidence)
  • Regular dependency scans, penetration tests and vulnerability management
  • eSignature compliance: designed to support ESIGN Act and eIDAS workflows

Transparency & Audit Trail

Every signing session creates a detailed, exportable audit record useful for disputes and compliance reviews.

What we log

  • Timestamps for every action
  • IP addresses and geolocation hints
  • Authentication method used and proof artifacts (when applicable)

Audit PDF

Export a human-readable audit PDF with the signed document and signing metadata for legal review or preservation.

Retention & exports

Admins can export signed artifacts and audit logs for e-discovery and legal purposes. Retention is configurable by plan and tenant policies.

Found a security issue?

We welcome responsible disclosure. Please email mkumar.react@gmail.com with details.

We aim to acknowledge reports within 48 hours and will coordinate fixes and disclosure timelines.

Security isn't a feature — it's our foundation.

Start a secure workflow for document signing and management with BoopSign.

Join freelancers & consultants who switched from DocuSign

Ready to Sign Contracts in 3 Minutes Instead of 3 Days?

Stop wasting time with complex e-signature tools. Join freelancers, consultants, and small businesses who chose the simple DocuSign alternative.

7-day free trial • No credit card required • No account needed for signers • Cancel anytime