Trust & Safety
Security at SafeToSign
You're trusting us with sensitive legal documents. Security isn't an afterthought — it's built into everything we do.
Data Encryption
In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3 — the latest industry standard. This covers document uploads, analysis results, account info, and payments.
At Rest
All stored data is encrypted using AES-256 — the same standard used by banks and government agencies worldwide.
Infrastructure Security
| Component | Provider | Security Features |
|---|---|---|
| Frontend | Vercel | DDoS protection, automatic HTTPS, edge network security |
| Backend | Render | Private networking, automatic security updates, isolated containers |
| Payments | Stripe | PCI DSS Level 1 certified — never touches our servers |
| AI Processing | Anthropic | Enterprise-grade security, no data retention for training |
AI Processing Security
You upload document → Encrypted connection to our servers
We extract text → Send to Anthropic Claude API (encrypted)
Claude analyses → Returns results (encrypted)
We display results → Stored in your private account
Original document → Automatically deleted within 24 hours
✅ Anthropic does NOT train their AI models on your documents, and does NOT store documents after processing. All API communication is encrypted.
Payment Security
We use Stripe for all payment processing — PCI DSS Level 1 Certified, the highest level of payment security certification.
- Your card details never touch our servers — processed directly by Stripe
- We only store the last 4 digits (for your reference) and a secure token
- All payment data encrypted end-to-end
Document Handling
| Stage | What Happens | Security |
|---|---|---|
| Upload | Document sent to server | TLS 1.3 encryption |
| Processing | Text extracted, sent to AI | Encrypted API, no persistent storage |
| Storage | Analysis results saved | AES-256, access controls |
| Deletion | Original document removed | Automatic within 24 hours |
| Your Control | Delete anytime from dashboard | Immediate removal from database |
Compliance
| Standard | Status | Scope |
|---|---|---|
| GDPR | ✅ Compliant | EU data protection |
| UK GDPR | ✅ Compliant | UK data protection |
| PCI DSS | ✅ Via Stripe | Payment security |
| SOC 2 | ✅ Via providers | Infrastructure security |
Vulnerability Disclosure
If you discover a security vulnerability, please do not publicly disclose it. Instead:
- Email us at security@safetosign.io with details
- We will acknowledge within 48 hours
- We will work with you to understand and fix the issue
- We appreciate responsible disclosure
Security Questions?
We take all security inquiries seriously and will respond promptly.
Done reading? Head back to SafeToSign.
← Back to Home