What letssign.now is certified for, and what it isn't.
eIDAS (EU Regulation 910/2014)
Every signature we produce is an Advanced Electronic Signature (AdES) under eIDAS when SMS verification is enabled, and a Simple Electronic Signature (SES) by default. Both tiers are admissible as evidence in court across every EU member state. We do not currently issue Qualified Electronic Signatures (QES) under eIDAS — that requires a Qualified Trust Service Provider partnership, which we'll add when our customer mix demands it.
ZertES (Switzerland)
The Swiss federal e-signature law. Our PAdES-B envelope plus the RFC 3161 timestamp from an independent TSA satisfies the ZertES requirements for advanced electronic signatures, admissible in Swiss courts under Art. 14 OR.
UK ECA 2000
Under the Electronic Communications Act 2000, our signatures are admissible in English courts as evidence of intent and authenticity. The audit trail, IP + timestamp logs, and PAdES seal exceed the statutory baseline.
US ESIGN Act / UETA
United States federal (ESIGN) and state-level (UETA, adopted in 49 states) statutes make our signatures legally equivalent to handwritten ones for almost all commercial uses. ESIGN-exempt categories (wills, trusts, family law) are not currently supported — those require local notarisation.
SOC 2 / ISO 27001
We are not currently SOC 2 Type II or ISO 27001 certified — that's a deliberate scoping decision for an early-stage product. The underlying infrastructure (Vercel + Supabase) carries SOC 2 Type II and ISO 27001 certifications, and our code follows OWASP-aligned practices. Expected certification dates will be published here when committed.
GDPR & data residency
Region-pinned hosting (Frankfurt, Zürich, London, Virginia) means your documents and audit logs stay in the region you pick. No silent transfers. Our DPA is available on request — contact sales@letssign.now.
Have a question this page didn’t answer? Email sales@letssign.now — our DPA, security overview, and infosec answers are available on request.