VaseSignby Stars in a Vase Digital Trust
FeaturesIndustriesAI reviewEvidenceFeature ShopPartnersTrust CenterConnect
✦ Sign For Free. Forever.
Sign inStart signing

Trust Center

Security architecture

Encryption, access control, MFA/SSO options, tenant isolation, audit logging, secret handling, vulnerability management, backups, and secure development practices — as implemented for your deployment tier.

  • Overview
  • Legal alignment
  • Signature levels
  • Evidence pack
  • Security
  • Privacy & POPIA
  • Subprocessors
  • Data residency
  • Data retention
  • Incident response
  • Availability
  • Enterprise assurance
  • Vulnerability disclosure
  • Contact
VaseSignby Stars in a Vase Digital Trust

VaseSign by Stars in a Vase Digital Trust helps teams prepare, review, send, sign, verify and evidence important documents with ECTA-aware workflows, POPIA-aligned controls where configured, and optional higher-assurance paths through configured providers.

Product

  • Features
  • AI document review
  • Evidence-backed signing
  • Feature Shop
  • Partner Network
  • Marketplace
  • Developers
  • Trust Center

Industries

  • Legal & conveyancing
  • Property & rentals
  • HR & onboarding
  • Banking & insurance
  • Government & SMEs

Company

  • About & trust
  • Contact
  • OEM partners
  • White label
  • Partner portal
  • Careers

Legal

  • Trust Center
  • Privacy Policy
  • Terms of Service
  • POPIA (Trust)
  • ECTA alignment

2026 Stars in a Vase Digital Trust. All rights reserved. | ✦ Sign For Free. Forever.

Built in South Africa|ECTA-aware · POPIA-aligned where configured

VaseSign's security posture combines platform controls and how your organisation configures identity, integrations, and data flows. This overview describes practices commonly applied in production deployments; exact measures are confirmed during enterprise diligence and may vary by tier or hosting choice.

Encryption in transit and at rest

Traffic between clients and VaseSign uses modern TLS configurations appropriate to the deployment edge. Data at rest relies on provider-managed encryption for underlying storage where enabled; customer-managed keys may apply in dedicated arrangements described under contract.

Role-based access control (RBAC)

Organisations assign roles and permissions so users access only documents and administrative functions required for their duties. Administrative actions are restricted to authorised operators according to internal VaseSign access policies.

MFA and SSO where configured

Multi-factor authentication and single sign-on integrate with your identity provider when enabled. Password-only access remains subject to your organisation's password policy and risk appetite.

Audit logging

Security-relevant events — including authentication, administrative changes, and sensitive document actions where instrumented — are recorded for operational investigation and customer export where the product supports it. Log retention follows deployment configuration and applicable agreements.

Tenant isolation

Customer data is partitioned logically so one tenant cannot access another's envelopes under normal operation. Cross-tenant access requires deliberate super-administrative tooling governed by policy and audit.

Secret management

API keys, signing secrets for webhooks, and integration credentials are stored using managed secret mechanisms rather than embedded in source code. Rotation and distribution follow operational procedures reviewed during enterprise assurance.

Vulnerability management

Dependencies and infrastructure components are monitored for known vulnerabilities; patches are prioritised by severity and exploitability. External researchers may report issues through the coordinated disclosure channel — see Vulnerability disclosure.

Backups and recovery

Production data is backed up according to operational objectives for the deployment tier. Recovery time and recovery point objectives are discussed with enterprise customers under NDA rather than asserted generically on this page.

Secure software development lifecycle

Changes flow through code review, automated checks where configured, and controlled releases. Production access is limited and monitored; separation between development and production environments reduces accidental exposure.

VaseSign avoids substituting marketing superlatives for evidence. Reviews should validate configuration for your workspace, identity integration, and subprocessors — see Subprocessors and Enterprise assurance.