Reporting Security Events

If you see something, say something.

At HelloSign, we take security incidents seriously and you are our most important information security asset.  Reporting potential incidents or concerns is the ultimate protection against cybercrime, including fraud.

Reporting an issue with privacy

At HelloSign, we believe that you own your data, and we’re committed to keeping it private. Our privacy policy clearly describes how we handle and protect your information. On an annual basis, our independent third-party auditors test our privacy related controls and provide their reports and opinions which we can then provide to you.

If you need to submit a request with respect to privacy-related concern, please submit it to

Reporting a potential security incident

If you need to submit a potential security incident to HelloSign, please provide a summary report to the HelloSign Security Team as an attachment to The security team will evaluate the report and arrange to discuss specifics.

Reporting SPAM

If you click a phishing email, you’re going to have a hard time

If you think that you’ve received a fraudulent email pretending to come from HelloSign, send the email as an attachment to and delete it.

Signs of fraudulent emails and websites:

1. Fake links

  • Avoid fake links by accessing your documents directly from or by logging in.
  • For emails, always hover over the link using your cursor before you click on it.  The email status bar will show the intended destination. All links from Hellosign will redirect to, or

2. Fake sender email address

  • Fake emails may include a forged email address in the "From" field. This field is easily altered. If you don’t recognise the sender of a HelloSign envelope, contact the sender to verify the authenticity of the email.

3. Attachments

  • HelloSign email requests to sign a document never contain attachments of any kind. DO NOT open or click on attachments within an email requesting your signature.
  • Only after all parties have signed will HelloSign provide a PDF in email.  We do NOT send any other type of attachments.

4. False sense of urgency

  • We do not have the concept of urgency in our platform. As such, urgent requests are not valid.

5. Misspellings and bad grammar

  • Fake emails often contain misspellings, incorrect grammar, missing words and gaps in logic.

6. Unsafe sites

  • We only provide access via https.

7. Pop-up boxes

  • We do not use pop-ups as a part of our email notifications.