Privacy Policy

Last updated May 2021

Overview:

Veriscript takes security seriously. By utilizing SSL encryption and world-class secure server infrastructure, we keep your documents private and secure.

E-sign Service:

An Aadhaar-holder is authorised to electronically sign a document online using eSign service.

The e-Sign service is facilitated by Application Service Providers like us (Veriscript), duly registered with CDAC (ESP) and in collaboration with the Unique Identification Authority of India (UIDAI).The Aadhaar- holder can affix his/her eSign on any electronic content by authenticating himself/herself through OTP received on their mobile number registered with Aadhaar. At the backend, the key pair is generated and a Digital Signature Certificate (DSC) is issued by the Certifying Authority (CA). Following this, the eSign is affixed to the document and returned back to the signer.

Encryption:

Your connection to Veriscript is secure and encrypted using SSL (Secure Sockets Layer). This is the same level of encryption used by leading banks and government agencies. Your documents are also stored and encrypted at rest using AES-256 bit encryption. Each one is encrypted with a unique key.

DATA Security as per International Accepted Standards:

  1. 256-bit SSL encryption on all pages, including signing.
  2. Detailed audit log stored for each signature action.
  3. Identification of users verified before permitted to send documents
  4. Document integrity checked every step of the way
  5. Unique salted fingerprints for each document Secure storage of documents and data.
  6. Signatory identity verified via email address, phone number and geo-tracking.

Our platform has been CERT-IN certified and security audited.

All data stored and processed within Veriscript stays secured.  Our main infrastructure is hosted in the Amazon AWS data center in Mumbai. This region is also used by many of the top Internet companies and fully complies with all the major certifications. More information can be found here. https://aws.amazon.com/compliance/

We also have backup facilities which access is restricted to and is only used for data recovery or restoration. Backups are taken for both the database and the documents themselves. (You were to get back on this). Disaster recovery related details https://aws.amazon.com/disaster-recovery/

Data stored should be encrypted at rest and during transport. Data transport between internal systems should also be encrypted. The keys required to encrypt and decrypt the data should be stored in an HSM and restricted to the minimum number of required people. SSL is the service responsible for the security of data while being transferred from server to user or server to server. All the HSM related securities are managed by AWS itself. The link of the same is provided above.

Data Access:

Access to the data that you hold on behalf of the customers should be tightly controlled and regulated by an auditable system and process. We ensure that only the minimum number of people required have full access to the infrastructure and data is never exposed to third parties. Data access is highly controlled via your account and every action is logged and recorded.

Internally, you are unable to access the documents from within your account. If users require support and assistance which relates to a specific document, user must first grant permission to you to access the documents. Until then, access is locked down and restricted. However in cases of emergency the senior most authority of the company can access data on platform without user’s permission. In order to know more as to what amounts to a case of emergency.

Disaster Recovery:

Depending on the type of disaster we have plans to handle the procedure when dealing with unexpected issues. All include the following:

  • Prompt and effective communication to customers on the situation, communicated via Veriscript’s status page.
  • Key people assigned as ‘in charge’ of coordinating the response and reaction.
  • Effective gathering of data and logs required to determine the root cause to help diagnose the problem and work towards a solution.
  • Feedback loops in place at every stage so learnings can be made for future events .

For issues that affect the availability of the Veriscript service, we communicate them via our status page.

Physical Security:

Veriscript  is hosted in a https://aws.amazon.com/compliance/iso-27001-faqs/ facility that has achieved ISO 27001 certification. Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass  authentication to access data centre floors.

Audit Logs:

Veriscript creates a comprehensive transaction trail between signing parties. To provide the user with a transaction history, we track and timestamp various information from the moment the document is submitted for signature to when it is completely signed and secured, such as IP address and User-Agent information. To ensure any tampering of your transaction log is detectable, we process the transactions log with hashing technology. Should you ever need to rely on a transaction log, we are right by your side to assist you.

Reliability:

Why can we rely on this platform? From a security perspective.

Subtle user identity verification mechanism ensures that contracts are being shared with/ signed by just the right person. We don’t use the method of e-sign where users simply paste picture of their signature. Instead we rely on more secure and efficient signing methods i.e. Aadhaar based Digital Sign and PKI based e-sign (consent).

Each and every piece of data processed through the platform or API is handled by a closely monitored server infrastructure and encrypted using industry-standard 256-bit HTTPS encryption.

We use reliable cloud servers from AWS on which industry’s biggest players rely.

Detailed auditing mechanism for processes carried out on our platform which ensures proof occurrence and can be helpful in cases of legal disputes.

Access

If you would like to correct, amend or delete information like e-mail, phone number , address, on the site, you can either change you can do the following through your dashboard from 'Settings' tab. For any other changes you will have to e-mail us at data@veriscript.io.

Credit Card Information:

Veriscript does not store your credit card information on its servers. When you submit your credit card information, we pass it along to our payments processor. The privacy policies of the payment portals can be found here. https://razorpay.com/privacy/

Legality:

The eSign service is governed by e-authentication guidelines. While authentication of the signer is carried out using e-KYC services, the signature on the document is carried out on a backend server of the e-Sign provider. eSign services are facilitated by trusted third party service providers - currently Certifying Authorities (CA) licensed under the IT Act. To enhance security and prevent misuse, eSign user’s private keys are created on Hardware Security Module (HSM) and destroyed immediately after one time use.

The use of Veriscript and assigning the signatures is validated by and has the legal sanctity under the provisions of the Second Schedule of the Information Technology Act, 2000 and the guidelines as issued by the Controller of Certifying Authorities. And the provisions of Electronic Authentication Technique and Procedure Rules, 2015 – e-authentication technique using Aadhaar e-KYC services. (Please confirm if the highlighted part is applicable)

End of Business Plans:

In the highly unlikely event that Veriscript is unable to continue trading, all previously signed documents will be provided in an archive file along with any information required to prove that the documents were signed legally and correctly.