Well-Architected RabbitSign Hopping From Minecraft Adventures to Empowering E-Signatures

Whiz teen’s brainchild emerges as a breath of fresh air in a billion-dollar industry dominated by costly, subscription-based solutions like DocuSign and Adobe Sign.

Stanley Zhong's foray into coding began with an unexpected twist: Minecraft. As a young, curious gamer, Stanley's interest in programming was ignited by his parents' unique deal. What began as a creative way to engage with Minecraft would eventually lead him to create RabbitSign, a groundbreaking e-signature platform that would change the industry landscape.

"I started with Python. The first programming book I ever got was called Adventures in Minecraft. And the deal was my parents would buy me Minecraft games only if I used them to help me learn to code," Stanley recalled.

Guided by his new book, Stanley embarked on a journey that would take him far beyond Minecraft's virtual realms. "The book focused more on manipulating the in-game world. So I would write a program that would, for instance, build a house. Or have it detect whether the player is leading some sort of bounty. I would write codes that build these little nuancÅes in the game."

Necessity is the mother of invention

As his coding skills blossomed, Stanley found further inspiration in his father's background in the tech industry. Growing up surrounded by technology and innovation, he developed a strong passion for programming and its potential to change the world.

This potent combination of gaming and familial influence set the stage for Stanley's most significant undertaking: RabbitSign. Witnessing his parents' struggles with existing, expensive e-sign solutions during the COVID-19 pandemic, he felt compelled to create a more accessible and affordable alternative.

Drawing upon the skills and creativity nurtured through Minecraft and his father's unwavering support, Stanley developed RabbitSign, a platform that defied the limitations of its predecessors. 

In developing RabbitSign, Stanley relied on Amazon Web Services (AWS) serverless technologies like AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. RabbitSign was born out of a desire to provide a more accessible and affordable e-sign solution. A key factor in making this possible was the use of serverless architecture. 

Stanley explained, "Serverless is the reason RabbitSign exists. Serverless is a lot cheaper compared to running a server. Running a service up all the time incurs costs. Whereas with serverless, we can scale a lot more effectively because we don't incur any costs when there are fewer users using RabbitSign. But when user usage increases, we can easily scale as well."

This cost-efficient approach is evident in RabbitSign's operating expenses. 

"Our total monthly bill is around $120, but 90% of it comes from AWS security services alone, such as AWS Security Hub, AWS Cloudtrail and Amazon CloudWatch. So if we really wanted to just run the application, nothing else, no auditing or logging or anything, we could probably cut it to like $5 a month."

Serverless – the key to RabbitSign's affordability

RabbitSign's architecture leverages AWS Lambda for serverless computing, API Gateway for managing APIs, DynamoDB for database management, CloudFront for content delivery, and Amazon S3 for storage. This combination of services creates a scalable, secure, and efficient platform that can handle dynamic user interactions and document workflows.

"When you land on the RabbitSign homepage, your request is directed through a CloudFront CDN, which redirects your request to an S3 bucket we use for static website hosting. Our homepage and its associated services reside in that S3 bucket."

As users move forward and request to send a document to someone, the application switches to a dynamic page that involves AWS Lambda. 

"When you start a request to send a document to somebody, that now is a dynamic page, and it will hit our Lambda function. The Lambda function would then return the requested page with the defined user settings."

When a user uploads documents, they are stored in an Amazon S3 bucket, with any other required user assets for sending or signing a document. 

"All those document uploads are stored in S3, along with any sort of user assets that are also required for sending a document or signing a document. So let's say you're signing, and want to sign with a hand-drawn signature. That hand-drawn signature is saved as an image in S3."

“Without a doubt, one of the most well-architected AWS accounts I’ve ever seen!”

"Give this kid a medal," enthused Jesse Wiener, Cloud303 Director of Managed Services and Senior Solutions Architect, who led the AWS Well-Architected Review (WAR) on RabbitSign's architectural design. Jesse was impressed and even surprised by the "bulletproof" nature of RabbitSign's architecture, which far exceeded expectations for a platform developed by a young coder.

Cloud303 is an AWS Advanced Consulting Partner that boasts a myriad of AWS Competencies and Service Delivery Programs under its belt. In addition, it was also recognized as AWS’ top partner for Well-Architected Reviews in North America for 2022, many of which were led by Wiener.

He continued, “I have reviewed dozens if not hundreds of accounts, and this is undoubtedly one of the most well-architected AWS accounts I’ve ever seen.”

AWS native tools like AWS Security Hub, AWS Config, and AWS Audit Manager played a significant role in helping RabbitSign achieve HIPAA compliance. Jesse reviewed the design for the audit technology deployed and has no qualms that with AWS' conformance packs and benchmarking tools, RabbitSign will achieve other coveted compliances such as ISO 27001 and SOC2. 

"The thoroughness and efficiency of RabbitSign's architecture are remarkable. AWS services ensure robust security and compliance capabilities," Jesse commented.

Trust driven by compliances

Since its inception, RabbitSign has evolved into a feature-rich platform, continuously improving based on user feedback. Custom branding and support for various compliances are some of the most notable additions. Achieving HIPAA compliance has been instrumental in building user trust. It was user feedback that initially inspired Stanley to pursue HIPAA compliance. Before that, he admitted to “not even knowing what HIPAA was”. 

"There were cases where we posted anonymously about RabbitSign, and someone said, 'You know, this is free, but do I really want to trust this service?' Generally, the common wisdom is that most free things on the Internet are suspicious."

This feedback led Stanley to focus on compliance and third-party validation, which he realized was crucial for building trust with potential and current users. With the help of AWS, they achieved HIPAA compliance, making RabbitSign a more trusted solution for handling sensitive information. 

"RabbitSign is pushing hard on compliances because being able to say we're compliant with this framework, and we have third-party validation from this trusted source is very important for building that trust with potential users and current users."

With HIPAA compliance secured, Stanley has set his sights on obtaining additional compliance certifications, such as SOC 2 and ISO 27001. These certifications will further consolidate RabbitSign's position in the market and help solidify the trust of users who rely on the platform for their e-signature needs. 

HIPAA (Health Insurance Portability and Accountability Act) compliance ensures that RabbitSign can handle sensitive healthcare information securely, while SOC 2 (Service Organization Control 2) compliance focuses on the security, availability, and processing integrity of the platform. ISO 27001 is an international standard for information security management systems, further solidifying RabbitSign's commitment to maintaining a secure and reliable service. By achieving these certifications, RabbitSign demonstrates its dedication to providing a trusted solution for users.

“AWS has been a key partner in ensuring that RabbitSign maintains its current compliance and works towards achieving these additional certifications.”

“It is not just about the money”

Not only is RabbitSign a free e-signature service and operates under a unique business model that prioritizes social good over profits, and Stanley takes a lot of pride in how this set RabbitSign apart from the "big guys":

"The biggest differentiator, I'd say, is that RabbitSign is free, and the other ones aren't. But there's also a difference when it comes to the ultimate goal of the company. Most companies serve the interest of the shareholders, but RabbitSign is specifically created as an activism corporation, which puts social good ahead of profits."

This noble approach has led RabbitSign to commit at least 50% of its earnings to social good initiatives. Stanley's vision “isn't just about making money” - he aims to provide a valuable service that benefits people, and that's why he's been pursuing compliance frameworks:

"Getting an e-signing service compliant with these regulations is ridiculously expensive, costing thousands of dollars. We can make a real difference by offering a compliant solution for free."

Stanley acknowledges that, at some point, RabbitSign might need to adopt a "freemium" model to sustain the business and invest in marketing. However, he's committed to ensuring that the platform's basic standard features remain free and continue to offer more than what most competitors provide in their lowest-paid tier.

RabbitSign is poised to keep hopping forward

RabbitSign has made strides since its inception. Stanley’s zest for modern serverless architecture, commitment to compliance, and dedication to social good set RabbitSign apart from its competitors. As Stanley continues to expand RabbitSign's offerings and explore new compliance certifications like SOC 2 and ISO 27001, he remains steadfast in his mission to provide an accessible, affordable, and secure e-signature solution for all. With a strong foundation and a clear vision for the future, RabbitSign is poised for even greater success and impact in the years to come.