Security & Compliance at eSignBase

eSignBase is designed for European businesses that require secure, compliant, and reliable electronic signatures. We follow established EU standards for data protection, cryptography, and electronic signatures to support legally valid signing workflows.

eIDAS (EU Regulation No 910/2014)

eSignBase supports Advanced Electronic Signatures (AES) as defined by eIDAS.

AES provides a high level of legal assurance and is suitable for most commercial and contractual use cases within the European Union.

Qualified Electronic Signatures (QES) are not supported and may be required for specific regulated use cases (e.g. certain public sector or notarial processes).

GDPR & data protection

eSignBase processes personal data in accordance with the General Data Protection Regulation (GDPR).

Key principles include:

  • Processing only data required for signature workflows
  • Clear separation of customer data
  • Configurable document retention
  • Data subject access and deletion on request

Digital Signatures & Cryptography

Signed documents are protected using industry-standard cryptographic mechanisms.

eSignBase embeds PAdES-compliant digital signatures directly into PDF documents, ensuring long-term verifiability.

Signature sealing is performed using an Advanced Electronic Seal (AES) certificate issued by SK ID Solutions, a qualified trust service provider under eIDAS.

Key Protection & Hardware Security

Private keys used for Advanced Electronic Seals are protected using hardware-backed cryptographic devices.

The signing key is non-exportable and stored in a secure cryptographic module, ensuring that private keys cannot be extracted or copied from the signing environment.

Access Control & Operational Security

  • Role-based access to internal systems
  • Encrypted connections (TLS) for all data in transit
  • Restricted access to production systems
  • Regular dependency and security updates

Audit Trails

Every signature process is recorded with:

  • Timestamps
  • Signer identity metadata
  • Document integrity checks

Audit information is embedded in or linked to the signed document to support legal verification.

Limitations & Scope

eSignBase is designed for commercial and contractual signing workflows. It is not intended for use cases that explicitly require Qualified Electronic Signatures (QES) or notarization unless otherwise stated.

Security Questions?

If you require additional information, documentation, or have security-related questions, please contact us at info@esignbase.com or via our contact form.