Encryption at Zoho Sign
Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can be understood only by the intended recipient. This is how encryption protects data from those who might want to steal it.
- Encryption in transit
- Encryption at rest (EAR)
Encryption in transit
As the title suggests, this refers to the encryption done to data when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects it from man-in-the-middle attacks. Learn more.
Encryption at rest (EAR)
This refers to the encryption done to data when it is stored (not moving) — either on a disc, in a database, or on some other form of storage media. Encryption of data when it is stored on our servers, apart from encrypting it during transit, provides an even higher level of security. EAR protects the stored data in the unlikely scenario of a data leak due to server compromise or unauthorized access.
For EAR, encryption is done at the application layer using the military-grade AES-256 algorithm, which is a symmetric encryption algorithm that uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called the Data Encryption Key (DEK). The DEK is further encrypted using a Key Encryption Key (KEK), thus providing another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). Learn more.
What data do we encrypt in Zoho Sign?
The following user data is encrypted by Zoho Sign.
|Files and documents|
Uploaded or imported by user/signer to:
|Signature and initial pattern|
Added by users in their profile section and signers when signing documents through:
|E-signature legal disclosure||Customized by a user in the Legal disclosure section|
|Email templates||Customized by user in the Email templates section|
|Document signing link||Generated by the system when a document signature request is submitted to be sent to recipients|
In addition to the afore-mentioned application layer encryption, we also provide full disk encryption in our EU, IN, and AU datacenters. Learn more.