We take things seriously

At Dokobit, we are committed to maximum data security and adherence to regulations. As transparency is one of the principles our company is built on, we aim to be as clear and open as we can about the way we handle security and compliance. Don’t rely on clumsy solutions, your business is not a joke.

Information security

Our business operations, internal systems, development and support processes comply with ISO/IEC 27001 — the internationally recognised standard for leading information security management practices.

We are being audited annually for our practices by the globally-respected audit firm Bureau Veritas and we have certified our implemented Information Security Management System (ISMS) with the certification scope of “cloud-based services for e-signing, e-sealing, e-identification, validation of e-signature and e-seal, and related software development, delivery and support”.

GDPR compliance

We’re committed to protecting your personal data. ISO/IEC 27001 standard is considered as the best framework for compliance with the General Data Protection Regulation and covers almost all of the necessary GDPR requirements. Additionally, we have incorporated all the necessary controls and procedures derived from the GDPR into our Information Security Management System.

We have incorporated additional controls for personal data processing security into our ISMS, following industry best practices — we are certified for ISO 27018 standard (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors). View certificate.

We give you full control over all your data and provide means to manage it via both the user-friendly interface and developer-friendly API.

You can find information about what data we collect in our Privacy Policy. You can find our Data Processing Agreement here.

Rigorously chosen service providers

We work only with those service providers to which security is a top priority. Each of our business partner is chosen after a rigorous due-diligence process and closely monitored by our Security Team. Some of our business partners process your information on our behalf in compliance with our Privacy Policy. We ensure that all our data shall be processed within the EU/EEA.

You can find these business partners in our list of sub-processors.

eIDAS compliance

Electronic signatures are not scribbled images on a document. Don’t lose out because of clumsy providers in the market that take legal things related to your documents for granted. At Dokobit, we take things seriously.

We have been developing our services from the ground up according to all the technical requirements of Regulation (EU) №910/2014 (eIDAS). Our services work only with Qualified Certificates, meaning that each signature produced with our help is uniquely and unambiguously linked to both the signer and the data signed. It is practically impossible to fake such a signature or re-use it with a different or modified document. To top that off, we also back up each signature with a Qualified Timestamp, thus providing legal proof about the time it was produced.

All signatures produced with the help of our services meet the requirements for Qualified Electronic Signatures or Advanced Electronic Signatures set forth under the eIDAS regulation. These signatures are accepted across the EU. We work with eID infrastructures in the EU member countries and support and rely only on Qualified Trust Service Providers listed in the European Union Trusted Service List.

Dokobit is the first Qualified Trust Service Provider for e-signatures and e-seals validation in the Baltics, supervised by a Member State Supervisory Body and included in the EU Trusted Service List.

Learn more about our validation practices and liabilities in our Signature Validation Service Practice Statement and Policy.

Service availability and business continuity

We have wide experience in supporting business critical processes and thus give careful attention to service availability. We constantly try to improve and invest great effort into securing your business continuity, but don’t just take our word for it — check our status to see for yourself how we measure up.

Recovery Point Objective (RPO)

1 hour

Recovery Time Objective (RTO)

2 hours

Maximum Tolerable Period of Downtime (MTPOD)

4 hours

Proved Service Availability

Strong data encryption and data integrity

All our data is encrypted using Transport Layer Security (TLS) and AES-256 encryption algorithm. Data integrity is ensured by mirroring all data in two separate locations. In case of emergency, data and data integrity can be restored from backups with automated procedures wand Recovery Point Objective of 1 hour.

Dedicated security team

We have dedicated personnel to manage and monitor all our services and infrastructure 24/7. Our team has an incident management process with contingency plans, incident response playbooks and multiple levels of escalation.

Security vulnerabilities and bug bounties

We are committed to employ the best security practices in the industry. If you believe you have discovered a vulnerability in our services, we welcome the contribution of external security researchers and look forward to awarding them for their contribution to the security of all Dokobit users. Follow the disclosure guidelines defined in our Vulnerability Disclosure Policy.

Fully insured

We are fully insured against professional indemnity, privacy breaches and cyber attacks up to €1M. We hope we won’t have to make use of it but it surely provides extra comfort to us and our customers. We will maintain valid insurance throughout the delivery of our services.

How to choose an e-signing solution provider

When entrusting your company documents to the partners, whether department or company-wide, not only the front-facing part of the signing process matters; everything in the back – compliance with the regulations, qualification of services, information security, actual signature validity – can make all the difference in the world.

Be careful who you hand your data over to and beware not to slip on only supposedly declared compliance and hazy statements. Download the checklist to guide you through the most important aspects of choosing an e-signing solution provider.

Download the checklist