Data Security & Compliance
OptiSigns' AICPA SOC 2 Type II certification reflects our unwavering dedication to safeguarding customer and company data.
Service Organization Controls
(SOC 2 Type II)
How we protect your security at OptiSigns
Security is built into every aspect of our product
OptiSigns offers a secure solution to protect your data. We encrypt your data when using our application to ensure maximum protection.
Our product design includes a range of security features such as role-based access controls, content permissions, and local folder encryption.
We host our platform on the world's leading cloud infrastructure provider, giving you the flexibility to choose where your data is stored.
At OptiSigns, we take security seriously. Our team is dedicated to enforcing strict security practices and ensuring compliance with all relevant regulations.
Frequently Asked Questions
Do you host or store customer data in EU data centers?
For our enterprise plan, we offer a European-based data region to store your data. U.S. customers can also request that their data be stored in a U.S.-based data region only. Simply submit a request to our support team when creating a new account.
What is your PCI compliance status?
When you purchase a paid OptiSigns subscription, your credit card data is not transmitted through nor stored on our servers. Instead, we use Stripe, a company dedicated to handle payment services. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available on their website.
How do I report a security vulnerability?
When you purchase a paid OptiSigns subscription, we ensure the security of your credit card data by not transmitting or storing it on our servers. Instead, we rely on Stripe, a dedicated payment services company, to handle transactions. Stripe is certified to PCI Service Provider Level 1, which represents the highest level of certification available. You can find more information about Stripe's security on their website.
What is your policy for encrypted data?
We encrypt data in transit using the HTTPS protocol and SSL certificates. Data at rest is encrypted with either 256-bit AES-XTS or AWS KMS encryption.