Compliance & Security

Data Handling Guarantee

This is exactly what happens when an email arrives at SigAudit, in exact order:

  1. 0ms: Email is received by our mail gateway
  2. 120ms: Signature block is extracted from the end of the email
  3. 121ms: Full original email body, headers and all content are permanently deleted from memory
  4. 122ms: Only the extracted signature block is passed to the auditor
  5. < 600ms total: Audit completes. Only pass/fail status and sender email are stored.
  6. < 600ms total: All other data is gone forever.

We literally can not read your email. It is deleted before any other code runs. Even if we wanted to, we physically can not retain or access the message content.

Security Guarantees

  • ✅ No full email body is ever written to disk
  • ✅ No full email body is ever logged
  • ✅ Original headers are deleted immediately
  • ✅ Nothing is ever stored except pass/fail status, signature hash and sender email
  • ✅ All silent audit data is automatically deleted after 90 days
  • ✅ We will never ask for mailbox access or admin credentials
  • ✅ We will never route your mail through our servers

Liability Guarantee

We will sign any data processing agreement you require. We accept full liability.

If it is ever proven that SigAudit stored a full email body, we will pay you €10.000.

Regulatory Compliance

SigAudit is designed to be fully GDPR compliant. All data is encrypted at rest and in transit. Customers retain full ownership of all data.

Any user may opt out of auditing permanently by adding UNSCAN to their email subject line.