Compliance & Security

1. Security Certifications

BellaSign maintains the highest standards of security and compliance to protect your data and ensure the integrity of our services.

SOC 2 Type II Compliance

We are SOC 2 Type II compliant, demonstrating our commitment to security, availability, processing integrity, confidentiality, and privacy. Our controls are audited annually by independent third-party auditors.

• Comprehensive security controls and monitoring
• Regular penetration testing and vulnerability assessments
• Incident response and business continuity planning
• Employee security training and background checks

ISO 27001 Certification

Our information security management system is certified to ISO 27001 standards, ensuring systematic management of sensitive information and continuous improvement of our security posture.

2. Data Protection Compliance

GDPR Compliance

We are fully compliant with the General Data Protection Regulation (GDPR) for all users, regardless of location. Our GDPR compliance includes:

• Lawful basis for processing personal data
• Data subject rights implementation
• Privacy by design and by default
• Data Protection Impact Assessments (DPIAs)
• Appointed Data Protection Officer (DPO)
• Cross-border data transfer safeguards

CCPA Compliance

We comply with the California Consumer Privacy Act (CCPA) and provide California residents with specific rights regarding their personal information.

3. Electronic Signature Compliance

eIDAS Regulation

Our electronic signatures comply with the European Union's eIDAS regulation, providing legally binding signatures across all EU member states. We support:

• Simple Electronic Signatures (SES)
• Advanced Electronic Signatures (AdES)
• Qualified Electronic Signatures (QES) through certified partners
• Electronic seals and time stamps

ESIGN Act & UETA

In the United States, our electronic signatures are compliant with the Electronic Signatures in Global and National Commerce Act (ESIGN) and the Uniform Electronic Transactions Act (UETA).

4. Industry-Specific Compliance

HIPAA Compliance

For healthcare customers, we provide HIPAA-compliant solutions with Business Associate Agreements (BAAs) and additional security controls for protected health information (PHI).

Financial Services

We support financial services customers with compliance requirements including:

• PCI DSS for payment card data
• SOX compliance for public companies
• FFIEC guidelines for financial institutions
• Know Your Customer (KYC) and Anti-Money Laundering (AML) support

5. Email Service Provider Compliance

Our email infrastructure maintains strict compliance with major Email Service Providers (ESPs) including Amazon SES, SendGrid, and Mailgun:

• Bounce rates consistently below 5%
• Complaint rates maintained under 0.1%
• Proper email authentication (SPF, DKIM, DMARC)
• Real-time monitoring and alerting
• Automated suppression list management
• CAN-SPAM Act compliance

6. Environmental Compliance

As an eco-friendly platform, we are committed to environmental responsibility and sustainability:

• Carbon-neutral operations through renewable energy
• Green hosting with certified sustainable data centers
• Paperless operations and digital-first processes
• Environmental impact reporting and transparency
• Partnership with certified carbon offset programs

7. Audit and Monitoring

We maintain continuous monitoring and regular auditing of our compliance programs:

• Annual third-party security audits
• Quarterly compliance assessments
• Real-time security monitoring and alerting
• Regular employee training and certification
• Incident response and breach notification procedures

8. Contact Our Compliance Team

For questions about our compliance programs or to request compliance documentation: