background pattern
MusiSign Logo

MusiSign Security

Musifacts Europe BV operates MusiSign with technical and organisational safeguards designed to protect Documents, accounts, audit evidence and signing workflows.

1. Infrastructure

Platform data is stored on internal servers located in Europe. Administrative access is intended to be limited to authorised personnel and protected through appropriate account and system controls.

2. Transport security

MusiSign should be accessed through HTTPS. Encrypted transport helps protect data in transit between Users, Recipients and the platform.

3. Access controls

Access to accounts, Organisations, Documents and administrative functions is controlled by authentication, authorisation and role-based permissions where applicable. Users are responsible for protecting credentials and limiting access to authorised persons. The platform supports email/password authentication and may support Google, Microsoft or OIDC sign-in when enabled.

4. Account security

Account security features may include secure session cookies, CSRF protection, revocable sessions, password hashing, authenticator-app 2FA, email-based 2FA for certain signing flows, passkeys and user security audit logs.

5. Audit and traceability

MusiSign records audit events and may apply unique identifiers, timestamps, envelope references, signature references, certificate-based PDF signatures and document verification markers to support traceability and evidential value.

6. Integrations and secrets

Optional integrations such as SMTP, S3-compatible storage, Stripe, PostHog, OAuth/OIDC, public API tokens and webhooks should be configured with least-privilege credentials and rotated when exposure is suspected.

7. Backups and continuity

Musifacts Europe BV may maintain backups and operational procedures intended to support continuity, recovery and integrity of Documents and platform data. Backup scope and retention may depend on the production configuration.

8. Limitations

No security programme can eliminate all risk. Users should report suspicious activity, unexpected emails, unauthorised access or potential vulnerabilities promptly.

9. Security contact

Security concerns may be reported to info@musisign.com.

Security • Version 1.0 • Effective date: 4 July 2026 • Last updated: 4 July 2026

This legal page forms part of the MusiSign Legal & Compliance documentation.