HelloSign understands the customers' concerns about compliance and has diligently built processes to make our service compliant with the standards which may govern your business.


The failure to adhere to information security standards is a risk no company should ever take. It may result in a range of costly penalties from civil fines to prosecution in criminal court. In some of the most extreme cases, the officers of a company that is non-compliant may even face prison time. At HelloSign, we understand the serious ramifications of non-compliance and have diligently built processes to make our service compliant with the standards that may govern your business.

Please contact us (via email: for access to our policies, procedures, audits and assessments. Additionally, you can obtain a copy of our information security whitepaper here.

HelloSign is compliant with the following:

  • SOC 2 Type II
  • ISO 27001
  • Our HelloSign and HelloWorks products are HIPAA compliant
  • The US ESIGN act of 2000
  • The Uniform Electronic Transactions Act (EUTA) of 1999
  • The eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), which replaces the former European EC/1999/93 Directive

Here’s a list of some of the many procedures we’ve put in place to meet compliance standards:

  • Information Security Policy
  • Acceptable Use Policy
  • Code of Conduct
  • Background checks for all employees
  • Endpoint encryption for all company owned/issued device
  • Release Management Procedure
  • Change Management Procedure
  • Release Notes
  • Access Provisioning, Termination, and User Access Review Procedure
  • Incident Response Plan
  • Business Continuity and Disaster Recovery Plan
  • Penetration Testing Program
  • Bug Bounty Program
  • Breach Notification Policy