No, Signia is an electronic signature system that uses certificates to create unique and secure cryptographic chains. These chains guarantee the integrity of the signed document, making it unforgeable and non-repudiable. This means that the user will not be able to deny having signed the document, since the signature is made using a private key protected by a password that only the signer knows.

Signia offers an end-to-end encryption system that ensures that only authorized participants can access the document. When a document is encrypted, only the private keys of the participants can decrypt it. These keys are for the exclusive use of the user, which means that even Signia cannot access the content of an end-to-end encrypted document.

Signia uses a strong authentication system that combines the use of email and password. However, we are aware that this may not be sufficient if the password is weak. For this reason, Signia offers two-step authentication using one-time passwords generated by applications such as Google Authenticator. In addition, you can enable access through biometrics, such as fingerprints, or by using secure USB keys.

When signing a document with Signia, two files are generated: the signed document in PDF format and an XML file. This XML file is very important and contains the original PDF document, as well as information about the signer and the cryptographic signatures of the document. Signia has a built-in verifier that analyzes the XML file and can detect if the document or any of the signatures have been altered.

From a technical point of view, yes: a digital signature based on asymmetric cryptography ensures the authenticity, integrity and non-repudiation of the document. However, its legal validity varies from country to country. In the European Union, under the eIDAS regulation, and in the United States, through the ESIGN Act and the UETA, digital signatures backed by certificates from a recognized Certification Authority (CA) are legally binding.

In countries such as Mexico, Argentina, Colombia, Chile and Spain, digital signatures issued by government entities or accredited certifiers are also legally valid. On the other hand, in the case of Signia, the certificate comes from a private CA generated when using the platform, which is not officially recognized. Although the signature is technically valid, it may not be accepted in official procedures.

Therefore, for internal procedures, it is valid, since it guarantees the authenticity and integrity of the document within the company. However, for legal and official procedures, it would be necessary to adapt the platform to local regulations and integrate certificates issued by a CA recognized in each country.

No, Signia follows a privacy-centric approach. All cryptographic operations involving the private key, including its creation, are performed locally in the device's browser. As far as documents are concerned, when you choose to encrypt them end-to-end, the encryption is performed in the local environment and transmitted in encrypted form, so that even Signia cannot access their content. This is verifiable and auditable by reviewing the source code.