Encryption at Zoho Sign
Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can be understood only by the intended recipient. This is how encryption protects data from those who might want to steal it.
- Encryption in transit
- Encryption at rest (EAR)
Encryption in transit
As the title suggests, this refers to the encryption done to data when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects it from man-in-the-middle attacks. Learn more.
Encryption at rest (EAR)
This refers to the encryption done to data when it is stored (not moving) — either on a disc, in a database, or on some other form of storage media. Encryption of data when it is stored on our servers, apart from encrypting it during transit, provides an even higher level of security. EAR protects the stored data in the unlikely scenario of a data leak due to server compromise or unauthorized access.
For EAR, encryption is done at the application layer using the military-grade AES-256 algorithm, which is a symmetric encryption algorithm that uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called the Data Encryption Key (DEK). The DEK is further encrypted using a Key Encryption Key (KEK), thus providing another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). Learn more.
What data do we encrypt in Zoho Sign?
The following user data is encrypted by Zoho Sign.
|Files and documents
Uploaded or imported by user/signer to:
|Signature and initial patterns
Added by users in their profile section and signers when signing documents through:
|Recipient notes and private messages
|Added by users when sending documents for signatures and creating templates
|E-signature legal disclosure
|Customized by organization administrators in the Legal disclosure section
|Customized by organization administrators in the Email templates section
|Signature certificate credentials
|Added and configured by users in the Integrations section for third-party providers
|Document signing links
|Generated by the system when a document signature request is submitted to be sent to recipients
|Signer field data
Added by signers when signing documents from:
In addition to the afore-mentioned application layer encryption, we also provide full disk encryption in our EU, IN, AU, and JP data centers. Learn more.