Compliance
SOC 2 Compliance at SignatureAPI
SignatureAPI is SOC 2 Type II compliant with independently audited security controls
SignatureAPI is SOC 2 Type II compliant, with controls independently audited for design and operating effectiveness over time.
What is SOC 2 Type 2?
SOC 2 (System and Organization Controls 2) is a framework developed by the AICPA for managing customer data based on five “Trust Services Criteria” (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy.
A Type 2 report assesses how well these controls are implemented and operated over time. It’s widely used by companies that need to evaluate the reliability and security of third-party service providers, particularly those handling sensitive or regulated data.
Our Scope
Our SOC 2 Type 2 audit covers all five TSCs:
- Security – Protection against unauthorized access.
- Availability – System uptime and reliability.
- Processing Integrity – Accurate and timely system operations.
- Confidentiality – Protection of sensitive information.
- Privacy – Handling of personal data in accordance with privacy principles.
Get a copy of our SOC 2 Type 2 report
To request a copy of our SOC 2 Type 2 report, email support@signatureapi.com.
Data Processing Agreement (DPA)
If your organization requires a DPA, see our Data Processing Agreement. The DPA covers GDPR, CCPA, UK GDPR, and cross-border data transfers.