Data security and controls you can count on

Protecting your visitor and employee data is our highest priority. We combine independent certifications, enterprise-grade product security, and world-class infrastructure to ensure your information is always secure, available, and compliant with global standards.

Product security

Our layered approach to product security means you retain full control over who can access, use, and manage sensitive data within your organization.
Z-F1y3dAxsiBv0UE_sia_edu_us_ico_004

Enterprise-grade access & authentication

Create custom roles with 72 granular permissions to control data access, exporting, and more, while enforcing strong authentication through multi-factor authentication, single sign-on via OIDC, and configurable password policies. All data is encrypted in transit using TLS 1.2/1.3, ensuring secure communication at every step.

Z-F1yXdAxsiBv0UB_sia_edu_us_ico_002

Data control features

Configure custom data retention policies by visitor type, control export permissions, and restrict admin access by location. Every action is tracked with comprehensive audit trails, while offline mode keeps operations running during connectivity issues. Companion apps and iPads stay secure with built-in PIN protection.

GDPR

We take data protection seriously. We maintain strict data protection standards in our own operations while helping thousands of organizations manage visitor data and GDPR compliance with confidence. Our platform combines robust technical safeguards with organizational controls that make compliance straightforward.

Key capabilities include end-to-end encryption, granular access controls, automated data retention policies, data residency controls and comprehensive audit logging. These capabilities are fundamental to how our platform operates, giving you the tools to manage visitor data while meeting evolving regulatory standards.

View our Global Data Processing Agreement here.

infrastructure-data

Infrastructure security

By combining resilience with redundancy, our infrastructure ensures your data is both protected against threats and available whenever you need it.


Global Tier 4 Data Centers


Your data is stored in secure, high-availability environments with regional data residency options (UK, EU, US, Canada, APAC).

  • Consistent 99.99%+ uptime across all regions.
  • Auto-scaling application clusters, in-region redundancy, and global CDNs for fast and reliable access.
  • Intrusion detection, web application firewalls, and load balancing to defend against threats.
  • Point-in-time restoration with 14-day encrypted backups ensures your data is always recoverable.

Compliance support

We make compliance simple by aligning our platform with global regulations, so you can confidently meet your own data protection obligations.

  • Built-in GDPR compliance with regional data residency controls.
  • Customizable data collection and retention policies.
  • Regular third-party penetration testing as part of our certification requirements.
  • Data restoration capabilities and encrypted backup retention.
Z4lEE5bqstJ99imC_data-privacy-gdpr-blog-sia
API-client

API & integration security

With robust safeguards built into every integration point, you can confidently connect Sign In App to your wider workplace ecosystem.

  • Secure customer API with rate limiting and token authentication.
  • Verified webhook security for integrations.

Visit our Trust Center

A dedicated area that grants limited and privileged access to documentation on our compliance, security, privacy and data protection measures.
Trust Center

Frequently asked questions

Sign in App incorporates a comprehensive set of technical, organizational, and privacy measures designed to align with GDPR principles and safeguard customer data. Our governance, risk, and compliance framework ensures that policies, procedures, and audits are in place to manage risks and meet relevant laws, regulations, and industry standards. 


We maintain robust infrastructure and network security controls, including continuous monitoring, multi-factor authentication, vulnerability management, and role-based access controls to prevent and detect threats. Data security measures include data classification, industry-standard encryption for data in transit and at rest, secure management of encryption keys, and regular backups to ensure confidentiality, integrity, and availability. 


Through these practices, Sign In App helps customers protect against potential harm resulting from data breaches while supporting compliance and privacy commitments globally. You can see our Global Data Processing Agreement here.

Sign In App is a cloud based service hosted in Tier 4 data centres. When starting a trial or purchasing a subscription, you can select from one of six data storage regions; UK (London), EU (Germany), US (Ohio or N. California), Canada (Montreal) and Asia-Pacific (Sydney). All visitor data and backups are stored and replicated within the region you select. Our data centres employ physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorised entry.

You control how long your visitor and staff sign in history is retained for. Set the retention period for your account from 7 days to indefinitely in line with your privacy and GDPR policies.

All data is encrypted at rest and in transit over TLS 1.2. All backups are encrypted and passwords are hashed.

Your data is continually backed up and replicated between two data centres. All backups are encrypted and retained for 14 days.

During any disruption to the Sign In App service, your app will continue to operate in offline mode. We will notify all clients within one hour if an extended period of disruption is expected. All data is backed up and our disaster recovery procedures are outlined as part of our ISO27001 certification.

ISO 27001 is a specification for an information security management system (ISMS) as defined by the International Organization for Standardization (ISO). It’s a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes. Simply put, it ensures that an organisation strictly controls all aspects of information security. Sign In App Ltd is ISO27001 certified with certificate number 122520.

Sign In App acts as your data processor for visitor data. Our responsibilities include ensuring your data is secure, providing transparency around where the data is stored and providing features to allow you to control your data in line with your GDPR policies. Ethical data protection has always been a key part of Sign In App and the GDPR has only strengthened this since coming into force. With Sign In App you can set your own data retention rules, customise the data collected for each visitor type and present policies and opt-in options to visitors. You can also rest assured that your visitor data stays in the region you choose.

We also have an IASME certificate of assurance issued to us for GDPR compliance. This is attained following a self-assessment against the IASME governance standards which are verified by IASME.

We can sign a Business Associate Agreement (BAA) when your use of our products Sign In App and/or Sign In Scheduling involves U.S. Personal Health Information (PHI). Just let us know and we’ll send our standard BAA for quick review and e-signature. Please note that HIPAA compliance remains your organization’s responsibility and the BAA simply sets the terms for handling PHI when you use our services. Learn more here.

Cyber Essentials is an official UK government-backed scheme that protects our organisation against a whole range of the most common cyber attacks.

Yes. You can find evidence of our submission here. The Data Security & Protection Toolkit is an on-line self assessment tool that allows organisations to measure their performance against the National Data Guardian’s 10 data security standards.

In the UK all organisations that have access to Patient data and systems must complete the NHS Data Security & Protection Toolkit. This provides assurance that they are practising good data security and that personal information is handled correctly. You can find more information about the NHS DSPT here.

We are continually introducing features to help you manage your staff and visitor privacy and security. If you require additional information, please contact us at privacy@signinsolutions.com.