Security and Compliance

Solving your paperwork problems also means solving your security and compliance problems. At OnTask, your data’s security is at the forefront of our minds in everything that we do. OnTask complies with all of these best-practice standards.

Secure eSignatures

The more secure, cost-effective way to get documents signed. OnTask lets you collect legally binding and secure digital signatures on any quote, contract, or document and route them wherever they need to go.

Our Secure Software Features

Keeping your data safe is our number one priority. Learn what security features we have in place to protect your business.

Encryption at Rest

OnTask employs 256-bit AES encryption at rest, which is a fast and extremely secure method of encryption that is regarded as virtually unbreakable that covers documents and other data. Most government agencies, military organizations, and even the browsers most people use rely on 256-bit AES.

Encryption in Transit

OnTask employs TLS 1.2 to facilitate data privacy and protection as information is sent between OnTask and other platforms. TLS is imperative to keeping personal data like medical records, credit card info, and social security locked down and safe from hackers.

Tamper-Proof Documents

Tamper-proof documents aren’t just for physical paper. OnTask features tamper-proof digital documents, enforced by public-private key encryption, meaning only specified parties have access and are able to sign or make changes to documents sent through the OnTask system. Tamper-proof documents are essential in the event a document is contested in a court of law.

Servers & Networking

OnTask runs on Linux systems that are regularly updated with the latest security fixes. These servers are hosted in the secure data centers of Amazon Web Services (AWS) alongside our secured data in the AWS S3 and RDS services.

Customer Payment Information

OnTask does not process, store, or transmit payment card data from users. Instead, we rely on Braintree for payment processing.

Coding & Testing Practices

OnTask leverages industry-standard programming and testing techniques including rigorous automated testing, manual quality assurance checks, and detailed documentation. Our secure coding practices closely follow guidelines laid by the OWASP report.

Employee Access

To ensure security and lockdown data, we follow the principle of least privilege (POLP) in our solution. We segment employee access only to authorized users working within the product or with customers in real-time.

Isolated Environments

OnTask relies on logically isolated production network segments.

Periodic Vulnerability Testing

With each product release, web application security is evaluated and tested for vulnerabilities. Widely used testing toolkits and scanners are used to identify vulnerabilities and notify the OnTask team before updates are released to production.

Consistent System Monitoring

Our infrastructure and production applications are monitored around the clock, 365 days a year. OnTask’s dedicated monitoring systems automatically send out alerts in the event of an exception. OnTask engineers are alerted of these occurrences to escalate and proceed accordingly.

Service Levels & Backups

OnTask’s product infrastructure utilizes a wide number of layered techniques to ensure reliability and avoid product downtime. These techniques include load balancing, task queues, rolling deployments, and auto-scaling. Like the rest of the data in OnTask, all backups are encrypted using industry standards.

Password-Protected Signing

You can assign a one-time password to your documents to be sure only the intended recipient is able to access and sign a sent document. Available now in the Signature API & My Documents section.

Have Additional Questions?