Yes — Xodo Sign is built with security at its core. Every document you send, sign, and store is protected by multiple layers of security to keep your data and your signers' data safe.
How Xodo Sign protects your data
- 256-bit HTTPS encryption — All data transmitted to and from Xodo Sign is encrypted using industry-standard HTTPS/TLS encryption.
- Encrypted document storage — Documents are encrypted at rest using unique hash keys, ensuring that only authorized parties can access them.
- Tamper-evident audit trail — Every action taken on a document — views, signatures, declines — is recorded in a timestamped audit log that is embedded in the completed document.
- Separate production environments — Production data is fully isolated and only accessible through secure production systems.
- Redundant data storage — Data is stored in multiple secure locations to ensure availability and prevent data loss.
Audit trail and document integrity
Every completed document includes a Certificate of Completion — a tamper-evident record that logs signer identities, IP addresses, timestamps, and the actions taken. This makes it easy to verify the authenticity of any signed document at any time.
To verify a signed document, see Verify the Authenticity of Signed Documents.
Is Xodo Sign compliant with data protection regulations?
Yes. Xodo Sign is designed to meet major data protection standards including GDPR compliance for EU-based users. Signatures created through Xodo Sign comply with eIDAS (EU), ESIGN (US), and UETA regulations.
For more information on legal compliance, see Is Xodo Sign Legally Binding?
Still have questions about security?
If you have specific security or compliance questions for your organization, please contact our Support team.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article