Data security

What hashes and encryption are, and how we use them

Hashing

A hash is a data-fingerprint

We use hashing to verify that a document is exactly as it was when signed; its fingerprint hasn't changed

Signature added

Single Signature

We read the content of the document, including the signature image if it is a Single Signature, and generate a hash. This hash represents the document as it was when the signatory agreed to it and is saved in our database

Multiple Signatures

We read the content of the document and generate a hash. We also read the signature's image and generate a hash. These hashes represent the document and signature as they were when the signatory signed. The hashes are saved in the Form's Response Sheet as hidden metadata

Check validity

Single Signature

We read the content of whatever document is provided and generate a hash in the same way. If we have that exact hash on record, the document is an exact data match for a valid signed document

Multiple Signatures

We read the content of the document and signature image and generate hashes in the same way. We compare these to those stored when the signature was created, and can assess whether the document or signature are exact data matches

Uniqueness and security

Any change, no matter how insignificant, will result in a different hash. I.e., changing the case of a single character or pixel

We use HMAC SHA-256 which is widely regarded as absolutely secure

Encryption

For Single Signatures, we encrypt email addresses and store these with the hash for a completed signature

These email addresses are only decrypted when a matching hash is obtained - when the signed document is checked - and provided along with the time stamp to add credence to the verification

We use AES encryption, also used by the U.S. Government

General

A security system is only as good as the person behind it

Only the Director of Gigaccounting Ltd knows the secret keys and is able to access the database. There are no rogue employees to worry about


Transmission

Where data is transmitted, i.e. when you make a signature request, or where we provide verification, HTTPS is utilised. This is the same as credit card providers and online banking