Your documents are sensitive. Here's exactly how we protect them.
GoodSign is a SaaS platform which allows customers to send and receive documents for digital approval, including e-signatures. The GoodSign team is based in Auckland, New Zealand.
At a high-level summary:
Every document signed through GoodSign carries its own evidence of authenticity. This is what makes an e-signed document hold up if it is ever questioned.
A tamper-evident audit certificate is appended to every completed document. It records a full timeline of the signing event — when the document was created, when each invitation was sent, when signers were verified, and the exact time each field was signed or approved — with every entry stamped with a date and time.
For every signer we capture the information needed to attribute a signature to a person: their email, IP address, browser/device, and country. Where a sender requires it, signers are also verified by SMS one-time code before they can sign, and this verification is recorded on the audit certificate.
Senders can require additional proof of identity before a document can be signed:
When a document is completed it is permanently flattened, so signatures and form fields become part of the PDF itself. We also store an independent SHA-256 fingerprint of every finished document. This fingerprint is kept separately from the document and account — so it survives even if the document or account is later deleted — and exists for one purpose: to prove the document has not been altered.
Anyone holding a completed GoodSign document can confirm it is genuine at goodsign.io/verify. Upload the PDF and we re-compute its fingerprint and compare it against our records, confirming whether the document is authentic and unmodified.
For the legal standing of electronic signatures country-by-country (ESIGN, eIDAS, UETA and more), see Is an electronic signature legal?. For how we handle personal data, see our Privacy Policy.
Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
All GoodSign systems use the Zero Trust concept, all our system and procedures are cloud based with strong authentication.
GoodSign is hosted on DigitalOcean - SFO3 datacenter in San Francisco, USA. DigitalOcean maintains multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC type 1 and 2 reports. For more information about their certification and compliance, see DigitalOcean's certification and compliance reports.
Our databases use highly available managed storage. This multi node cluster based storage is resilient to single and multi-node failures. Automatic updates, daily point in time backups which allows us to restore to any single point in time over the last seven days. Fully automated fail-over and end to end security with LUKS and in transit SSL.
Storage is backed by Digital Ocean Block Storage Volumes. These volumes are encrypted and encrypted at rest using LUKS. Each volume is highly available and SSD backed. Volumes are built using Ceph, this technology is self healing and can handle the loss of an entire datacenter without data loss.
Our servers use a third party server management platform. This platform provides a strong layer of server and application hardening. Strong security configuration and access policies.
This allows us to easily rebuild and add severs to our cluster quickly through the admin platform in a scalable and repeatable manner.
All production servers are automatic patched by our server management platform.
All server access is via SSH.
Our server management platform provides realtime server monitoring, these include: server load, memory and disk usage. Notifications are triggered to our on-call engineer 24/7
Server changes are recorded to an immutable audit log
All our servers have their firewalls enabled, limiting access to only the essential ports.
We use Fail2Ban which will automatically block any IP that tries more than 5x to access a server over SSH.
All changes are made by our server configuration admin console. All changes are logged, access is restricted by 2FA security.
GoodSign uses unit testing and functional testing before each release. Releases cannot be made until all our unit tests have passed.
After each deployment, key flows are smoke-tested to confirm the release is healthy in production.
We use atomic deployments to make sure our application is updated instantly.
This process fully configures each code change with the correct libraries, and migrations. Once the code has been pulled from GIT, it is installed, automatic migrations are run and the directory is instantly symlinked into the live site with zero downtime or file/database inconsistencies.
In the event of an un-intended error, an atomic rollback can be performed to the previous release.
We use the Symfony framework, which provides numerous tools to correctly build fast and secure applications. We use the Symfony way of doing things vs building our own solution.
We use security auditing platform that checks the application installed libraries against a database of know security vulnerabilities.
Where possible, all javascript libraries are copied and served locally from our server. The only exception to this is our live help application and our web analytics solution.
GoodSign uses a Web Application Firewall (WAF) to block any suspicious requests. Our WAF has been configured using NGINX ModSecurity with OWASP ModSecurity Core Rule Set.
Our application is scanned regularly using an automated deep scanning tools that scans every page of the application for vulnerabilities, issues and misconfigurations. This tools scans for over 2000+ vulnerabilities, tests for the OWASP top 10 vulnerabilities. This system also tests for DNS for any misconfigurations including email SPF, DKIM. A scan report is available on request
GoodSign follows Secure Development best practices and follows the OWASP SDL guidelines.
We use Sentry to track production-level errors. This gives us an instant warning of any new bug, with clear detail on where it occurred and enough context to rectify the issue quickly.
All key application events are stored to our logging system.
GoodSign's TLS setup gets an overall score of A in the Qualys SSL Labs Test
GoodSign only supports strong HTTPS encryption in transit. HSTS is also enabled, this means once a client has connected via HTTPS a man in the middle HTTP downgrade attack is no longer possible.
Both our file storage and databases use strong LUKS encryption. File storage backups are also encrypted with LUKS, providing full encryption at rest for any sensitive data.
Our passwords are encoded and encrypted using industry recommended standards.
Our primary database uses a multi-node fault tolerant cluster approach. Each database is backed up daily.
All backups allow a point in time recovery for any time in the last 7 days.
Our server and server volumes are backed up 2x daily. Backups are held for 7 days.
All devices, laptops, phones, desktops are secured with biometric security where enabled. Longer passwords are used where possible, and strong passwords are required.
All devices have strong disk/storage encryption, remote locking and remote wipe. Staff must never copy production or confidential data to their device/computer.
We use cloud services for everything except our software development, this includes, email, customer support, testing, file storage and so on. Where possible we always enabled 2FA support to secure these accounts against intrusion.
All staff are required to sign a confidentiality agreement. This agreement has strong repercussions if this agreement is broken, including termination.
Only our senior engineers have server access and this is locked to their main computer. Access is logged and notified to our CTO via realtime SSH login notifications.
Our support team, may access your account and contents only to provide support or debug an issue you may have. All support incidents including access is logged.
Our staff have signed confidentially agreements where a violation could result in termination.
If you would like to disable this feature and lock your account from support access, please contact the support team and they can enable this feature.
We're happy to answer any questions about how we protect your data.
Contact Us →All-in-one for time, projects, invoices, quotes & expenses.
Try HeyGopher free →
All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..