Here at Proposify, we understand how critical it is to protect your data and documents. Our team is dedicated to keeping them safe through continuous compliance efforts, ongoing audits, and 24/7 system monitoring to ensure we meet and exceed industry standards.
Proposify is committed to protecting our client’s data and privacy. That is why we maintain our GDPR compliance and enable our customers to set their own compliance preferences as a controller.
We take a holistic approach to ensure sensitive data is gathered and protected under these strict conditions. Proposify combines enterprise-level security features with comprehensive audits and has team members dedicated to compliance and data protection.
Proposify is SOC2 Type 2 certified to reflect our long-standing commitment to security. We have been audited against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Amazon Web Services is used for cloud hosting which upholds the highest security standards and makes significant investments to protect customers.
The certification effort was completed by the professional and independent third-party audit firm, 360 Advanced, Inc. We are happy to provide a report upon request.
Please reach out to firstname.lastname@example.org for further information and to access your copy of the report.
Proposify’s built-in electronic signature tool is legally binding, backed by world-class security, and compliant with the strict guidelines outlined in the Uniform Electronic Transactions Act (UETA, 1999), the Electronic Signatures in Global and National Commerce Act (ESIGN, 2000), and eIDAS (Regulation 910/2014/EC).
In order to meet these important industry standards, we authenticate signors and provide an audit trail associated with the document and each signature by:
Proposify has an uptime of 99.9 % or higher. If you wish to check the system status at any time, please visit https://status.proposify.com/ and subscribe for updates.
Should our systems require maintenance or a short downtime, clients will be provided with ample notice.
All our services are hardened using industry best practices and updated regularly with the latest security patches. Our service is isolated inside a Virtual Private Cloud and has been built with disaster recovery in mind.
All customer data is stored in Northern Virginia, USA.
We do not have individual datastores for each customer. However, strict privacy controls exist in our application code to ensure data privacy and prevent a customer from accessing another customer’s data. We have several unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code from being shipped to production.
Access to our hosting provider is secured with 2FA and employees are only given access to the environments they work with.
All systems are actively monitored to ensure uptime and performance metrics.
All critical systems are backed up nightly and stored off-site. Backups are tested and verified on a monthly basis.
All data sent to or from Proposify is encrypted using 256-bit bank-grade encryption (SHA-256 with RSA Encryption). Our API and application endpoints are TLS/SSL only.
Passwords are encrypted one way, we cannot decrypt them.
Using your Proposify account can only be done over HTTPS. Client previews are available over HTTP if you choose to use a custom domain.