Encryption at Zoho Sign

Encryption is primarily used to safeguard the contents of a message so that only the intended recipient can read it. This is done by replacing the contents with unrecognizable data, which can be understood only by the intended recipient. This is how encryption protects data from those who might want to steal it.

Encryption can be used in two situations:
  • Encryption in transit
  • Encryption at rest (EAR)

Encryption in transit

As the title suggests, this refers to the encryption done to data when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects it from man-in-the-middle attacks. Learn more.

Encryption at rest (EAR)

This refers to the encryption done to data when it is stored (not moving) — either on a disc, in a database, or on some other form of storage media. Encryption of data when it is stored on our servers, apart from encrypting it during transit, provides an even higher level of security. EAR protects the stored data in the unlikely scenario of a data leak due to server compromise or unauthorized access.

For EAR, encryption is done at the application layer using the military-grade AES-256 algorithm, which is a symmetric encryption algorithm that uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called the Data Encryption Key (DEK). The DEK is further encrypted using a Key Encryption Key (KEK), thus providing another layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). Learn more.

What data do we encrypt in Zoho Sign?

The following user data is encrypted by Zoho Sign.

DataData source
Files and documents

Uploaded or imported by user/signer to:

  • Send for signatures
  • Sign themselves
  • Add bulk recipient list from CSV
  • Create templates
  • Add images and document attachments when signing
  • Add signature, initial, and stamp image in user profile and when signing
  • Add organization logo for custom branding
  • Add images to email templates for custom branding 
Signature and initial patterns

Added by users in their profile section and signers when signing documents through:

  • Given custom font styles
  • Hand-drawn patterns
  • Image uploads
Recipient notes and private messagesAdded by users when sending documents for signatures and creating templates
E-signature legal disclosureCustomized by organization administrators in the Legal disclosure section
Email templatesCustomized by organization administrators in the Email templates section
Signature certificate credentialsAdded and configured by users in the Integrations section for third-party providers
Document signing linksGenerated by the system when a document signature request is submitted to be sent to recipients
Signer field data 

Added by signers when signing documents from:

  • Signing link received via email
  • Zoho Sign dashboard
  • SignForms
  • Device passed by in-person host 

Full-disk Encryption

In addition to the afore-mentioned application layer encryption, we also provide full disk encryption in our EU, IN, AU, and JP data centers. Learn more.