All user interactions with SigningHub are conducted over a secure TLS / SSL VPN with the highest security options enabled. All information is encrypted between the web-browser and web-server using AES 256-bit encryption to maintain information privacy. As soon as a document is uploaded to SigningHub it is AES-256 bit encrypted at the application layer before being stored in the database. This ensures that document encryption is not under the control of the database administrator. The decryption keys are not available to any user or operator and SigningHub ensures that only the document owner and any users they authorise can review the document.
When the document is shared for review and signature, the document does not leave SigningHub, instead users are notified via email. They use the service plan authentication method to access and view the document using the SigningHub secure document viewer.
The document owner can define the following rules and permissions either manually or by using a template:
Who can view the document and in which order, each user is authenticated before being shown the document as explained above
If the document is locked against further edits after signing
If a user can add comments to the document
If the legal notice should be shown before a user can sign
If an additional document access password must be entered a user to see the document
If the legal notice should be shown before a user can sign
The not before and not after date/time window during which the document is available to each user in the workflow.