Security

Your obligations are sensitive. We treat them that way.

Cadence holds contracts, certificates, and signatures — the practices below are how we keep them safe.

Encryption everywhere

TLS for every connection. Documents are stored in Cloudflare R2 with encryption at rest and accessed only through short-lived presigned URLs.

Tenant isolation

Every query is scoped to your organization. Access rules are enforced server-side and covered by dedicated tenant-isolation tests.

Hardened authentication

Auth tokens live in httpOnly cookies with CSRF protection — never in browser storage. Refresh tokens rotate on every use, and repeated failures trigger account lockout.

Least-privilege access

Role-based permissions per organization. Item-level access limits regular users to what they own, approve, or created.

Complete audit trail

Logins, admin actions, impersonation sessions, approvals, and signatures are all logged with actor, timestamp, and IP.

Signed-document integrity

Completed signing rounds are hashed and sealed with an X.509 certificate. Evidence packages capture consent, access proof, and signer metadata.

Abuse protection

Per-client rate limits on authentication and tokenized approval links. Opaque tokens are stored only as SHA-256 hashes.

Operational resilience

Automated database backups, versioned object storage, and a tested disaster-recovery runbook.

Responsible disclosure

Found a vulnerability? Email security@latchworksystems.comand we’ll respond within two business days. Please don’t test against production tenants you don’t own.

Stop letting deadlines slip through the cracks.

Track every renewal, approval, and signature in one place. Free 14-day trial, no credit card required.

Start free trial