SignatureAPI is now SOC 2 Type II compliant across all five Trust Service Criteria. This milestone provides independent, audited assurance that our controls are not only designed correctly, but operating effectively over time. For customers building regulated products or selling into enterprise, it’s one less thing to review and one more box you can confidently check.
The Five Trust Service Criteria
SOC 2 Type II is issued against the Trust Service Criteria defined by the AICPA. SignatureAPI is compliant across all five:
- Security: Protects systems and data from unauthorized access.
- Availability: Ensures the platform is reliable and available for use as committed.
- Processing Integrity: Confirms that API operations and signing workflows run accurately and as intended.
- Confidentiality: Safeguards customer data from unauthorized disclosure.
- Privacy: Governs how personal data is collected, used, retained, and protected.
What This Means for You
Type II means an independent auditor examined our controls in practice, not just on paper, over an extended observation period. If your compliance, security, or procurement teams need to review our posture, you can request our report and share it as part of your own vendor assessments.
Learn more on our SOC 2 compliance page.
