Is it safe to sign documents online? An honest look at the risks

Updated July 2026

Reasonable question — the documents you sign are some of the most sensitive files you own. A lease has your address, salary and signature on one page. A medical form has more. So before you upload one to a website that promises to “sign it free!”, it’s worth understanding what actually happens to it. Full disclosure: we make Signed, one of the options below; we’ll be straight about all of them.

The three ways “signing online” actually works

1. Cloud e-signature services (DocuSign, Adobe Sign, and the dozens of smaller ones). Your document is uploaded to their servers, processed there, stored there — often long after you’ve forgotten about it — and sent onward. For multi-party contract workflows this is the right architecture: audit trails, sender verification, everyone gets a copy. The reputable ones are professionally secured. The honest costs: your paperwork now lives on someone else’s infrastructure subject to their retention policies, their breaches, and their terms of service; and the individual plans run $10–25/month for what is, for most people, an occasional need.

2. Free “sign a PDF online” websites. You upload your document to a website you found thirty seconds ago, run by you-don’t-know-who, funded by you-don’t-know-what. Some are legitimate; some monetize in ways you can’t see. The blunt rule: if you wouldn’t hand a stranger your lease, don’t upload it to a site you can’t vet. At minimum, look for a real company name, a privacy policy that says when files are deleted, and https. Better: don’t send the document anywhere at all —

3. Local tools — nothing leaves your device. iOS Markup signs attachments on your phone. Signed is built entirely around this model: the PDF you import, the signature you create, the signed copy you export — all stored only on your iPhone. There is no cloud copy, which means there is nothing to breach, sell, or subpoena from a server. (One scoped exception: AI signature generation sends your name to the generator — never your documents.)

The actual risk checklist

  • Where does the file go? The only question that matters most. On-device beats vetted-cloud beats unknown-website, every time.
  • How long is it kept? Cloud services retain documents per their policy; free sites often don’t say. On-device: you decide.
  • Is the signed copy flattened? A properly exported PDF bakes the signature into the page. Signed and the major services do this; some free tools just layer an image that can be lifted off.
  • Could someone reuse my signature? Honestly: anyone who’s ever received a signed document from you could, in theory, extract the image. E-signing doesn’t change that ancient risk — treat your signature like you treat your handwriting, and reserve wet-ink-plus-witness for the documents that warrant it.
  • Is this document too important for any of this? Wills, deeds, notarized documents — some paperwork has requirements an image on a PDF doesn’t satisfy, no matter which tool made it. When in doubt, ask the party requesting the signature what they need.

The bottom line

Signing documents online is safe when you control where the document goes. For everyday paperwork, the safest place for your lease is the one it never leaves: your own device.


Related: Does Signed upload my documents? · Are electronic signatures accepted? · How to sign a PDF from an email

Get Signed — free on the App Store Get →