Skip to content

SigID is in pre-launch. Pilot customers get direct engineering and security contact.

Join the pilot program→
SigID
PersonalBusiness
Use casesPricingTrust CenterDevelopersAbout
Sign inCreate free account
Sign in
SigID
PersonalBusiness

Navigation

Use casesPricingTrust CenterDevelopersAbout

Resources

BlogGlossaryAPI docsRoadmapComparisonCase studiesFAQ
Sprache
DSGVONIS2-readyEU-Datenresidenz

Account

Sign inCreate free account

Trust Center

Everything you want to know – black on white.

How we protect your data, which standards we meet, what's on the roadmap. Fully open, verifiable any time.

  • GDPR(Compliant)
  • NIS2 directive(Ready)
  • ISO 27001(Roadmap 2027)
  • SOC 2 Type II(Roadmap)
  • BSI C5(Target)

Standards and certifications

GDPR β€” Compliant

Processing under GDPR with data minimization. Data processing agreement and subprocessor list available.

NIS2 directive β€” Ready

Audit trail, incident response paths and 24/72-hour notification obligations supported.

ISO 27001 β€” Roadmap 2027

Information Security Management System under construction. Pre-audit planned for H2 2026.

SOC 2 Type II β€” Roadmap

SOC 2 audit planned after US market entry.

BSI C5 β€” Target

Cloud Computing Compliance Criteria Catalogue as a long-term target.

Security architecture

Passkeys instead of passwords

Authentication via FIDO2 and WebAuthn. TOTP as 2FA backup. No SMS-TAN as a high security level.

End-to-end encrypted Trust App signatures

Key material stays on the device. libsodium algorithms, no custom crypto.

Tenant isolation

Row Level Security in PostgreSQL plus application layer. Tenant IDs on every row.

Full audit trail

Append-only Audit Events. Audit-IDs for external re-verification.

Data minimization

Fingerprints instead of full documents. PDFs can be deleted after verification.

Hosting and EU data residency

SigID runs on Hetzner in Germany. Data and keys never leave the EU.

  • Enterprise customers get a dedicated tenant in the same EU region – on request as an individual contract.
  • Cloud hosted on Hetzner Online GmbH (data centers in Falkenstein and Nuremberg, Germany).
  • External cloud dependencies reduced to Stripe (billing) and KYC/KYB providers (phase 2).
  • No Google Fonts, no external analytics, no external CDNs.

Full audit trail

Append-only Audit Events. Audit-IDs for external re-verification.

Security architecture

Full audit trail

Append-only Audit Events. Audit-IDs for external re-verification.

Incident response

How SigID reacts to security incidents.

  • 24/7 monitoring with alerting on critical audit anomalies.
  • Customers are informed about incidents within 72 hours.
  • Root cause analysis and post-mortems published (anonymized).
  • security@sigid.de (RFC 9116 security.txt available).
SigID

Signed identity for trusted business

Product

  • Pricing
  • Comparison
  • Roadmap
  • Case studies

Company

  • About
  • Blog
  • FAQ
  • Contact

Legal

  • Security
  • Trust Center
  • Legal notice
  • Privacy
  • Terms
  • DSGVO
  • eIDAS-konform
  • NIS2-ready
  • EU-Datenresidenz
  • Made in Germany

Β© 2026 SigID β€” Trust for every action

SigID built in DACH.