Trust, built in from the first envelope
#1 on Product Hunt
Legally recognized in 55+ countries
Pillar 1: Security
Security that doesn't need a procurement cycle
Bank-level encryption, strict access controls, and infrastructure built so your security team can sign off in an afternoon, not six weeks.
Encryption
TLS 1.2+ in transit, AES-256 at rest.
AES-256 is the strongest encryption standard in common use, the same level trusted for classified government data. It sits well above what e-signature law actually requires, so your documents are protected far beyond the legal minimum.
EU data residency
All data is stored in EU data centers, AWS Paris with CDN in Stockholm. Your data never leaves the EU.
EU hosting is an advantage for US teams, not a hurdle. There's no US law requiring your data to stay on US soil, so storing it in the EU is fully compatible with ESIGN, UETA, and HIPAA. You simply get the stricter protections of GDPR and EU data law on top, a higher bar than the US baseline, at no extra cost to your own compliance.
Access control
Row-level security at the database layer, key-based API authentication, and document access limited to specific personnel only with explicit, account-level permission.
Tested defenses
Full-time penetration testers and code reviewers find vulnerabilities before they reach production. Incident response procedures are documented and tested regularly.
Recovery
Backups run every 60 seconds with point-in-time recovery, all encrypted and stored in the EU.
We run on AWS, which maintains SOC 2 Type II, ISO 27001, and HIPAA certifications for the underlying infrastructure.
Read the full security overview. Got security questions? security@firma.dev
Pillar 2: Compliance & Legality
Legality you can rely on
E-signature legality is binary. Either your signature holds up in your country or it doesn't. Firma.dev is built to support the frameworks that make signatures legally recognized in 55+ countries, including the EU, US, UK, LATAM, and most of APAC.
eIDAS (EU)
Simple and Advanced Electronic Signatures, including PAdES B-LTA.
ESIGN & UETA (US)
Built to support electronic signature validity across the United States.
UK eIDAS
Aligned for signatures used in the United Kingdom.
HIPAA
Runs on HIPAA-compliant AWS infrastructure, suitable for healthcare documents. BAA available on request.
Every signature ships with a tamper-evident audit trail and a certificate of completion.
A tamper-evident audit trail records who signed, when, and from where, then seals it cryptographically. If anyone alters the document afterward, the seal breaks, which is what makes a signature defensible in a dispute.
Explore e-signature legality by country here
Pillar 3: Privacy
Your data stays yours
You're the data controller. Firma.dev acts as your processor, stores everything in the EU, and backs it with a full Data Processing Agreement. We never sell your data.
Signer consent captured and recorded before any signature is applied.
We assist with Data Subject requests as required under GDPR
72-hour breach notification commitment
Take a look at our privacy policy or data processing agreement
Rated by the people who use it
David Lupton
Presidential Exteriors
Claude Ready
Their api integration made everything so easy, Claude was able to set the entire thing up in a half hour.
The price is silly good.
Yann Rainer
Founder, The Creators Base
A great solution for in-app e-signature!
For a SaaS product like ours, having a dependable signature solution is essential, and Firma.dev has been a solid partner in that part of the experience.
Yavuz M.
Accountant, Splendid Consulting Inc
Easy Setup, Fair Pricing, and Great API Access
The pricing is incredibly competitive, especially compared to other providers, and the value we receive is outstanding.
How Teams run firma.dev in production
I think within two days of just messing around with the API, I was able to set up everything.
Oscar Gatica, IT, MoXi®
Time to integrate
2 days
Sales calls
None
