Built for regulatory compliance

Insurance Signing meets legal and regulatory requirements for digital signatures, audit trails, and policy management.

Digital signature regulations

eIDAS (European Union)

Insurance Signing supports eIDAS-compliant signatures:

• Simple Electronic Signature (SES): Email verification + consent capture
• Advanced Electronic Signature (AES): Cryptographic signatures with identity verification
• Qualified Electronic Signature (QES): Integration with certified identity providers (optional)

All signature levels include complete audit trails and tamper-evident evidence chains.

ESIGN Act (United States)

Meets requirements under the Electronic Signatures in Global and National Commerce Act:

• Proof of signer's intent to sign
• Consent to do business electronically
• Association of signature with the record
• Retention of signed records

UETA (Uniform Electronic Transactions Act)

Complies with state-level electronic signature laws:

• Signature attributable to a person
• Record retention requirements
• Proof that record has not been altered

Insurance-specific compliance

Policy versioning and amendments

Regulations require that policy changes be documented and traceable:

• All versions preserved with timestamps
• Amendments linked to original policies
• Clear audit trail of who approved changes
• No silent edits — every change creates an event

Consent and disclosure

Insurance regulations require proof that policyholders understood what they signed:

• Record of document delivery (when sent, when opened)
• Tracking of review time (how long document was viewed)
• Explicit consent capture (checkbox + signature)
• Ability to request paper copies (if required by law)

Right to cancel / cooling-off period

Some insurance policies include a cancellation window:

• System can enforce cooling-off periods before policy activation
• Cancellation requests are documented with timestamps
• Revocation process preserves original policy and signatures

Data protection & privacy

GDPR (General Data Protection Regulation)

Insurance Signing is GDPR-compliant:

• Right to access: Signers can export all their data
• Right to erasure: Personal data can be anonymized (while preserving audit trail)
• Data minimization: Only necessary data is collected
• Consent: Explicit consent for data processing
• Breach notification: Automated alerts for security incidents

Data residency

For customers with data residency requirements:

• EU customers can store data in EU regions
• UK customers can use UK-only infrastructure
• Custom deployment options for regulated markets

Audit & evidence

Insurance Signing creates legally-admissible evidence:

• Immutable audit logs: Every signature event is permanent
• Cryptographic hashing: Proves document integrity (SHA-256)
• Timestamp authority: Optional integration with certified TSA for legal timestamps
• Court-ready exports: PDFs formatted for legal review

Archival & retention

Insurance policies often have multi-year retention requirements:

• Policies and signatures retained for configurable periods (e.g., 7 years post-expiry)
• Archived policies remain accessible and exportable
• Automated retention policy enforcement
• Deletion logs (when and why data was purged)

Security & infrastructure

Insurance Signing runs on SOC 2 Type II compliant infrastructure:

• Data encrypted at rest (AES-256) and in transit (TLS 1.3)
• Regular penetration testing
• Automated security patching
• Geographic redundancy and disaster recovery
• 99.9% uptime SLA (Enterprise plans)