Wesignit
Security Statement
This Security Statement provides a formal overview of the operating security posture of WeSignIt Signature, including service boundaries, Microsoft 365 alignment, tenant separation, administrative governance, and the control principles applied to the delivery of the service.
1. Scope
This Security Statement applies to WeSignIt Signature and related service components used to administer, generate, govern, and apply email signatures and associated policy controls in Microsoft 365 environments.
It addresses the public security posture of the service, including:
- the WeSignIt Outlook add-in for Outlook Desktop, Outlook on the web, Outlook for Mac, Outlook for iOS, and Outlook for Android, where supported;
- the WeSignIt administrative interfaces and service control surfaces;
- backend APIs, policy services, rendering systems, and related administrative workflows;
- identity, authentication, telemetry, logging, and operational review mechanisms relevant to the service.
2. Security Posture Overview
WeSignIt Signature is operated as a centrally administered signature governance service rather than as a collection of unmanaged local edits. Its operating posture is designed around controlled policy, Microsoft-aligned identity context, tenant-scoped administration, and reviewable operational actions.
The public security position of the service is centered on the control path between Microsoft identity, administrative policy, and the Outlook compose experience.
3. Service Boundary and Control Model
The primary control model of WeSignIt Signature is compose-time governance within supported Outlook environments. Administrative rules, template eligibility, and operational behavior are intended to be governed centrally rather than delegated to unmanaged endpoint editing.
The service is positioned around a controlled SaaS administration model and does not depend on a legacy desktop-agent-centric architecture as its core operating boundary.
4. Microsoft 365 and Identity Alignment
WeSignIt Signature is designed to align with Microsoft 365 administrative and identity models. Depending on deployment configuration and feature scope, identity and administrative context may be derived from Microsoft 365, Microsoft Entra ID, Outlook, and Microsoft Graph.
This alignment is intended to reduce fragmentation between signature governance and the customer’s existing Microsoft administrative structure.
5. Authentication and Administrative Access
Administrative and service access are intended to be governed through controlled authentication and authorization paths appropriate to the deployment model. Administrative workflows are designed to remain attributable and reviewable within the relevant customer or service scope.
Customers remain responsible for reviewing and approving the permissions, tenant settings, and administrative delegations used in connection with the service.
6. Tenant Separation
WeSignIt is structured so that customer environments remain distinct administrative scopes. Templates, mappings, policy routes, and operational activity are intended to remain organized and governable within the relevant customer environment.
The public posture of the service is that customer environments are handled as separated administrative contexts rather than as a blended operational surface.
7. Centralized Policy and Template Governance
Template lifecycle, policy routing, eligibility rules, and related configuration changes are designed to be administered from a centralized governance surface. This reduces reliance on unmanaged user-side signature behavior and supports a more controlled administrative model.
Administrative changes are intended to remain attributable to the relevant governance context.
8. Logging, Telemetry, and Operational Review
WeSignIt may maintain service logs, operational telemetry, and administrative records relevant to authentication, provisioning, policy changes, request handling, delivery operations, and service diagnostics.
These mechanisms support service integrity, troubleshooting, internal review, and administrative oversight. The public purpose of such records is operational review and service governance.
9. Data Handling and Protection Principles
WeSignIt maintains administrative, technical, and organizational safeguards designed to protect service data and related customer information against unauthorized access, misuse, disclosure, alteration, and destruction.
Safeguards may include access controls, encrypted transport, environment separation, controlled administrative workflows, logging, monitoring, and security mechanisms appropriate to the service model.
10. Third-Party and Platform Dependencies
WeSignIt Signature operates in conjunction with Microsoft 365 and may rely on supporting infrastructure, hosting components, and authorized service providers as reasonably necessary for service delivery, administration, and support.
Customers remain responsible for assessing the suitability of their Microsoft 365 environment, administrative configuration, and related approvals in connection with their use of the service.
11. Customer Responsibilities
Customers are responsible for reviewing their own tenant configuration, permission grants, administrative delegation, policy decisions, and organizational usage of the service.
This includes determining whether the service is configured in a manner consistent with the customer’s internal security, legal, compliance, and operational requirements.
12. Security Review and Additional Information
This page is intentionally limited to the public security posture of the service. Additional architecture, deployment, validation, and review material may be provided during a technical evaluation process, subject to the appropriate review context.
Requests for further technical review may be directed through the official WeSignIt contact channel.
13. Changes to This Security Statement
Wesignit may update this Security Statement from time to time to reflect service evolution, administrative changes, legal obligations, or revised public positioning.
The most current version will be published on this page with an updated effective date.
14. Contact
For security-related review requests or questions regarding this Security Statement, contact WeSignIt through:
Wesignit Inc.
Website: https://www.wesignit.ca/contact/
15. Related Documents
Privacy Statement: https://www.wesignit.ca/privacy-policy/
Terms of Service: https://www.wesignit.ca/termsofservice/