Security of Contractbook

We provide you with the best security solutions, keeping all your information safe

Secure Connection

Communication over secure SSL connection prevents from stealing a user's credentials and man-in-the-middle attacks where an attacker is able to sniff all the data that is being sent

Two-step verification

Only correctly verified accounts can create and sign contracts. The verification process consists of two factors:

  • Verification of email address through unique links issued by email
  • Verification of phone through secure one-time passwords sent by text message

Confirmation tokens

To sign a contract user must additionally provide a secure confirmation token received in a text message

Token authentication

The user provides a password only once and gets a secure token as a response

The user has to provide a received token on each request to the application

Tokens are invalidated after some specific time which requires user to login again and prevents from stealing these tokens

Session data is remembered on a client side and is not stored on a server which improves security in case of any malicious operations

Encrypted information storage

Passwords and verification tokens are stored encrypted using modern and state-of-the-art solutions including the bcrypt key derivation function. We don't store plain data but use cryptographic one-way hash functions.

Unique key for every single contract

Contracts can only be viewed through the website using a verified account or using a unique key that is issued to the recipient's email address