Where is my data stored on eSignGlobal?

eSignGlobal operates data centers in Hong Kong (China), Singapore, and Frankfurt, Germany (EU). User data is stored in the data center corresponding to the location selected during registration.

How does eSignGlobal secure data transmission and storage?

All data transmitted over the Internet is protected using HTTPS encryption. Sensitive personal data stored in databases is encrypted using AES-256, with encryption keys securely managed through a Key Management Service (KMS).

How is access to contracts and sensitive information controlled?

eSignGlobal uses a Policy-Based Access Control (PBAC) mechanism to manage permissions, ensuring that personal data, contracts, seals, and signatures are accessed strictly within authorized scopes.

How does eSignGlobal protect personal data and privacy?

eSignGlobal collects only necessary information with user consent and follows data minimization principles. A designated Data Protection Officer (DPO) oversees personal data protection matters.

Does eSignGlobal conduct penetration testing and vulnerability management?

Security assessments are conducted regularly using automated tools. APIs undergo penetration testing before release, and all vulnerability remediation follows internal security standards.

How does eSignGlobal respond to security incidents?

eSignGlobal maintains a comprehensive security incident response framework with 24/7 monitoring to ensure timely detection and handling of security incidents.

Security & Compliance

Our mission is to provide foundational security for your products and data, making trust your most reliable asset.

Security

ISO 27001

As one of the world’s most authoritative and widely adopted standards for information security management, ISO/IEC 27001 is extensively implemented by governments and large enterprises to establish robust information security frameworks. eSignGlobal has successfully achieved ISO/IEC 27001 certification and has established a comprehensive information security management system covering people, processes, technology, and the entire data lifecycle, ensuring the ongoing protection of business operations and information assets.

ISO 27701

ISO/IEC 27701 is an internationally recognized extension standard for privacy information management, providing authoritative guidance for organizations to process personal data in compliance with global privacy requirements.eSignGlobal has obtained ISO/IEC 27701 certification, further strengthening its privacy governance capabilities on top of its information security management foundation and ensuring that personal data processing aligns with internationally recognized privacy regulations.

ISO 27018

As an international privacy protection standard specifically designed for public cloud environments, ISO/IEC 27018 sets enhanced requirements for data protection and transparency for cloud service providers. eSignGlobal has achieved ISO/IEC 27018 certification, ensuring that the processing of personal data in cloud environments meets internationally recognized high standards and further enhancing platform trustworthiness.

Security White Paper

Security: The Cornerstone of Digital Trust

Customer Payment Information

eSignGlobal entrusts all payment processing to secure. Our systems do not process, store, or transmit any payment card data.

Comprehensive Security Framework

The system encompasses mandatory two-factor authentication (2FA) and enforces complex password policies (including length and character composition requirements), providing dual-layered protection for account logins.

Identity Verification

To protect the contents of envelope, we enforce a multi-factor verification process. Available methods include Access Code, SMS OTP, Email OTP, Digital ID Authentication, and Identity Verification. Access is only granted after the recipient successfully completes at least one form of verification. This ensures that only authorized individuals can view the secured contents.

Privacy

Private Policy

eSignGlobal's Subprocessors

eSignGlobal partners with trusted third-party Subprocessors that have undergone rigorous security and due diligence reviews. A complete list of Subprocessors is available for review.

GDPR

eSignGlobal complies with GDPR data compliance requirements, including data auditing, privacy policy updates, and the establishment of compliance mechanisms, and can transfer relevant personal data for the necessary purposes of fulfilling contracts.

Compliance

21 CFR PART 11

eSignGlobal supports compliance with 21 CFR Part 11 for life sciences and regulated industry customers by providing robust controls for electronic records and electronic signatures, including access control, comprehensive audit trails, signature authenticity and binding, and data integrity protections.

Legality

Learn about eSignature use around the world

Global Compliance Legal Research

We conduct in-depth analysis of e-signature laws and regulations across global markets, systematically interpreting their core requirements for signing processes, identity verification, and document management. This provides you with clear and reliable legal compliance guidance for conducting business in different regions.

U.S. ESIGN Act and UETA

Our platform supports electronic signatures in accordance with the U.S. ESIGN Act and UETA, enabling legally binding agreements through clear signer intent, consent, and secure electronic records. Electronic documents signed on our platform are admissible and enforceable under U.S. law.

eIDAS

Our platform is designed to support eIDAS-compliant electronic signing workflows by integrating with over 50 trusted service providers (TSPs). It enables AES and QES through the use of qualified certificates and compliant trust services, allowing customers to implement electronic signatures that meet eIDAS requirements across the EU.

HIPPA

eSignGlobal supports HIPAA compliance for healthcare and health-related customers by providing security and privacy controls aligned with the HIPAA Security Rule, including access control, audit logging, encryption, and secure data transmission.

GDPR

21 CFR PART 11

Frequently Asked Questions

Can’t find what you’re looking for? Get in touch with us.