Security & Compliance

Compliance & Security
Built for Australia

SignAndGo meets Australian regulatory requirements across financial services, healthcare, legal, and government sectors. All data stays in Sydney.

Compliance Framework

Electronic Transactions Act 1999

Full compliance with the ETA and equivalent state legislation. Electronic signatures created with SignAndGo meet all validity requirements: consent, identification, intent, and reliability.

Australian Privacy Principles (APPs)

Compliant with all 13 APPs under the Privacy Act 1988. Data is collected only as needed, stored securely in Australia, and never sold or shared with third parties.

APRA-Ready

Designed to support APRA CPS 234 information security requirements. Australian data residency, encryption at rest and in transit, and comprehensive access controls.

ASIC Regulatory Requirements

Supports ASIC record-keeping requirements with immutable audit trails, document versioning, and long-term storage of signed agreements.

100% Australian Data Residency

Every byte of data is stored in Google Cloud's Sydney region (australia-southeast1). Documents, metadata, audit trails, and backups — everything stays on Australian soil.

Learn more about our data residency

Security Measures

Encryption

  • AES-256 encryption at rest
  • TLS 1.3 for data in transit
  • Document hash verification

Access Control

  • JWT-based authentication
  • Optional two-factor authentication
  • Role-based access control

Audit & Monitoring

  • Tamper-proof signing audit trails
  • IP and geolocation logging
  • Real-time email delivery tracking

Infrastructure

  • Google Cloud Platform (Sydney)
  • Automated backups
  • DDoS protection and rate limiting

Industry-Specific Compliance

Financial Services

APRA CPS 234 ready. Australian data residency meets prudential standards for banks, insurers, and super funds.

Healthcare

Supports My Health Records Act requirements. Patient consent forms, referrals, and agreements signed securely.

Legal

Court-admissible audit trails. ETA-compliant signatures for contracts, agreements, and legal correspondence.

Government

Meets government data sovereignty requirements. All data on Australian soil with no overseas subprocessors.

Third-Party Services

We carefully select service providers that support Australian data residency where possible.

Cloud InfrastructureGoogle Cloud (Sydney)
DatabaseMongoDB Atlas (Sydney)
Email DeliverySendGrid (with AU tracking)
PaymentsStripe (PCI DSS compliant)
AnalyticsPostHog (self-hosted proxy)
AI ProcessingGoogle Vertex AI (Sydney)

Compliance Without Compromise

Australian built, Australian hosted, Australian compliant. Start signing documents with confidence — 5 free envelopes, no credit card required.