Security

Signoff is designed for teams that use checklists to prove work was completed. Security is part of that promise: access controls, auditability, and operational safeguards are built into the product foundation.

Customer workspace data is stored in managed infrastructure with encryption in transit and at rest. We limit production access to authorized personnel and use role-based controls for internal systems.

Signoff uses Clerk for authentication and organization membership. Workspace administrators control user access, organization membership, and roles. Enterprise plans are intended to support SSO and SCIM-backed access management.

Signoff records key workflow events such as template changes, run creation, item claims, completions, skips, and sign-off actions. These records help teams understand who did what and when.

Payment details are processed by Stripe. Signoff stores subscription status, plan information, and billing metadata, but does not directly store full payment card numbers.

If you believe you have found a vulnerability or security issue, contact security@sign-off.io with enough detail for us to reproduce and investigate the report.