MusiSign Security
Musifacts Europe BV operates MusiSign with technical and organisational safeguards designed to protect Documents, accounts, audit evidence and signing workflows.
1. Infrastructure
Platform data is stored on internal servers located in Europe. Administrative access is intended to be limited to authorised personnel and protected through appropriate account and system controls.
2. Transport security
MusiSign should be accessed through HTTPS. Encrypted transport helps protect data in transit between Users, Recipients and the platform.
3. Access controls
Access to accounts, Organisations, Documents and administrative functions is controlled by authentication, authorisation and role-based permissions where applicable. Users are responsible for protecting credentials and limiting access to authorised persons. The platform supports email/password authentication and may support Google, Microsoft or OIDC sign-in when enabled.
4. Account security
Account security features may include secure session cookies, CSRF protection, revocable sessions, password hashing, authenticator-app 2FA, email-based 2FA for certain signing flows, passkeys and user security audit logs.
5. Audit and traceability
MusiSign records audit events and may apply unique identifiers, timestamps, envelope references, signature references, certificate-based PDF signatures and document verification markers to support traceability and evidential value.
6. Integrations and secrets
Optional integrations such as SMTP, S3-compatible storage, Stripe, PostHog, OAuth/OIDC, public API tokens and webhooks should be configured with least-privilege credentials and rotated when exposure is suspected.
7. Backups and continuity
Musifacts Europe BV may maintain backups and operational procedures intended to support continuity, recovery and integrity of Documents and platform data. Backup scope and retention may depend on the production configuration.
8. Limitations
No security programme can eliminate all risk. Users should report suspicious activity, unexpected emails, unauthorised access or potential vulnerabilities promptly.
9. Security contact
Security concerns may be reported to info@musisign.com.

