Yes it's safe. Read about what makes it safe to use Visma Addo for digital signing
User and permission management
With Visma Addo, it is possible to control permissions connected to the user profiles associated with your account. Each user will receive a username and password to be used when they log in. As an administrator, you can assign permissions to different user profiles according to the access the user needs.
Automatically logged out if inactive
If you are inactive for 15 minutes, you will automatically be logged out of Visma Addo. This is to ensure that no one but the users can access their Visma Addo account in case the user has forgotten to log out.
Storing of documents
Visma Addo is a transactional solution, therefore, Visma Addo only stores documents in the 10 days transaction period, after which the documents will be deleted. It is very important that you make sure to save a copy of the signed documents or store them directly in your digital archive.
Encrypted transmission of data and web standards
Visma Addo uses a security model where all communication and passwords are encrypted and transmitted through https. This security model ensures that the various parties can only access their own data and no other parties’, thus ensuring the safety of any sensitive personal information.
Only the administrator of the Visma Addo account is granted access to the documents that the users send through Visma Addo. With Visma Addo, you get a safe solution that meets the requirements of The Danish Data Protection Agency.
To establish secure communications, Visma Addo is using a wide range of Web standards.
- HTTPS HTTP traffic is encrypted with SSL / TLS protocol. HTTPS also allows confirming the identity of the Web server through an X.509 certificate.
- S / MIME A standard for encryption and signing of e-mail messages. The sender's identity is confirmed through an X.509 certificate.
- X.509 certificates X.509 is a standard for Public Key Infrastructure (PKI). A certificate issued by an authorized organization called Certificate Authority (CA) which is responsible for confirmation of identity. The certificate contains two keys for asymmetric encryption, a public key and a private key. The certificate owner is the only one who has access to the private key used for encryption. The encrypted content can be decrypted only with the matching public key. By relying on the certificate issuer, the sender’s identity is ensured and thus the content.
The servers communicate with external parties identified by X.509 certificates.
Delivery of e-mails to a recipient requires encryption of attachments as they may contain sensitive personal information.
The attached documents are encrypted with a strong 128-bit AES (Advanced Encryption Standard) which follows the recommendations of The Danish Data Protection Agency.