Support
Response times, contact channels, status, common gotchas, security disclosure.
Where to reach us
support@letssign.now — for everything that isn't an outage. Replies within one working day.
Status page
Real-time. Subscribe for incident emails.
Security disclosure
security@letssign.now — PGP key on request.
Response times
| Issue type | First response |
|---|---|
| API outage / signature delivery broken | Same business day |
| Bug report (non-blocking) | 1 working day |
| Feature request | 1 working day, with a "yes / on roadmap / no, here's why" |
| Pricing / sales | Same business day |
For Teams workspaces with a custom SLA, the agreed timing in your contract supersedes the table above.
Common gotchas
A grab-bag of "we've seen this before" — check before mailing support.
Email going to spam
The most likely cause is missing Resend DNS records on your
sending domain. Open the Resend dashboard for your domain → if it
shows "unverified" records, copy them into your DNS provider. We
include _spf.google.com in the SPF for your apex by default, but
the Resend DKIM CNAME has to be added per-domain.
"no_anchors_found" on a PDF that clearly has anchors
The marker has to live in the text layer — meaning the PDF was generated from text (HTML→PDF, LaTeX, Word). PDFs that are scanned images don't have a text layer. Our scanner only sees PDFs generated from text. Workarounds:
- OCR the PDF first (e.g. ocrmypdf), THEN POST it.
- Drop
placement="anchors"and passplacement="explicit"with hand-coded coordinates.
Tenant subdomain shows "powered by" but no logo
Set the workspace logo_url in Settings → Branding. Until then the
landing page falls back to the company's first letter at the
same hero scale.
idempotency_in_progress on a request you didn't retry
Two systems used the same Idempotency-Key — most often when an
async queue retries a job whose dispatching system already retried
it. Check both layers; the deeper one needs a fresh key per delivery.
"Will my documents survive losing my account?"
Server-written documents are envelope-encrypted at rest. If you permanently lose access to your account or workspace — deletion, payment lapse beyond the grace period, legal seizure, etc. — encrypted documents stored under that account may become unrecoverable. We can't decrypt them on behalf of an account we can no longer authenticate.
Mitigation: download local copies of documents you care about before any irrecoverable account action, and keep your audit-trail PDFs in your DMS. The full security model + the at-rest encryption specifics live at /docs/security.
tier_required when the workspace IS on Branded
Two possible causes:
- Monthly cap reached — Branded ships with a generous-but-not-
infinite cap. The error's
meta.capandmeta.usedfields spell out which. - Tier change in flight — Stripe webhook hasn't flipped the workspace yet. Wait 60s, retry; if it persists, mail support.
Security disclosure
If you've found something exploitable:
- Email security@letssign.now. PGP key on request.
- Include reproduction steps + impact assessment + your timezone.
- We acknowledge within 24 h, ship a fix or mitigation within 7 days for high-severity, 30 days for medium.
- We don't pay bug bounties (yet) but will publicly credit you on a researchers page if you want.
We disclose post-fix in the Changelog and via the status page. Customer notifications go out for any incident with data-handling implications.
Compliance + DPA
- Standard DPA on request.
- EU data residency by default; CH / UK / US available on Pro and
above (via the workspace
hosting_region). - GDPR Art. 13 disclosure surfaces in the email footer when your workspace address is set.
- ZertES + eIDAS-aligned PAdES-B with RFC 3161 trusted timestamps on every signed document.
Outage history
Live at /status. Past 90 days, component-level uptime + open incidents.