Canada-hosted primary data
Dash Sign is designed around Canadian data residency for primary application data and document storage, with supporting vendors disclosed where they process limited operational data.
Security & Trust Overview
Evidence-backed signing infrastructure for Canadian professionals.
Dash Sign protects sensitive agreements with private document storage, permissioned signing workflows, completion evidence, and SOC 2-aligned controls. We are not claiming SOC 2 certification today; formal SOC 2 Type 1 can be scoped when a client or procurement process requires it.
Last updated: May 4, 2026
Audit-ready signing evidence
Completed agreements are supported by timestamped signing events, signer identity metadata, IP and device context, document status history, and completion records.
Private document access
Documents are stored privately and shared through permissioned workflows, app-level authorization, and time-limited access patterns wherever possible.
SOC 2-aligned operating posture
Dash Sign is built with controls that map toward SOC 2 readiness. Formal SOC 2 Type 1 certification can be scoped when required by a client or procurement process.
Control posture
Built for evidence, not empty badges.
The goal is simple: when a broker, accountant, lender, or operations team needs to prove what happened, Dash Sign should produce a clean record of who accessed, reviewed, signed, and completed the agreement.
No certification overclaim:Dash Sign should use language like "SOC 2-aligned", "audit-ready", and "security posture" unless a formal SOC 2 audit is completed.
Encrypted transport for app traffic and document access
Private storage buckets for original and completed PDFs
Role-based access boundaries for users, teams, templates, and settings
Signer event logging with timestamp, IP metadata, and user-agent context
Certificate/evidence package for completed documents
Short-lived signed URLs for sensitive file delivery where applicable
Database isolation controls and least-privilege access patterns
Operating procedures for monitoring, backups, and incident response
Retention defaults designed for professional and regulated workflows
Customer assurance
Answers for procurement and client due diligence.
Is Dash Sign SOC 2 certified?
Not currently. Dash Sign maintains SOC 2-aligned controls and can scope formal certification when a client, enterprise buyer, or procurement process requires it.
Can we review Dash Sign's security posture before signing?
Yes. Prospective customers can review this Security & Trust overview and request additional security details during demo or procurement conversations.
Where is data hosted?
Dash Sign is designed for Canadian professionals, with primary data and document storage configured for Canadian-hosted infrastructure. Some support services such as email, SMS, analytics, or error monitoring may process limited operational data outside Canada.
What evidence exists after a document is signed?
Dash Sign records signer activity, timestamps, status changes, IP/device context, and completion details so teams can answer client, lender, and compliance questions without hunting through inboxes.
Trust roadmap
We keep the MVP lean while preserving an enterprise path. Security controls continue to improve, but formal SOC 2 certification is scoped when client requirements make it commercially necessary.
01
Formal vendor-risk questionnaire package
02
Expanded admin audit-log export
03
Security incident and breach-response playbook
04
SOC 2 Type 1 readiness checklist and evidence binder
05
SOC 2 Type 1 certification if required by a signed client opportunity
Canada-focusedPrivate storageSigner metadataPermissioned accessLeast privilegeTimestamped records