Digital ContractsE-SignaturesTemplatesWorkflowsAnalyticsSecurity
Small BusinessMid-MarketEnterpriseSales TeamsLegal TeamsHR Teams
Guides & TutorialsTemplates LibraryHelp CenterAPI Reference
Google WorkspaceMicrosoft 365SalesforceHubSpotAll IntegrationsAPI & Webhooks
Pricing
Sign inGet Started

Security at Baseflow

Your contracts contain sensitive business information. We take security seriously and implement comprehensive measures to protect your data.

Last updated: February 1, 2026

Enterprise-Grade Security

Built from the ground up with security as a core principle.

Encryption at Rest & in Transit

All data is encrypted using AES-256 encryption at rest and TLS 1.3 for data in transit. Your contracts are protected with industry-leading encryption standards.

Secure Infrastructure

Our infrastructure is hosted on enterprise-grade cloud providers with SOC 2 Type II certification. We use redundant systems across multiple availability zones.

Access Controls

Role-based access control (RBAC) ensures users only access data they need. Multi-factor authentication (MFA) adds an extra layer of protection.

Audit Logging

Comprehensive audit logs track all system activities. Every document access, signature, and modification is recorded with timestamps and user details.

Data Backup & Recovery

Automated daily backups with point-in-time recovery. Your data is replicated across multiple geographic regions for disaster recovery.

Threat Detection

24/7 monitoring with advanced threat detection systems. Automated alerts and incident response procedures protect against security threats.

Our Security Approach

At Baseflow, security is not an afterthought—it's embedded in everything we do. From our development practices to our infrastructure choices, we prioritize the protection of your data at every level.

Data Protection

  • Encryption: All data is encrypted using AES-256 at rest and TLS 1.3 in transit.
  • Key Management: Encryption keys are managed using hardware security modules (HSMs) with regular rotation.
  • Data Isolation: Customer data is logically isolated to prevent unauthorized access between accounts.
  • Secure Deletion: When you delete data, it is securely purged from our systems.

Application Security

  • Secure Development: Our development follows OWASP guidelines and secure coding practices.
  • Code Reviews: All code changes undergo peer review and automated security scanning.
  • Penetration Testing: Regular third-party penetration tests identify and address vulnerabilities.
  • Bug Bounty: We maintain a responsible disclosure program for security researchers.

Authentication & Access

  • Multi-Factor Authentication: MFA available for all accounts, required for admin access.
  • Single Sign-On: Integration with enterprise identity providers (SAML 2.0, OAuth 2.0).
  • Session Management: Automatic session timeout and secure session handling.
  • Password Security: Strong password requirements with secure hashing (bcrypt).

Infrastructure Security

  • Cloud Infrastructure: Hosted on AWS/GCP with enterprise security certifications.
  • Network Security: WAF, DDoS protection, and network segmentation.
  • Monitoring: 24/7 security monitoring with automated threat detection.
  • Incident Response: Documented incident response procedures with regular drills.

Employee Security

  • Background Checks: All employees undergo background verification.
  • Security Training: Regular security awareness training for all staff.
  • Access Controls: Principle of least privilege for all system access.
  • Secure Workstations: Encrypted devices with endpoint protection.

Certifications & Compliance

We maintain industry-recognized certifications and comply with global regulations.

SOC 2 Type II

Certified

ISO 27001

In Progress

GDPR

Compliant

NDPR

Compliant

Responsible Disclosure

We value the security research community and welcome reports of potential vulnerabilities. If you discover a security issue, please report it responsibly.

Report a Vulnerability

Email us at [email protected] with details of the vulnerability. We commit to:

  • Acknowledge receipt within 24 hours
  • Provide regular updates on remediation progress
  • Not pursue legal action for good-faith reports
  • Recognize researchers in our security hall of fame

Business Continuity

We maintain comprehensive business continuity and disaster recovery plans to ensure your data remains available and protected.

99.9% Uptime SLA

Guaranteed availability for enterprise customers

Multi-Region Backup

Data replicated across geographic regions

Incident Response Team

Dedicated team available 24/7 for security incidents

Have Security Questions?

Our security team is here to help. Whether you need security documentation for your procurement process or have specific questions, we are ready to assist.

Contact Security TeamView Compliance

Related Policies

Privacy PolicyTerms of ServiceCookie PolicyCompliance