Compliance posture
This is the page to read carefully if a procurement, audit, or DPIA process sent you here. We state what is in place, what is partially in place, and what is not yet in place — not the marketing version.
In place
RFC-conformant output. RFC 3161 timestamp tokens relayed by Sigill.ai from external TSAs, and PAdES/CAdES seals we produce locally, both verify against independent third-party tooling (OpenSSL for timestamps, Adobe Acrobat for PAdES, eIDAS DSS demo for qualified). The authoritative RFC texts that govern our code live in the source tree as source-of-truth references.
In place
EU data residency for evidence. Customer evidence records, signing keys, audit logs, and database backups reside in AWS
eu-north-1. The only cross-region call from the data plane is to AWS Cost Explorer (a global service routed through us-east-1) which carries internal billing aggregates — no customer data, audit record, hash, or signed document traverses that path. In place
Tenant isolation, defence in depth. Application-level authorisation, ORM-level tenant filters, and DTO-level capability boundaries are implemented and enforced together. Authorisation is resolved against the database on every protected request rather than from claims embedded in the bearer token.
In place
Transactional audit logging. Security-relevant actions are logged in the same database transaction as the action itself.
In place
GDPR / Schrems II posture. Sigill.ai is established in Norway (EEA) and runs its primary application data plane inside the EU. Sub-processors outside the EEA are limited to those listed at sub-processors; in every case the transfer either uses no personal data or relies on the Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable.
Partial
Bearer-token lifetime. Bearer tokens last 7 days. A demoted user keeps their old role claim until the token expires, but the application no longer reads the role from the token — it re-reads it from the database on every protected request. A refresh-token redesign that shortens the token lifetime itself is tracked as an open follow-up.
Partial
Public status page. A real-time, public status page is on the roadmap. Until then, incident updates are delivered through the support channel and to affected tenants by email.
Planned
ISO/IEC 27001 certification. Sigill.ai's controls draw on ISO 27001 and ETSI EN 319 401 as reference frameworks, but the platform is not yet certified.
By design
Hub architecture, by design. Sigill.ai is intentionally an aggregator of independent trust authorities, not a Trust Service Provider itself. Qualified timestamps are produced by partner QTSPs whose certificates appear on the EU LOTL and are relayed through us; qualified electronic seal certificates are issued by partner CAs after their own identity-proofing process under ETSI TS 119 461. We do not run a TSA or CA ourselves and have no plans to — the hub model is the product, not a stepping stone toward becoming a QTSP.
Planned
SOC 2 Type II. Not yet in scope. We do not claim it.