CelerSign
PricingSign inGet Started

Data Residency

Last updated: 2026-05-22

This page describes where CelerSign customer data is stored and processed. For the full list of third parties involved, see our Sub-processors page.

1. Application servers

The CelerSign application runs on Vercel's global edge network. Compute on the edge is ephemeral: requests are served from the nearest available region, but no customer documents or persistent records are stored at the edge. Persistent data resides in the primary database (see below).

2. Primary database

Account data, document metadata, signing workflow state, and audit-trail records are stored in a managed Postgres database hosted on Railway. The default region is US East. Canadian-region database hosting is available for enterprise customers on request — contact sales@celersign.com.

3. File storage

Uploaded source documents and generated signed PDFs are stored in Linode (Akamai) S3-compatible object storage, in the US East (Newark) region. All objects are encrypted at rest.

4. Email delivery

Transactional emails (signing invitations, OTP codes, completion notices, reminders) are sent via ZeptoMail, operated by Zoho Corporation on its global email infrastructure. Email content includes recipient names, email addresses, and links to signing sessions.

5. DOCX-to-PDF conversion

Template-based document generation uses a self-hosted Gotenberg service running on Railway, co-located with the primary database in the US East region. Document content passes through Gotenberg during conversion but is not persisted by the service.

6. Backups

Database backups are managed by Railway and retained in the same region as the primary database (US East by default). Backup encryption and retention are inherited from the Railway managed Postgres offering.

7. Cross-border processing

Customer data may be processed in the United States, regardless of where the customer or signer is located. For Canadian customers, the transfer and processing of personal information in the United States is permitted under PIPEDA when comparable safeguards are in place. CelerSign relies on contractual safeguards (Data Processing Addendum, sub-processor agreements) and technical safeguards (encryption in transit, encryption at rest, access controls, audit logging) to maintain that level of protection.

For transfers originating from the EEA, UK, or Switzerland, CelerSign relies on the European Commission's Standard Contractual Clauses, as set out in our Data Processing Addendum.

8. FAQ

Can I have my data stored in Canada?
Canadian-region database and file storage are available for enterprise customers. Contact sales@celersign.com to discuss requirements.
Is data encrypted at rest?
Yes. We use AES-256 encryption at rest for both the database and object storage.
Is data encrypted in transit?
Yes. All traffic between clients, the application, and sub-processors uses TLS 1.3.
Where are backups stored?
In the same region as the primary database (US East by default). Enterprise customers with Canadian-region hosting receive Canadian-region backups.

9. Questions

For data residency questions or to request enterprise hosting arrangements, email legal@celersign.com.