Help center
Security & legal

Is my data secure? Where is it stored?

TLS in transit, encrypted at rest, multi-tenant isolation enforced at the row-level. Currently US-region storage; GCC regions on roadmap.

2 min read

Transport

Every request to SahlSign is TLS 1.2+. HTTP traffic is redirected to HTTPS at the edge. Email transmission uses STARTTLS opportunistically (Resend handles the SMTP layer).

At-rest

  • Database (Neon Postgres) — encrypted at rest by the underlying cloud provider. Daily backups with point-in-time recovery
  • Document storage (S3) — encrypted at rest with SSE-S3 (AES-256). Object-level access policies prevent cross-tenant reads
  • Audit chain — hash-linked SHA-256 chain stored in the database with a Postgres rule preventing UPDATE / DELETE (immutability enforced at the DB level, not just the application layer)

Multi-tenant isolation

Every database query that returns tenant-scoped data carries a tenantId filter. Where the schema supports it, Row-Level Security policies enforce isolation at the database level — so even a buggy application query can't accidentally leak rows from another tenant.

The audit trail records every cross-tenant access attempt; we monitor these alerts in production.

Data residency

Currently: production deploys run in US regions (us-east-1 for S3, US Neon region for the DB). This is fine for most use cases but is a hard blocker for some GCC compliance regimes that require in-country data residency (Saudi PDPL, UAE DPL).

Roadmap: we're working on me-south-1 (Bahrain) and me-central-1 (Dubai) deploys for enterprise customers with explicit data-residency requirements. Contact us if this is blocking adoption — we can prioritize.

What we do NOT do

  • We do not train ML models on customer documents
  • We do not share documents with third parties beyond the email delivery provider (Resend) and timestamping authority (RFC 3161 TSA), both of which have signed DPAs with us
  • We do not retain documents after tenant account deletion (full purge within 30 days)

Reports / certifications

  • SOC 2 — not yet certified. On the roadmap; honest disclosure on our /compliance page
  • ISO 27001 — not yet certified
  • HIPAA — not currently supported (no BAA available)
  • UETA / ESIGN / eIDAS SES — fully compliant. See /compliance for the specific controls per regulation
Back to help center