Skip to content

SigID is in pre-launch. Pilot customers get direct engineering and security contact.

Join the pilot program→
SigID
PersonalBusiness
Use casesPricingTrust CenterDevelopersAbout
Sign inCreate free account
Sign in
SigID
PersonalBusiness

Navigation

Use casesPricingTrust CenterDevelopersAbout

Resources

BlogGlossaryAPI docsRoadmapComparisonCase studiesFAQ
Sprache
DSGVONIS2-readyEU-Datenresidenz

Account

Sign inCreate free account
  • Trust Center
  • Compliance
  • Subprocessors
  • Audits
  • Infrastructure

Security

Protection that grows with you.

Confirm with fingerprint or Face ID – no more passwords. Every critical action gets proof. Security here isn't an add-on, it's the architecture.

Download audit whitepaperView Trust Center

Servers in Germany Β· Proven crypto library Β· Standard FIDO2

Security stack

How we secure it

Proven crypto. No home-grown stuff.

Three building blocks. Every critical action runs through them.

With fingerprint or Face ID

Your key sits in your device's secure element – it never leaves. No passwords to steal, no phishing risk. SMS-TAN never as a high security level.

Trust App with proof

Before you confirm an IBAN, admin role or API key, you see the amount, recipient and action. What you see is what you sign – tamper-proof.

An audit trail that can't lie

Every proof hangs on the previous one. Anyone trying to change something would have to recompute the whole chain – it shows immediately. Re-verification any time, even years later.

Threat model

Four steps against trust loss.

This is how every critical action runs at SigID β€” from identity anchor to audit-grade proof.

  1. 1

    Identity

    Person and device are bound via passkey. No shared secrets.

  2. 2

    Verify

    Action data (IBAN, amount, authorization) is checked and packaged into a Challenge.

  3. 3

    Sign

    Trust App signs the Challenge on the device β€” with dynamic linking to the concrete action data.

  4. 4

    Audit

    Signature is appended to the audit trail. Audit ID enables external re-verification, even years later.

Common questions

What security teams ask most often.

Five questions that come up in every pilot discussion β€” answered directly.

  • What happens if the passkey is lost?
    Recovery only works through the four-eyes principle β€” either a second authorized member of the organization or a pre-registered recovery contact. No email reset, no hotline.
  • How do we export audit data for financial audits?
    Via the API as a signed JSON or PDF with Audit IDs. External re-verification possible without SigID. Retention periods configurable.
  • Where is our data stored?
    Cloud variant: Hetzner Falkenstein and Nuremberg, Germany. Enterprise customers get a dedicated EU tenant in the same region. No customer plaintext leaves the EU without explicit consent.
  • How quickly are we informed about a security incident?
    24h first notice, 72h detailed report β€” per NIS2. Status page + email to all affected customers. Public post-mortem for SEV-1 within 14 days.

Audit whitepaper for your security review.

Threat model, crypto stack detail, SBOM and pen-test reports in one PDF. Prepared directly for CISO reviews.

Download audit whitepaperTalk to sales
  • DSGVO-konform
  • eIDAS-bereit
  • Made in Germany
SigID

Signed identity for trusted business

Product

  • Pricing
  • Comparison
  • Roadmap
  • Case studies

Company

  • About
  • Blog
  • FAQ
  • Contact

Legal

  • Security
  • Trust Center
  • Legal notice
  • Privacy
  • Terms
  • DSGVO
  • eIDAS-konform
  • NIS2-ready
  • EU-Datenresidenz
  • Made in Germany

Β© 2026 SigID β€” Trust for every action

SigID built in DACH.