Identity & access (operator)
RBAC across roles and orgs. SSO (SAML/OIDC) and SCIM are available on Enterprise. Production-side admin auth is JWT-based with refresh-token rotation and password-reset flow.
MeldSign
Security & compliance
Audit, evidence, and governance — shipped, not slogans.
This page describes the security and compliance posture you can rely on today. It is intentionally conservative: if a capability is not shipped or not activated, it is not represented as if it were.
What ships today
Six pillars of the posture.
Identity & access (signer)
Magic-link signing is the default and always available. Google sign-in and passkeys are optional convenience for signers — they never replace the underlying token-bound authority.
Audit chain
Every document carries a tamper-evident audit chain (sequence, previousHash, eventHash). Payout, negotiation, drafting, federation, and operator-recommendation actions all write canonical audit events.
Evidence & exports
Signed evidence bundles per document. SOC 2-friendly compliance bundle export aligned to common control sections. Retention policies are configurable on Enterprise.
Governance
Org-scoped settings, RBAC, retention substrate, partner/multi-org controls, and trust/compliance export surfaces. Multi-tenant by design — no shared-state surprises.
Bounded AI
Inference suggestions are advisory. Soft-agency is opt-in, narrow, and undoable. The Investigation Copilot runs named diagnostic playbooks against real platform data and audits every run. No autonomous contract editing.
Careful wording
What we will say in security review.
These are the exact framings we are comfortable defending. Anything we will not say is just as important as what we will.
SOC 2
We will say: MeldSign ships a SOC 2-friendly evidence bundle aligned to common control sections. The platform supports security review and audit preparation with built-in evidence exports.
We will not say: MeldSign is not currently advertised as SOC 2 certified. A formal attestation, if/when completed, will be communicated separately.
eIDAS / qualified signatures
We will say: Standard electronic signatures are generally available today. Advanced and qualified signature delivery (QTSP-backed AES/QES) is available as an enterprise activation track once QTSP prerequisites are funded.
We will not say: MeldSign does not deliver QTSP-backed qualified signatures by default; that work runs under an explicit external trust activation track.
BYO-KMS
We will say: Customer-managed KMS support is offered as an enterprise activation track. The posture and configuration substrate exist in the platform; customer-specific execution requires funded prerequisites.
We will not say: MeldSign does not support customer-managed keys as a default plan feature.
AI
We will say: AI and inference surfaces are advisory, review-required, and audit-aware. Bounded soft-agency is opt-in, narrow, and undoable where supported.
We will not say: MeldSign does not negotiate contracts autonomously and does not guarantee correct legal drafting. Operators remain in control.
Enterprise activation tracks
Real work, not buried footnotes.
Activation tracks are explicit programs we run with customers when funded prerequisites exist. They are never represented as default GA.
QTSP-backed qualified signatures
Available when prerequisites are funded and the QTSP integration is executed for the customer. Tracked as an explicit enterprise activation program, not a default plan feature.
BYO-KMS envelope-wrap
Customer-managed KMS for sensitive artifacts. The platform substrate is shipped; per-customer activation requires funded prerequisites.
Connector expansion
New marketplace connectors are added only when a real backend exists and a named customer/pipeline request justifies the build. Speculative catalog entries are not sold.
Talk to security review
Ready for your procurement review.
We will not promise capabilities we do not ship. We will share evidence bundles, feature matrices, and activation track scope on request.