Security
Here at Proposify, we understand how critical it is to protect your data and documents. Our team is dedicated to keeping them safe through continuous compliance efforts, ongoing audits, and 24/7 system monitoring to ensure we meet and exceed industry standards.
GDPR
Proposify is committed to protecting our client’s data and privacy. That is why we maintain our GDPR compliance and enable our customers to set their own compliance preferences as a controller.
We take a holistic approach to ensure sensitive data is gathered and protected under these strict conditions. Proposify combines enterprise-level security features with comprehensive audits and has team members dedicated to compliance and data protection.
Our Terms of Use, Privacy Policy, and Data Processing Addendum are reflective of our GDPR commitment.
SOC2
Proposify is SOC2 Type 2 certified to reflect our long-standing commitment to security. We have been audited against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. Amazon Web Services is used for cloud hosting which upholds the highest security standards and makes significant investments to protect customers.
The certification effort was completed by the professional and independent third-party audit firm, 360 Advanced, Inc. We are happy to provide a report upon request.
Please reach out to privacy@proposify.com for further information and to access your copy of the report.
PCI-DSS
Proposify uses Stripe to process payments. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most rigorous level of certification available in the industry.
E-Signatures
Proposify’s built-in electronic signature tool is legally binding, backed by world-class security, and compliant with the strict guidelines outlined in the Uniform Electronic Transactions Act (UETA, 1999), the Electronic Signatures in Global and National Commerce Act (ESIGN, 2000), and eIDAS (Regulation 910/2014/EC).
In order to meet these important industry standards, we authenticate signors and provide an audit trail associated with the document and each signature by:
- Recording the IP address of the signing parties and the date/time it was signed.
- Offering both parties electronic copies of the signed document and keeping them stored on our servers.
- Locking down the document from being modified after it has been signed to honor the information agreed upon at the time of signing.
Uptime
Proposify has an uptime of 99.9 % or higher. If you wish to check the system status at any time, please visit https://status.proposify.com/ and subscribe for updates.
Should our systems require maintenance or a short downtime, clients will be provided with ample notice.
Data Security
Servers
All our services are hardened using industry best practices and updated regularly with the latest security patches. Our service is isolated inside a Virtual Private Cloud and has been built with disaster recovery in mind.
Storage
All customer data is stored in Northern Virginia, USA.
We do not have individual datastores for each customer. However, strict privacy controls exist in our application code to ensure data privacy and prevent a customer from accessing another customer’s data. We have several unit and integration tests in place to ensure these privacy controls work as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code from being shipped to production.
Employee Access
Access to our hosting provider is secured with 2FA and employees are only given access to the environments they work with.
System Monitoring
All systems are actively monitored to ensure uptime and performance metrics.
Backups/Infrastructure
All critical systems are backed up nightly and stored off-site. Backups are tested and verified on a monthly basis.
Data Transfer
All data sent to or from Proposify is encrypted using 256-bit bank-grade encryption (SHA-256 with RSA Encryption). Our API and application endpoints are TLS/SSL only.
Authentication
Passwords are encrypted one way, we cannot decrypt them.
Using your Proposify account can only be done over HTTPS. Client previews are available over HTTP if you choose to use a custom domain.
Reporting Issues
Send all reports directly to support@proposify.com, and we will get back to you as soon as we can.