Your documents, locked down by default.
Your documents are often your most sensitive records, so security is built into tuyaform from the ground up rather than bolted on. We encrypt data in transit and at rest, seal every completed document with a cryptographic hash so any later change is detectable, and enforce least-privilege access controls across our systems. Because tuyaform is free and ad-supported, our advertising is privacy-respecting and never trades on the contents of your documents, which are never sold, mined for ad targeting, or shared with advertisers.
Standards we hold ourselves to
How we protect every document
Encryption in transit
All connections to tuyaform are protected with TLS 1.3 (with TLS 1.2 as a secure fallback), so documents and signatures cannot be intercepted or read as they move between your browser and our servers.
Encryption at rest
Stored documents and their metadata are encrypted at rest using AES-256, the same symmetric cipher used by governments and banks, with keys managed in a dedicated key management service and rotated on a regular schedule.
Tamper-evident sealing
When signing completes, the final PDF is hashed with SHA-256 and digitally sealed. Any alteration to a single byte changes the hash and invalidates the seal, so a tampered document is immediately detectable and the Certificate of Completion lets anyone verify integrity.
Access controls
Role-based, least-privilege access governs who can see a document. Only the sender and designated recipients can access an envelope, signing links are unique and can be protected with access codes or one-time passcodes, and internal administrative access is restricted, logged, and reviewed.
Data residency
Documents are hosted with reputable cloud infrastructure providers in secure, access-controlled facilities. We support regional data hosting options so organizations with EU or US data-residency requirements can keep records in their preferred region.
Backups and resilience
Signed records are backed up with encryption and redundancy across availability zones, so your completed documents remain durable and recoverable. Backups are tested and subject to the same encryption and access controls as production data.
Privacy-respecting advertising
tuyaform is funded by ads, not by your data. Ads are contextual and privacy-respecting; the contents of your documents are never read for targeting, never sold, and never shared with advertisers or data brokers.
Free shouldn't mean less safe
tuyaform is funded by ads, not by your data. We don't sell documents, signatures or personal information — the same encryption and controls protect every account, free or not.
Sign with confidence — free forever.
Encrypted, sealed, and audit-trailed on every document.