GetAccept Logo Icon
Start free trial Book a demo

Enterprise grade security & compliance

At GetAccept, security isn’t an afterthought—it’s built into the very core of our platform. We leverage industry-leading encryption, continuous monitoring and alerts, and proactive measures such as daily backups to protect your data at every stage.

Trusted by leading enterprises worldwide

Engie_Original-1 Samsung_Dark Puma_Dark Preem_Dark Siemens_Dark Chagebee_Dark

Overview

Comprehensive security & compliance at a glance

GetAccept delivers a complete security ecosystem engineered for today’s enterprise challenges. We meet and exceed global standards—from GDPR and SOC 2 to eIDAS—ensuring your sensitive data is secure, compliant, and always available.

Robust product security features

  • Granular user management

    Granular user management

    Control access at a granular level with role-based permissions that align with your internal security policies.

  • SCIM integration

    SCIM integration

    Streamline identity management across your IT ecosystem with automated user provisioning and deprovisioning.

  • Multifactor authentication

    Multifactor authentication

    Strengthen account security with MFA for both internal users and external recipients, adding a critical layer of protection.

  • Single Sign-On (SSO)

    Single Sign-On (SSO)

    Integrate seamlessly with all SSO providers thanks to our standard SAML connector —including Azure, Okta, OneLogin, and Google

  • Data retention

    Data retention

    Configure data policies to enforce compliance requirements, ensuring data is securely stored and timely deleted according to your policies

Every company has different security needs. Let's get specific!

GDPR & CCPA

GDPR / CCPA Compliance & privacy by design

Designed with a privacy-first approach, GetAccept ensures your data is processed and stored securely in full compliance with Europe’s GDPR and California's CCPA regulation. We enable you to manage consent, uphold data subjects’ rights, and implement robust data protection measures—all built into our platform by design.

eIDAS & UETA

Advanced and Qualified electronic signature support (AdES, QES)

Secure your digital signatures with GetAccept’s comprehensive eSignature solutions that fully adhere to the eIDAS regulation. Whether you need, basic, advanced or qualified electronic signatures, our platform ensures every signature is legally binding through multiple authentication options such as security questions, SMS verification, and eID-based authentication.

Platform security

Enterprise grade platform security and SOC 2 certified

GetAccept is built on a stable, redundant and scalable infrastructure and designed for 100% uptime. We have backups, full encryption and conduct yearly penetration tests to secure data against all possible threats.

  • ECDSA 256 & AES 256 Encryption
  • Carefully selected shortlist of data sub processors
  • SOC 2 Certification and rigorous yearly audit
  • Regular security training for our staff

Infrastructure and networking

At GetAccept, our systems run on updated Linux servers and hardened cloud services (e.g., Amazon RDS, S3). Our robust network delivers secure, reliable performance to meet enterprise demands.

Data storage and protection

We manage your document data across fortified locations. Every store is encrypted with AES-256 and protected by advanced key management to ensure confidentiality and integrity.

Controlled personnel access

GetAccept enforces strict access controls. Our teams receive only the permissions they need, minimizing risk and ensuring data interactions adhere to rigorous security protocols.

Segregated environments

Our production systems are isolated from corporate, QA, and development networks. This segregation reduces risk by ensuring each environment operates independently and securely.

Secure handling of payment data

For payments, GetAccept partners with trusted third-party providers. We never store or process sensitive card data, keeping transactions secure and fully compliant.

Continuous surveillance and alerts

We monitor all applications and infrastructure 24/7. Automated systems detect anomalies and escalate alerts to our on-call team for swift action on any security events.

High availability and backup procedures

We ensure constant service using auto-scaling, load balancing, and rolling deployments. Daily, encrypted database backups offer robust protection and reliable data recovery.

Rigorous security assessments

Our development cycle includes thorough security testing with advanced tools and scans. We proactively identify and resolve vulnerabilities before deploying new features.

Layered system architecture

GetAccept is built on a multi-tier design separating the front-end, logic, and database layers. This DMZ-like structure ensures each layer is independently secured.

Learn more about our security engagement

GetAccept | Our privacy policy

Our privacy policy

We take your safety seriously. Read GetAccept's privacy policy here! GetAccept helps clients close more deals by sending personalized content.

Read more
GetAccept | Data Processing Agreement

Data Processing Agreement

Explore our Data Processing Agreement to see how we securely handle, process, and protect your data with full transparency and strict compliance measures

Read more
Electronic eSignature Guide | GetAccept eSignature Hub

Electronic Signatures & eIDAS

What is an electronic signature? Learn how e-signatures work, why they’re secure and legal, and how they help you close deals faster.

Read more

General Data Protection Regulation, GDPR

GDPR is EU Regulation on data protection and privacy (personal data).

The regulation is implemented in all local privacy laws across the entire EU and EEA region. It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents. It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe.

What counts as personal data?

According to the GDPR directive, personal data is any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.

What does it mean?

GDPR contains several requirements that benefit consumers by requiring increased control and transparency related to the personal data collected by organizations. At the same time, there are significant fines for infringements - up to 4% of global revenue or a maximum of EUR 20 million. Important differences to the previous privacy policy are that it includes much stronger terms for consent and obligations for data processors and data collectors, where mandatory contract terms between the parties are required.

Privacy by Design

GetAccept is built from the ground up to incorporate the principles of data protection and privacy through design (Privacy by Design).

Your rights under GDPR

The right to access –this means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.

  • The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.
  • The right to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine readable format.
  • The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.
  • The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.
  • The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.
  • The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.
  • The right to be notified – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.

Data Processing Agreement (DPA)

The GDPR states specific demands for agreements between Data Controllers and their Data Processors that are used to process the personal data that they are in control of. These agreements are called Data Processing Agreements and should always be handled if data is shared with third parties. You can find GetAccepts standard DPA here.

Schrems II and the SCC

On 16 July 2020, the Court of Justice of the European Union (ECJ) in its case called “Schrems II”) changed the way data can be transferred to a third country outside of EU, invalidated the old EU-US Privacy Shield. The Commission’s Standard Contractual Clauses (SCC) are valid as a transfer mechanism but require additional security measures and transfer impact assessments (see below). GetAccept has the latest SCCs in place with all sub processors. For more detailed information on the latest initiatives and our view of the EU - US data transfer topic please contact us.

Transfer impact Assessment (TIA)

GetAccept has conducted Transfer Impact Assessment on its data transfers. For a copy of our Assessment please reach out to us on legal@getaccept.com.

Contact information

If you have any questions or suggestions regarding our policies or practices, please contact us at legal @getaccept.com. We are always happy to discuss!

Platform Security

GetAccept is built on a stable, redundant and scalable infrastructure and designed for 100% uptime. We have backups, full encryption and conduct yearly penetration tests to secure data against all possible threats. No system is better than the persons working on it and we provide regular security training to our staff and have among other things implemented a segregation of duties and least privilege access principles in the organization.

SOC2

System and Organization Control (SOC) 2 is a report based on the Auditing Standards Board of the American Institute of Certified Public Accountants' (AICPA) existing Trust Services Criteria (TSC). The purpose of the report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy.

GetAccept undergoes a yearly rigorous audit conducted by a reputable certified third party auditor to certify the GetAccept services against this standard. The audit firm evaluates if GetAccept compliance controls are designed appropriately and if they are effectively operational.

The latest SOC 2 type 2 report may be requested by reaching out to our support. Potential customers can reach out to sales for more information.

Encryption and additional security measures

We encrypt our data in transit using ECDSA 256 (a 3072bit equivalent SSL/TLS certificate) and we encrypt our data in rest using the industry-standard AES-256. Read more about GetAccepts additional security measures here.

Data Storage

GetAccept only uses trusted and a select few sub processors that stores data. The sub-processors are assessed continually. Read more about the sub processors in our DPA.

Privacy

In general, the Personal Information you provide to us is used to help us communicate with you better. GetAccept takes your privacy seriously and will never share your personal information with any third party other than what is stated in our privacy policy. Read more here Privacy Policy.

Electronic Signatures Laws and Standards

GetAccept provides you with a legally binding eSignature solution for your agreements and contracts. GetAccept complies with the requirements of the U.S. Electronic Signature in Global and National Commerce Act of 2000 (ESIGN), the Uniform Electronic Transactions Act (UETA), and the European Union eIDAS (EU No.910/2014) regarding electronic signatures and transmissions, which makes eSignatures fast, easy, and legally binding.

E-signature Law in the United States

GetAccept’s electronic signature solution in the United States complies with the definition of an electronic signature under the Electronic Signatures in Global and National Commerce (ESIGN) and the Uniform Electronic Transactions Act (UETA).

E-signature Law in the United Kingdom

In the United Kingdom, the equivalent legislation to the ESIGN Act in the United States is the Electronic Communications Act 2000. GetAccepts electronic signature solution complies with the definition of an electronic signature under this act.

E-signature Regulation in the European Union

In 2014, the European Parliament created a more uniform market for electronic transactions with the release of the EU Regulation No 910/2014 on electronic identification and trust services for electronic transactions in the internal market, also known as eIDAS. Electronic signatures are actively being used in Europe, and GetAccept’s eSignatures are compliant with eIDAS and EU electronic signature technical standards. You can read more about eIDAS below.

Signature authentication

GetAccept authenticates document signers so there is 100% transparency as to who is signing your documents. To protect all GetAccept user accounts, user information is transferred over 256-bit SSL encryption, including sensitive information like usernames and passwords. GetAccept also prevents others from accessing or using your account by imposing automated session time-outs and emailing you every time a contract is sent to, received by, or signed using an account.

Signature affixation

Each signature on a contract is imposed and affixed to the contract. GetAccept creates a comprehensive transaction trail between signing parties. To provide transaction history, we track and timestamp various information from the moment the document is submitted for signature to when it is completely signed and secured.

Full evidence log

A complete evidence log is a crucial factor to confirm when choosing an eSignature provider. Every send-out has a unique ID that reflects the contents of the document. GetAccept tracks the entire process and compiles it into a complete history of every action taken inside the document. Activities are marked with a trusted timestamp, email, IP number, and IP location.

Court-admissible transactions log 

GetAccept creates a comprehensive transaction trail between signing parties. In order to provide this transaction history, we track and timestamp various information from the moment the document is submitted for signature to when it is completely signed and secured, such as IP information and UserAgent information. To ensure against any tampering with your transaction log, the transaction log is secured with hashing technology. This audit trail gives you a full evidence log to bring to court should any conflicts arise.

 

Electronic signatures and eIDAS

eIDAS is an EU regulation on electronic identification and trust services for electronic transactions that applies as law within the whole of the EU.

Electronic Identification, Authentication and Trust Services (eIDAS)

The goal of the eIDAS regulation, which started in 2014, is to facilitate the flow of commerce in the EU through transparency, security, technical neutrality, cooperation, and interoperability. In pursuit of these values, eIDAS:

  • Standardizes the use of electronic identification (eID)
  • Defines a new class of “electronic trust services” (eTS)
  • Clarifies and ensures the legal validity of electronic signatures
  • Creates a European internal market within the EU for electronic trust services

Different levels of electronic signatures

The eIDAS regulation defines three types of electronic signatures: (Basic) Electronic Signature, Advanced Electronic Signature, and Qualified Electronic Signature. According to eIDAS, an electronic signature is defined as “data in electronic form which is attached to or logically associated with other data in electronic form and is used by the signatory to sign”.

Basic electronic signature

A basic electronic signature can be any kind of signature made in an electronic and digital environment, where the signatory has manifested their intent (e.g. by clicking a button or checking a box) to become bound by the contents of the document signed.

GetAccepts standard "click to sign" solution is considered a very strong Basic electronic signature and sufficient for most business agreements.

Advanced electronic signature (AdES)

According to eIDAS, an advanced electronic signature shall meet the following requirements:

  1. uniquely linked to and capable of identifying the signatory;
  2. created in a way that allows the signatory to retain control;
  3. linked to the document in a way that any subsequent change of the data is detectable.

These elements of unique identity, control, and integrity of the signed document can be achieved through different means. A recognized eID assures secure authentication of the signatory’s identity in the online environment.

GetAccept has multiple ways of creating a Advanced Electronic Signature, for instance with the use of a eID or MFA solution.

Qualified electronic signature (QES)

According to eIDAS, “‘qualified electronic signature’ means an advanced electronic signature that is created by a qualified electronic signature creation device, and is based on a qualified certificate for electronic signatures.” The use of Qualified Electronic Signatures includes an extra layer of assurance and trust that results in a special legal effect that shall be recognized by courts in the EU.

From a legal perspective QES should in EU be equivalent to a "wet ink" signature and the burden of proof in a court is on the challenger.

GetAccept has thru an external partnership the possibility to offer QES seamlessly integrated into the signing workflow in most European countries.  It should be noted that QES add a extra level of security but also complexity and cost to the signature flow.

Please contact us for more detailed information on QES.
contact__form-image}}

Get your security questions answered

Submit the form, and our team will reach out to discuss your security needs and ensure compliance for your business.