Security & Trust

Use Countersign in a browser.
No app download required, even on your phone.

Trust manifesto

We at Countersign hold ourselves to the highest industry standards and practices and fall several notches above. Whenever there is a protocol or industry standard available, we follow it. We treat every code and security review as an opportunity to surpass what is required of us. We work to earn your trust and maintain it. This is what it means to be state of the art.

To sign is to put pen to paper.
To Countersign is to execute with confidence and security.

Storage and Encryption

  • AES 256-bit encryption
  • Data access and transfer on HTTPS, TLS/SSL protocols via HSTS
  • Encrypted archival of documents with strict internal access control by core security team
  • Digital audit trail, with a checksum for document version comparison

Infrastructure

  • User authentication via Google Cloud (Firebase)
  • Data are stored in ISO 27001-compliant and SOC-audited centers
  • GDPR-compliant (non-personal) analytics on Countersign website and platform
  • All payments are PCI-compliant through Stripe, no cardholder data on our servers

Compliance

  • Documents with both name and signature qualify as Advanced Electronic Signature (AdES) under the EU eIDAS framework
  • GDPR-compliant (non-personal) analytics on Countersign platform
  • Countersign works with SOC 2 and ISO-20017 vendors

Audit Trail

  • Digital audit trail, with a checksum for document version comparison
  • Non-repudiation for all Countersign-executed signatures
  • Unalterable, systematic capture of signing data in ledger

Risk and Vulnerability

  • Rigorous, regular code review that adheres to OWASP’s best practices
  • First aid response by our core security team at security@countersign.com
  • Debugging with ISO 27001-compliant Sentry
  • Quarterly (minimum) sub-processor review

Configurable security

Take extra measures to protect what’s valuable:

  • 2FA and multi-factor authentication for stricter authN practices per your organization’s needs
  • Role-based access control (RBAC) for authZ that adjusts to your team’s configuration

Go digital with Countersign

Your first 8 docs are on us!

Sign Up for a Free Account