Data Security & Compliance

OptiSigns' AICPA SOC 2 Type II certification reflects our unwavering dedication to safeguarding customer and company data.

To view our SOC2 Report:
For existing customers please contact our Support team. For new customers, please contact our Sales team.

OptiSigns is AICPA SOC 2 Type II certified

Service Organization Controls
(SOC 2 Type II)

How we protect your security at OptiSigns

Security is built into every aspect of our product

Application Security

OptiSigns offers a secure solution to protect your data. We encrypt your data when using our application to ensure maximum protection.

Product Security

Our product design includes a range of security features such as role-based access controls, content permissions, and local folder encryption.

Infrastructure Security

We host our platform on the world's leading cloud infrastructure provider, giving you the flexibility to choose where your data is stored.

Operation Security

At OptiSigns, we take security seriously. Our team is dedicated to enforcing strict security practices and ensuring compliance with all relevant regulations.

Frequently Asked Questions

Do you host or store customer data in EU data centers?

For our enterprise plan, we offer a European-based data region to store your data. U.S. customers can also request that their data be stored in a U.S.-based data region only. Simply submit a request to our support team when creating a new account.

What is your PCI compliance status?

When you purchase a paid OptiSigns subscription, your credit card data is not transmitted through nor stored on our servers. Instead, we use Stripe, a company dedicated to handle payment services. Stripe is certified to PCI Service Provider Level 1, the most stringent level of certification available. Stripe’s security information is available on their website.

How do I report a security vulnerability?

When you purchase a paid OptiSigns subscription, we ensure the security of your credit card data by not transmitting or storing it on our servers. Instead, we rely on Stripe, a dedicated payment services company, to handle transactions. Stripe is certified to PCI Service Provider Level 1, which represents the highest level of certification available. You can find more information about Stripe's security on their website.

What is your policy for encrypted data?

We encrypt data in transit using the HTTPS protocol and SSL certificates. Data at rest is encrypted with either 256-bit AES-XTS or AWS KMS encryption.

What information you collect on users and what’s your privacy policy?

We collect user usage information to improve our product and services. For more information on what information is collected and how it is used, please refer to our Privacy Policy.