Back to SignAndGo

Data Sovereignty Commitment

Your data stays in Australia. We're committed to keeping your documents secure and local.

SignAndGo

Owned by NT Development Group

ABN 41 660 399 020

Tenancy 1 Suite I, 34 McLachlan Street Darwin NT 0800

info@signandgo.com.au

Where Your Data is Stored

  • Document files: Australian data centers
  • Database records: Australian servers
  • Backups: Australian-only regions
  • Audit trails: Australian infrastructure

What May Transit Internationally

  • Payment processing (Stripe) - PCI-compliant, encrypted
  • Email delivery (SendGrid) - Encrypted in transit
  • AI assistance features - Configurable

Note: Document content is never sent to these services. Only metadata (email addresses, payment info) is processed.

Our Infrastructure Commitment

1. Data Storage Location

SignAndGo is committed to storing all customer document data within Australian borders. Our primary infrastructure is hosted on Google Cloud Platform (GCP) in the australia-southeast1 (Sydney) region. This includes:

  • All uploaded documents (PDF, DOCX)
  • Signed and completed documents
  • Signature images and certificate data
  • Audit trail records and event logs
  • User and workspace data

2. Database Infrastructure

Our database systems are provisioned on Google Cloud Firestore, configured for the Australian region (australia-southeast1, Sydney). Document files are stored in Firebase Storage, also configured for the Sydney region. Database backups are stored within Australian data centers, ensuring your data never leaves the country even during disaster recovery scenarios.

3. Encryption Standards

All data is protected with industry-standard encryption:

  • At rest: AES-256 encryption for all stored documents and database records
  • In transit: TLS 1.3 encryption for all data transfers
  • Signing tokens: Cryptographically secure, one-time-use tokens for document access

4. Third-Party Services

Some ancillary services may process limited metadata through international infrastructure:

ServicePurposeData ProcessedSecurity
StripePayment processingBilling info onlyPCI DSS Level 1
SendGridEmail deliveryEmail addressesSOC 2 Type II
TwilioSMS notificationsPhone numbersSOC 2 Type II
Google GeminiAI chat support (optional)Chat messages onlySOC 2 Type II

Important: Document content (PDF files, signature images, form data) is never sent to these third-party services. They only receive the minimum metadata required for their specific function.

5. Compliance Framework

SignAndGo is designed to support compliance with:

  • Australian Privacy Act 1988 - Including Australian Privacy Principles (APPs)
  • APP 8 (Cross-border disclosure) - We minimize overseas data transfers
  • Electronic Transactions Act 1999 - Our signatures are legally binding
  • Real Estate industry requirements - Suitable for property transactions

6. Enterprise Data Residency Options

For enterprise clients with strict on-shore processing requirements, we offer:

  • Dedicated Australian-only infrastructure
  • Custom data processing agreements (DPA)
  • Audit and compliance reporting
  • Option to disable AI features that may use international APIs

Contact enterprise@signandgo.com.au to discuss your specific requirements.

7. Verification and Auditing

You can verify our data residency commitments through:

  • Request a data location certificate for your account
  • Access audit logs showing where your data is processed
  • Review our subprocessor list for complete transparency

Questions About Data Residency?

If you need specific information about where your data is stored or have compliance requirements we should know about, our team is here to help.

Contact UsSecurity Overview

Related Documents

Privacy PolicyTerms of ServiceSubprocessorsSecurity OverviewData Processing Addendum

Last updated: February 2026 | Version 2.0