Security & Compliance

Every signature is backed by security and compliance controls, so your documents stay protected and can withstand legal scrutiny.

United States

What is UETA and the ESIGN Act?

The Uniform Electronic Transactions Act (UETA) and the Electronic Signature in Global and National Commerce Act (ESIGN Act) are pivotal U.S. laws that establish the legal validity of electronic signatures and records. Both statutes ensure that electronic documents and signatures are as legally binding as their traditional counterparts.

  • Legal Validity: Electronic signatures and records are considered legally valid and have the same legal status as handwritten signatures and paper documents, ensuring that contracts and agreements formed electronically are enforceable.
  • Electronic Records: Electronic records are deemed to be in writing and are legally recognized, satisfying the requirement for a written document.
  • Consumer Consent: Parties involved in electronic transactions must consent to conduct the transaction electronically. However, consent cannot be denied solely on the grounds that it is in electronic form.
  • Record Retention: UETA establishes guidelines for the retention of electronic records to ensure that they remain accessible and accurate for future reference.
How DocuSeal complies

Authentication

Signers are authenticated via email or SMS, ensuring the validity and trustworthiness of electronic signatures.

Record Retention

All digital records are securely stored enabling easy access and retrieval when necessary.

Audit Trail

An audit trail is maintained, featuring comprehensive logs through the entire signing process.

European Union

What is eIDAS?

The Electronic Identification, Authentication and Trust Services (eIDAS) regulation is an EU initiative that standardizes electronic identification and trust services for electronic transactions. It ensures that electronic interactions between businesses, citizens, and public authorities are secure, seamless, and have legal standing.

eIDAS defines three levels of electronic signature, each with a different degree of security and legal weight:

  • Simple Electronic Signature (SES): The entry level, suitable for everyday agreements where a straightforward electronic signature is enough to capture intent.
  • Advanced Electronic Signature (AES): Uniquely linked to and capable of identifying the signer, created with signature data kept under the signer's sole control, and tied to the document.
  • Qualified Electronic Signature (QES): The highest level, backed by a qualified certificate from a Qualified Trust Service Provider, giving the signature the same legal status as a handwritten one across the EU.
How DocuSeal complies

Signer Intent

The signing intent is linked to the signer identity and ensures that the signer willingly participates in the transaction.

Data Integrity

The signature is linked to the signed data in such a way that any subsequent changes to the data can be detected.

Safe Transactions

Online transactions are secure and legally recognized under the eIDAS signature standards.

DocuSeal implements all three eIDAS levels. Simple electronic signatures are included by default, while Advanced (AES) and Qualified (QES) signatures are available at an additional cost per signature through the Qualified Trust Service Providers we partner with. Learn more

European Union

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation introduced by the European Union to protect the privacy and personal data of its citizens. It sets forth guidelines for the collection, processing, and storage of personal data and emphasizes transparency, security, and accountability by businesses.

How DocuSeal complies

Servers in the EU

All user data on docuseal.eu is stored exclusively on servers located within the European Union.

No Data Sharing

We never share or transfer user data to third parties for marketing or analytics purposes.

Do Not Track

Privacy is prioritized at all times. Only the data required by the digital signature process is collected.

United States

What is 21 CFR Part 11?

21 CFR Part 11 is a set of regulations established by the U.S. Food and Drug Administration (FDA) that define when electronic records and electronic signatures are considered trustworthy, reliable, and equivalent to paper records and handwritten signatures. These regulations ensure that electronic documents are secure, authenticated, and stored with integrity.

  • System Validation: Systems managing electronic records must be validated to ensure accuracy, reliability, and consistent performance.
  • Audit Trails: Secure, computer-generated, time-stamped audit trails record all modifications made to electronic records.
  • Electronic Signatures: Electronic signatures must be unique to each individual and verified to ensure their authenticity.
  • Record Retention: Electronic records must be stored and retrievable in a compliant format for the required retention period.
How DocuSeal complies

Identity Verification

Signatures are linked to verified user identities through strong authentication.

Audit Logging

Comprehensive, time-stamped logs capture every action taken on a document.

Secure Records

Records are stored and managed securely to maintain integrity over time.

Independent audit

SOC 2 Certification

DocuSeal implement SOC 2 security standard to protect your data from unauthorized access. We ensure data availability through a robust infrastructure and continuous monitoring. We've also undergone an independent audit, documented in our SOC 2 Type II report.

Security

Access controls and monitoring guard against unauthorized access.

Availability

Robust infrastructure keeps your documents reachable.

Confidentiality

Strict controls maintain confidentiality of your data.

Learn More
International standard

ISO 27001 Certification

DocuSeal is ISO 27001 certified, meeting strict international standards for information security management. Our Information Security Management System (ISMS) is built on systematic risk assessment, documented controls, and continual improvement to keep your data protected at every level.

Risk Management

Systematic risk assessments identify, evaluate, and mitigate information security threats.

ISMS Controls

A documented Information Security Management System governs how data is handled and protected.

Regular Audits

Regular internal audits and management reviews keep security controls effective over time.

Learn More
Healthcare

HIPAA Compliance

DocuSeal complies with HIPAA, the U.S. federal law that governs the privacy and security of Protected Health Information (PHI). We use advanced encryption and strict access controls to safeguard patient data. Regular staff training and updated policies ensure ongoing privacy and security. Contact us to enter a Business Associate Agreement (BAA).

Encryption

Advanced encryption safeguards Protected Health Information.

Access controls

Strict controls limit who can reach patient data.

Training

Regular staff training and updated policies maintain privacy.

Learn More

Security and compliance
for your documents

Meeting these regulations and certifications reflects our commitment to the utmost security and compliance in every electronic transaction.

UETA eIDAS GDPR 21 CFR Part 11 SOC 2 ISO 27001 HIPAA