Security Overview

Security practices designed for modern contract work

Scriboflow protects contract work with secure account access, European infrastructure, encryption, activity logging, audit timelines, and transparent security practices.

Back to Trust Center View Legal & Policies

Security overview

Security at a glance

A concise view of the safeguards behind Scriboflow contract work.

European Hosting

Customer data is stored and processed in Europe, with primary infrastructure located in Frankfurt, Germany.

Account Protection

Scriboflow supports multi-factor authentication, email verification, and automatic session expiration after inactivity.

Contract Activity Logging

Important contract events are recorded through activity logs and audit timelines, including views, signing actions, timestamps, and IP tracking.

Data Protection

Contract data is protected with encryption in transit and at rest, supported by daily backups.

Account security

Access controls for protecting workspace and contract access.

Multi-factor authentication

Multi-factor authentication helps protect workspace access.

Email verification

Email verification helps confirm user access before contract work continues.

Automatic session expiration

Sessions expire automatically after inactivity.

Data protection

Safeguards for documents, metadata, and contract records.

Encryption

Contract data is encrypted in transit and at rest.

Daily backups

Daily backups support recovery planning for contract records.

European data residency

Customer data is stored and processed in Europe, with a primary region in Frankfurt, Germany.

Contract security

Contract security & audit trails

Visibility into important contract and signing events.

Audit timelines

Contract timelines record important events from creation through signing and completion.

Activity logs

Workspace and contract activity logs help show what happened and when.

IP tracking

IP tracking is recorded for important contract actions.

Evidence-ready records

Timestamps, signer activity, signature events, and full contract history stay visible.

Signing security

Signing flows are designed to make signer actions clear.

Secure signing links

Signers access requests through secure links sent for the contract flow.

Signing order

Signing order can guide parties through the expected signature sequence.

Signature consent

Checkbox consent and clear signer actions help document intent.

Identity-based signing

MitID and BankID identity-based signatures are supported through Idura.

Infrastructure

Scriboflow documents data residency and infrastructure providers without broad compliance claims.

Data Residency

Customer data is stored and processed in Europe, with primary infrastructure located in Frankfurt, Germany.

Infrastructure Providers

Supabase

Supports database and application infrastructure for Scriboflow.

Google Cloud

Supports document storage and processing infrastructure.

Vercel

Supports application hosting and delivery.

Compliance roadmap

Working toward stronger compliance

Scriboflow keeps compliance progress clear as the platform matures.

SOC 2 roadmap

Scriboflow is designed around industry-standard security practices and is actively working toward SOC 2 compliance as the platform grows.

Current focus

Near-term security and compliance work stays documented.

Security practices documented
Vendor and infrastructure choices reviewed
Audit trails and operational controls strengthened
Formal compliance work continues as Scriboflow matures

Security contact

Security questions?

If you have questions about Scriboflow security, privacy, or data handling, contact us.