↗ · Compliance & trust
Security & compliance
Last updated · 2026-04-17
Electronic signatures
Sign Sail captures signatures using a canvas-based input, stores them as PNG images, and attaches the following compliance data to every submission: signer IP address, user-agent string, UTC timestamp, a SHA-256 hash of the full submission payload, a frozen copy of the form schema at signing time, and an explicit consent record.
Together these meet the requirements of the US ESIGN Act, UETA (at the state level), eIDAS Simple Electronic Signature in the EU, and PIPEDA / provincial e-commerce acts in Canada.
Data in transit
Every request to Sign Sail is served over HTTPS (TLS 1.2 or higher), terminated at our reverse proxy with a Let's Encrypt certificate that auto-renews. Submission data, signature images, and PDFs never leave our infrastructure over an unencrypted connection.
Data at rest
Customer data is stored in a PostgreSQL database running on infrastructure we operate directly on servers located in Canada and the United States. Database files sit on an encrypted host volume. Uploaded files and generated PDFs are written to persistent storage whose host volume is encrypted at rest.
Authentication & access control
Passwords are never stored in plaintext. We hash them with bcrypt before the bytes ever reach disk. Every API route and server action that reads or mutates a form, submission, or file verifies the caller's session and checks ownership against the form owner's user ID before returning data. File uploads are served through an authenticated endpoint that accepts either the form owner's session or a per-recipient access token; signatures use a capability URL whose unguessable recipient UUID is the access secret.
Data retention
Free-tier submissions are retained for 90 days and then permanently deleted by an automated cleanup job that runs nightly. Pro submissions are retained for 365 days. Business keeps submissions indefinitely. You can manually delete any submission at any time from your responses dashboard, and you can export submissions as CSV, Excel, or PDF at any point before deletion on Pro and Business.
Audit trails & tamper evidence
Every signed submission generates a PDF with the full audit trail appended as the final page: capture timestamp, IP address, user-agent, consent record, and SHA-256 hash. The hash is computed over a canonical representation of the submission data and the frozen schema snapshot, so any modification to a submission after signing invalidates the hash, providing tamper evidence. Completed document envelopes are additionally sealed with a PAdEScryptographic signature, so any PDF reader can verify the file hasn't changed since completion.
Rate limiting & abuse
Public form submissions are rate-limited per IP and per form slug. Account sign-up, sign-in, and password-reset flows are rate-limited to blunt credential-stuffing and enumeration attacks. File uploads are capped at a plan-dependent size (10 MB on Pro, 25 MB on Business).
Reporting a vulnerability
If you believe you've found a security issue in Sign Sail, please email [email protected]. Include reproduction steps and, if relevant, a proof of concept. We'll acknowledge within two business days and keep you updated on the fix.