Security Centre

Your documents are sensitive. Here's exactly how we protect them.

256-bit
Encryption
Zero Trust
Architecture
ISO 27001
Certified data centres
TLS A
Qualys SSL Labs

Security

GoodSign is a SaaS platform which allows customers to send and receive documents for digital approval, including e-signatures. The GoodSign team is based in Auckland, New Zealand.

Overview

At a high-level summary:

  • GoodSign has strong application, network and infrastructure-level security controls in place to ensure your data is safely stored and processed.
  • GoodSign serves multiple tenants from the same application codebase, but uses effective isolation techniques to keep tenant data separate.
  • GoodSign observes New Zealand privacy laws, which are broadly compatible with many other jurisdictions (for example, we support the rights of access and rectification for data subjects).
  • GoodSign is hosted on DigitalOcean, in SFO3 (San Francisco, USA), using VPC.

Document Integrity & Audit Trail

Every document signed through GoodSign carries its own evidence of authenticity. This is what makes an e-signed document hold up if it is ever questioned.

Audit Certificate

A tamper-evident audit certificate is appended to every completed document. It records a full timeline of the signing event — when the document was created, when each invitation was sent, when signers were verified, and the exact time each field was signed or approved — with every entry stamped with a date and time.

Signer Attribution

For every signer we capture the information needed to attribute a signature to a person: their email, IP address, browser/device, and country. Where a sender requires it, signers are also verified by SMS one-time code before they can sign, and this verification is recorded on the audit certificate.

Signer Authentication

Senders can require additional proof of identity before a document can be signed:

  • Email verification
  • SMS one-time codes

Tamper-Evident Sealing

When a document is completed it is permanently flattened, so signatures and form fields become part of the PDF itself. We also store an independent SHA-256 fingerprint of every finished document. This fingerprint is kept separately from the document and account — so it survives even if the document or account is later deleted — and exists for one purpose: to prove the document has not been altered.

Public Document Verification

Anyone holding a completed GoodSign document can confirm it is genuine at goodsign.io/verify. Upload the PDF and we re-compute its fingerprint and compare it against our records, confirming whether the document is authentic and unmodified.

For the legal standing of electronic signatures country-by-country (ESIGN, eIDAS, UETA and more), see Is an electronic signature legal?. For how we handle personal data, see our Privacy Policy.

Zero Trust

Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.

All GoodSign systems use the Zero Trust concept, all our system and procedures are cloud based with strong authentication.

Infrastructure Security

Datacenters

GoodSign is hosted on DigitalOcean - SFO3 datacenter in San Francisco, USA. DigitalOcean maintains multiple certifications for its data centres, including ISO 27001 compliance, PCI Certification, and SOC type 1 and 2 reports. For more information about their certification and compliance, see DigitalOcean's certification and compliance reports.

Availability and Resiliency

Our databases use highly available managed storage. This multi node cluster based storage is resilient to single and multi-node failures. Automatic updates, daily point in time backups which allows us to restore to any single point in time over the last seven days. Fully automated fail-over and end to end security with LUKS and in transit SSL.

Storage is backed by Digital Ocean Block Storage Volumes. These volumes are encrypted and encrypted at rest using LUKS. Each volume is highly available and SSD backed. Volumes are built using Ceph, this technology is self healing and can handle the loss of an entire datacenter without data loss.

Configuration Management

Our servers use a third party server management platform. This platform provides a strong layer of server and application hardening. Strong security configuration and access policies.

This allows us to easily rebuild and add severs to our cluster quickly through the admin platform in a scalable and repeatable manner.

Patching Policy

All production servers are automatic patched by our server management platform.

Server Authentication

All server access is via SSH.

  • SSH Passwords has been disabled.
  • Sever access is only by a pre-installed SSH key.
  • Login as root is disabled.
  • SSH access notifications are enabled for all SSH sessions and sent to team members in realtime.

Server Monitoring

Our server management platform provides realtime server monitoring, these include: server load, memory and disk usage. Notifications are triggered to our on-call engineer 24/7

Server changes are recorded to an immutable audit log

Server Security System

All our servers have their firewalls enabled, limiting access to only the essential ports.

We use Fail2Ban which will automatically block any IP that tries more than 5x to access a server over SSH.

Web Application Security

Change Management

All changes are made by our server configuration admin console. All changes are logged, access is restricted by 2FA security.

Testing & QA

GoodSign uses unit testing and functional testing before each release. Releases cannot be made until all our unit tests have passed.

After each deployment, key flows are smoke-tested to confirm the release is healthy in production.

Deployment

We use atomic deployments to make sure our application is updated instantly.

This process fully configures each code change with the correct libraries, and migrations. Once the code has been pulled from GIT, it is installed, automatic migrations are run and the directory is instantly symlinked into the live site with zero downtime or file/database inconsistencies.

In the event of an un-intended error, an atomic rollback can be performed to the previous release.

Framework Best Practices

We use the Symfony framework, which provides numerous tools to correctly build fast and secure applications. We use the Symfony way of doing things vs building our own solution.

External Library Vulnerabilities

We use security auditing platform that checks the application installed libraries against a database of know security vulnerabilities.

Javascript Libraries

Where possible, all javascript libraries are copied and served locally from our server. The only exception to this is our live help application and our web analytics solution.

Web Application Firewall

GoodSign uses a Web Application Firewall (WAF) to block any suspicious requests. Our WAF has been configured using NGINX ModSecurity with OWASP ModSecurity Core Rule Set.

Automated Scanning

Our application is scanned regularly using an automated deep scanning tools that scans every page of the application for vulnerabilities, issues and misconfigurations. This tools scans for over 2000+ vulnerabilities, tests for the OWASP top 10 vulnerabilities. This system also tests for DNS for any misconfigurations including email SPF, DKIM. A scan report is available on request

Application Development

GoodSign follows Secure Development best practices and follows the OWASP SDL guidelines.

Error tracking and Bug Reporting

We use Sentry to track production-level errors. This gives us an instant warning of any new bug, with clear detail on where it occurred and enough context to rectify the issue quickly.

Application Logging

All key application events are stored to our logging system.

HTTPS/TLS

GoodSign's TLS setup gets an overall score of A in the Qualys SSL Labs Test

  • we support forward secrecy, allow secure renegotiation, disallow downgrade attacks, have good protocol/preferred cypher suite settings etc.
  • All pages are secured by TLS/HTTPS.
  • HSTS is active on all headers preventing HTTP proxy attacks

Encryption In Transit

GoodSign only supports strong HTTPS encryption in transit. HSTS is also enabled, this means once a client has connected via HTTPS a man in the middle HTTP downgrade attack is no longer possible.

Encryption At Rest

Both our file storage and databases use strong LUKS encryption. File storage backups are also encrypted with LUKS, providing full encryption at rest for any sensitive data.

User Passwords

Our passwords are encoded and encrypted using industry recommended standards.

  • Minimum password length is 8 characters
  • Passwords are hashed and checked against the haveibeenpwned.com API database to see if this password has been revealed in any recent database leaks. Raw passwords are not actually sent, only cryptographic hashes.
  • Passwords encoding and decoding is managed by web framework.

Backups and Business Continuity

Database Backups

Our primary database uses a multi-node fault tolerant cluster approach. Each database is backed up daily.

Point In Time Recovery via Automated Backups

All backups allow a point in time recovery for any time in the last 7 days.

Other Backups

Our server and server volumes are backed up 2x daily. Backups are held for 7 days.

GoodSign Team

Staff Devices

All devices, laptops, phones, desktops are secured with biometric security where enabled. Longer passwords are used where possible, and strong passwords are required.

All devices have strong disk/storage encryption, remote locking and remote wipe. Staff must never copy production or confidential data to their device/computer.

Cloud Services

We use cloud services for everything except our software development, this includes, email, customer support, testing, file storage and so on. Where possible we always enabled 2FA support to secure these accounts against intrusion.

Confidentiality

All staff are required to sign a confidentiality agreement. This agreement has strong repercussions if this agreement is broken, including termination.

Server Access

Only our senior engineers have server access and this is locked to their main computer. Access is logged and notified to our CTO via realtime SSH login notifications.

Allowing the support team to access your GoodSign account

Our support team, may access your account and contents only to provide support or debug an issue you may have. All support incidents including access is logged.

Our staff have signed confidentially agreements where a violation could result in termination.

If you would like to disable this feature and lock your account from support access, please contact the support team and they can enable this feature.

Questions about security?

We're happy to answer any questions about how we protect your data.

Contact Us

Try HeyGopher — better time tracking for more billable hours.

All-in-one for time, projects, invoices, quotes & expenses.

Try HeyGopher free

All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..