Pactly
Back to Home

Legal Compliance

Detailed overview of Pactly's compliance with electronic signature laws, regulatory obligations, and data protection standards across key jurisdictions.

Legal Compliance

Electronic Signature Law Compliance

Pactly is designed to comply with electronic signature laws in key jurisdictions where our customers operate. Below is a detailed breakdown of our compliance status.

United States

ESIGN Act (Electronic Signatures in Global and National Commerce Act)

Status: Full Compliance

  • Authentication Requirements: Multi-factor identity verification implemented
  • Intent Demonstration: Clear consent mechanisms and signature placement
  • Record Retention: Comprehensive audit trails with SHA-256 hashing
  • Disclosure Requirements: Proper consent and disclosure processes

UETA (Uniform Electronic Transactions Act)

Status: Full Compliance

  • Attribution: Electronic signatures properly attributed to signers
  • Intent: Clear intent to sign demonstrated through our process
  • Record Integrity: Tamper-evident technology ensures record integrity
  • Retention: Electronic records retained as required by law

Colombia

Ley 527 de 1999

Status: Full Compliance

  • Legal Recognition: Electronic signatures legally recognized
  • Technical Requirements: Meets Colombian technical standards
  • Authentication: Proper identity verification processes
  • Integrity: Document integrity maintained through cryptographic methods

European Union

eIDAS Regulation

Status: Simple Electronic Signatures ⚠️

  • Simple Electronic Signatures: Full support for SES level
  • Advanced Electronic Signatures: Not currently supported
  • Qualified Electronic Signatures: Not currently supported
  • Legal Effect: Simple signatures have legal effect under eIDAS Article 25(1)

Note: Pactly does not currently support AdES or QES, nor does it integrate with local certificate authorities. These are not supported use cases at this time.

Canada

Electronic Transactions Protection Act (Federal)

Status: Basic Support ⚠️

  • Provincial Variations: Compliance varies by province
  • Technology Neutral: Meets technology-neutral approach
  • Consent Requirements: Electronic consent mechanisms implemented
  • Record Keeping: Basic record retention capabilities

Note: Pactly does not currently support AdES or QES, nor does it integrate with local certificate authorities. These are not supported use cases at this time.

Brazil

Marco Civil da Internet (Lei 12.965/2014)

Status: Basic Support ⚠️

  • Electronic Documents: Basic electronic document support
  • Digital Certificates: ICP-Brasil certificates not integrated
  • Legal Validity: Limited legal validity for simple transactions
  • Advanced Features: Qualified signatures not supported

Note: Pactly does not currently support AdES or QES, nor does it integrate with local certificate authorities. These are not supported use cases at this time.

Compliance Features

Technical Safeguards

  • Cryptographic Hashing: SHA-256 for document integrity
  • Audit Trails: Complete signing history and metadata
  • Identity Verification: Pactly supports identity verification via email-based authentication, SMS codes, and app-based multi-factor authentication methods
  • Tamper Evidence: Detection of document modifications

Legal Safeguards

  • Intent Documentation: Clear demonstration of signing intent confirmation screens, including an explicit confirmation button that affirms the user's understanding of and agreement to the electronic signature terms.
  • Record Retention: Signed documents are retained for at least 7 years in accordance with regulatory best practices and legal hold policies
  • Access Controls: Role-based access to sensitive documents

Limitations and Exclusions

Not Supported

  • Qualified Electronic Signatures (QES)
  • Advanced Electronic Signatures (AdES)
  • Specialized Certificate Authorities
  • Government-specific compliance requirements

Use Case Restrictions

  • Notarized Documents: Cannot replace notarization requirements
  • Regulated Industries: May not meet specific industry regulations
  • Court Documents: Not suitable for court filings in some jurisdictions
  • Real Estate: May not meet real estate transaction requirements
  • Qualified Signature Sectors: This platform as of now, is not intended for use by sectors that require qualified or advanced digital signatures, such as public notaries, real estate recorders, or healthcare entities subject to HIPAA.

Compliance Monitoring

We continuously monitor changes in electronic signature laws and update our platform accordingly:

  • Legal Updates: Regular review of regulatory changes
  • Platform Updates: Technical improvements for compliance
  • Documentation: Maintenance of compliance documentation
  • Legal Consultation: Ongoing legal review and consultation
  • Future Enhancements: Future enhancements, including support for Advanced and Qualified Electronic Signatures (AdES/QES), are being evaluated as part of our compliance roadmap.

Industry Standards

In addition to legal compliance, we adhere to:

  • ISO 27001: Information security management
  • SOC 2 Type 2: Security and availability controls
  • GDPR: Data protection and privacy requirements
  • CCPA: California consumer privacy compliance

Getting Help

For specific compliance questions:

This information is provided for general guidance and should not be considered legal advice. Consult with qualified legal counsel for specific compliance requirements.

Last updated: January 15, 2025