Last updated: May 20, 2026 ยท Beezifi Inc.
Security is foundational to Agreement. Legal documents and signatures are sensitive, and we take every measure to protect the confidentiality, integrity, and availability of your data. This page describes the technical and organizational controls we have in place.
Agreement uses a per-organization database model. Every workspace has its own isolated database with validated tenant identifiers checked on every request. There is no shared schema โ an error in one tenant context cannot expose another tenant's data.
All connections use TLS 1.2 or higher. HTTP Strict Transport Security (HSTS) is enforced, preventing downgrade attacks. Sensitive fields receive application-layer encryption before being written to the database. Backup snapshots are encrypted at rest.
Application servers and database servers operate on separate network segments. Database servers are not directly internet-accessible. The application process runs under a least-privilege account with no write access outside its designated directories.
Agreement enforces role-based permissions at every API endpoint. Users can only access documents and actions permitted by their assigned role within their organization. Cross-organization access is architecturally prevented.
All database queries use parameterized statements โ SQL injection is not possible. All HTML output is escaped to prevent XSS. File uploads are validated for type and scanned before storage. API inputs are validated against strict schemas with request body size limits.
Every HTTP response from Agreement includes:
Signed agreements are sealed with a tamper-evident audit trail. Each completion certificate includes the full chronological event log (views, signing actions, IP addresses, timestamps) and is cryptographically linked to the document content. Any post-signing modification to the document is detectable.
Agreement complies with the U.S. ESIGN Act and UETA, and produces basic electronic signatures under the EU eIDAS Regulation.
We maintain comprehensive, append-only audit logs for all user actions, administrative changes, and authentication events. Logs include timestamps, actor identity, IP address, and affected resources. These logs are retained for a minimum of 12 months and are accessible to organization administrators within the platform.
In the event of a confirmed security breach affecting your data, we commit to:
Security is a shared responsibility. We ask that you:
If you discover a security vulnerability in Agreement, please report it responsibly to security@beezifi.com. We acknowledge all reports within 2 business days and aim to resolve critical issues within 7 days. We do not pursue legal action against good-faith security researchers.
Beezifi Inc. Security Team
Email: security@beezifi.com
Privacy: privacy@beezifi.com