VaseSignby Stars in a Vase Digital Trust
FeaturesIndustriesAI reviewEvidenceFeature ShopPartnersTrust CenterConnect
✦ Sign For Free. Forever.
Sign inStart signing

Trust Center

Incident response

Reporting paths, severity handling, notification posture, evidence preservation, and customer coordination — consistent with contractual commitments.

  • Overview
  • Legal alignment
  • Signature levels
  • Evidence pack
  • Security
  • Privacy & POPIA
  • Subprocessors
  • Data residency
  • Data retention
  • Incident response
  • Availability
  • Enterprise assurance
  • Vulnerability disclosure
  • Contact
VaseSignby Stars in a Vase Digital Trust

VaseSign by Stars in a Vase Digital Trust helps teams prepare, review, send, sign, verify and evidence important documents with ECTA-aware workflows, POPIA-aligned controls where configured, and optional higher-assurance paths through configured providers.

Product

  • Features
  • AI document review
  • Evidence-backed signing
  • Feature Shop
  • Partner Network
  • Marketplace
  • Developers
  • Trust Center

Industries

  • Legal & conveyancing
  • Property & rentals
  • HR & onboarding
  • Banking & insurance
  • Government & SMEs

Company

  • About & trust
  • Contact
  • OEM partners
  • White label
  • Partner portal
  • Careers

Legal

  • Trust Center
  • Privacy Policy
  • Terms of Service
  • POPIA (Trust)
  • ECTA alignment

2026 Stars in a Vase Digital Trust. All rights reserved. | ✦ Sign For Free. Forever.

Built in South Africa|ECTA-aware · POPIA-aligned where configured

Reporting channel

Suspected security incidents affecting VaseSign production services should be reported promptly to security@vasesign.co.za with a concise description, timestamps, affected workspaces or correlation identifiers if known, and contact details for follow-up. Operational customer issues that are not security-sensitive may continue through normal support channels.

Severity levels

Events are triaged into operational severity bands — for example low (limited impact, contained), medium (customer-visible degradation without confirmed data exposure), high (significant impact or credible confidentiality breach), and critical (active exploitation or widespread compromise risk). Exact criteria and escalation ladders are maintained internally and aligned to enterprise playbooks under NDA where contracted.

Notification approach

VaseSign coordinates notifications with affected customers when incidents materially impact their data or service use. Timelines depend on incident facts, regulatory obligations, and the terms of your agreement — this public page does not create SLAs beyond those contracts. Regulators or data subjects may need separate notifications handled by the appropriate controller.

Evidence preservation

Logs, configuration snapshots, and forensic artefacts relevant to root-cause analysis are preserved according to legal and operational retention policies. Preservation balances integrity of investigation with minimisation — scope is reviewed with counsel when litigation or regulatory inquiry is anticipated.

Customer communication process

Customer security and administration contacts named in enterprise agreements receive structured updates for qualifying incidents: acknowledgement, intermediate findings, containment actions, and closure summaries where appropriate. VaseSign may convene a technical bridge with customer security teams for coordinated containment when integrations are implicated.

Coordinated vulnerability reports from researchers are handled under our Vulnerability disclosure policy.