Security & Compliance Statement

Effective Date: 1-Jul-2023

At ToSign, your data security and legal compliance are our top priorities. We apply industry best practices to ensure that your documents and personal information are always protected.

1. Data Encryption

• All data is encrypted in transit using TLS 1.2+ protocols.
• Data at rest is encrypted using AES-256 encryption on secure cloud infrastructure.

2. Data Hosting & Jurisdiction

All user data and signed documents are securely hosted on AWS servers located in Sydney, Australia. This ensures compliance with Australian data sovereignty and privacy laws.

3. Authentication & Access Control

• Access to the ToSign platform is secured by strong password enforcement and optional Multi-Factor Authentication (MFA).
• Document access is restricted to authorised users only via unique secure links or authenticated login.
• Audit trails are generated for all document interactions (view, sign, download).

4. Signature Compliance

ToSign is compliant with the Electronic Transactions Act 1999 (Cth), which recognises digital signatures as legally binding under Australian law. For international users, compliance with eIDAS (EU) or ESIGN/UETA (US) may also apply.

5. Operational Security

• Regular internal audits and penetration testing are conducted.
• Role-based access controls are enforced internally.
• All support and admin staff are trained in data privacy and secure handling procedures.

6. Document Retention & Deletion

Users can choose how long their documents are stored (e.g., 7 or 30 days). After expiration, documents are permanently and irreversibly deleted from our systems.

7. Incident Response

We maintain an incident response plan and will notify affected users promptly in the event of any data breach in accordance with the Notifiable Data Breaches (NDB) scheme under the Australian Privacy Act.

8. Contact & Reporting

For security inquiries or to report a vulnerability, please contact our security team:

Email: contact@tosign.com.au
Mail: Orange Digital AU Pty Ltd, Desertrose Crescent, Bridgeman Downs, 4035, QLD, Australia