Encryption at Zoho Sign

Encryption at Zoho Sign

Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can be understood only by the intended recipient. This is how encryption protects data from those who might want to steal it.

Encryption can be used in two situations:
  • Encryption in transit
  • Encryption at rest (EAR)

Encryption in transit

As the title suggests, this refers to the encryption done to data when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects it from man-in-the-middle attacks. Learn more.

Encryption at rest (EAR)

This refers to the encryption done to data when it is stored (not moving) — either on a disc, in a database, or on some other form of storage media. Encryption of data when it is stored on our servers, apart from encrypting it during transit, provides an even higher level of security. EAR protects the stored data in the unlikely scenario of a data leak due to server compromise or unauthorized access.

For EAR, encryption is done at the application layer using the military-grade AES-256 algorithm, which is a symmetric encryption algorithm that uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called the Data Encryption Key (DEK). The DEK is further encrypted using a Key Encryption Key (KEK), thus providing another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). Learn more.

What data do we encrypt in Zoho Sign?

The following user data is encrypted by Zoho Sign.

DataData source
Files and documents

Uploaded or imported by user/signer to:

  • Send for signatures
  • Sign themselves
  • Add bulk recipient list from CSV
  • Add document attachment when signing
  • Add signature/stamp image in user profile and when signing (see next row in table)
  • Add organization logo for custom branding
Signature and initial pattern

Added by users in their profile section and signers when signing documents through:

  • Given custom font styles
  • Hand-drawn pattern
  • Image upload (treated as a file)
E-signature legal disclosureCustomized by a user in the Legal disclosure section
Email templatesCustomized by user in the Email templates section
Document signing linkGenerated by the system when a document signature request is submitted to be sent to recipients

Full-disk Encryption

In addition to the afore-mentioned application layer encryption, we also provide full disk encryption in our EU, IN, and AU datacenters. Learn more.

Share this post : FacebookTwitter

Still can't find what you're looking for?

Write to us: support@zohosign.com