Security

Secure Cloud Service

As we started our journey as an open-source solution, our primary goal was to make document signing simple and accessible. Launching a cloud-hosted document signing service was a strategic decision, and we’re dedicated to maintaining the highest standards of data security and privacy across all our services. DocuSeal Cloud services

SOC 2

DocuSeal Cloud services are SOC 2 compliant. Contact support@docuseal.com to request the SOC 2 Type II report.

HIPAA

DocuSeal meets all security requirements related to HIPAA compliance for its Cloud services and has been reviewed by a third-party compliance provider.

HIPAA compliance is not enabled by default for new accounts. Please contact support@docuseal.com to sign the BAA and enter the HIPAA compliant eSignature Cloud.

Network Security

We use HTTPS (Hypertext Transfer Protocol Secure) on our services at all times. HTTPS ensures that any data exchanged between your browser and our servers is encrypted, safeguarding your sensitive information from potential threats like eavesdropping and tampering.

Data and Storage

At DocuSeal, we leverage AWS for database and cloud storage, adhering to best practices for securely storing customer data. Database access is restricted to a private application network, ensuring heightened security measures.

Document download URLs are both expirable and protected with signatures, helping to prevent unauthorized access to the documents. For API users, we offer an option to enforce API token authorization for file downloads as an extra security measure for all the documents stored on the service.

Also, we’ve implemented industry-standard practices such as hashing passwords and encrypting API keys and credentials. Hashing passwords ensures that your passwords remain securely stored as irreversible, unique strings, safeguarding your account from unauthorized access. Additionally, encrypting API keys and credentials adds an extra layer of protection, preventing unauthorized parties from intercepting and exploiting sensitive information.

System Reliability

Powered by AWS, our SaaS platform utilizes the industry best high-availability and fault-resistant solutions. At the heart of our commitment to reliability lies our goal of maintaining a 99.99% availability across all our cloud services. Through meticulous planning, redundant infrastructure, and continuous monitoring, we strive to uphold this high bar, ensuring that your business operations remain uninterrupted and your data remains accessible whenever you need it.

Disaster Recovery

We implement a disaster recovery plan to outline meticulous steps to maintain uninterrupted service. Regular testing of scenarios and continual refinement of methodologies reinforce our commitment to providing customers with reliable access to our service. Additionally, we implement a robust backup system to safeguard customers’ data.

Monitoring

We implement ongoing monitoring of the logs and network traffic, which helps to detect and respond to potential security incidents.

Multi-factor Authentication

We implement a Multi-factor Authentication (MFA) on our platform. By requiring an additional verification step beyond just a password, MFA adds an extra layer of security to prevent unauthorized access and keep your data safe.

SAML SSO

For Pro and Enterprise customers we offer a secure Single Sign-On solution. By centralizing authentication through trusted identity providers, SAML SSO minimizes the risk of unauthorized access and password theft.

Employee Training & Security Awareness

Employee training and security awareness programs help us reduce the likelihood of human error and ensure that customer data is stored securely. All new hires are required to complete these programs as part of their onboarding process, emphasizing the importance we place on their understanding and adherence to our security commitments.

Penetration Testing & Vulnerability Report

DocuSeal Pro software has undergone a penetration test, also we work with ethical hackers to find vulnerabilities and improve the security of our services. You can report vulnerabilities by emailing us at security@docuseal.com.

You can find more information on vulnerability reporting here: https://github.com/docusealco/docuseal/blob/master/SECURITY.md

On-premises

We’ve created DocuSeal as a self-hosted solution available in open-source, Pro, and Enterprise versions, offering the means to securely store sensitive data within on-premises environments.

With on-premises hosting, our customers maintain full control over their data. This enables our customers to implement stringent access controls that ensure sensitive data remains within the physical or virtual boundaries of their organization.

For industries subject to strict regulatory requirements regarding data privacy and security, hosting data on-premises enables organizations to directly manage compliance efforts, ensuring adherence to relevant regulations.

With on-premises hosted solutions, customers gain full control and responsibility over their data without third parties being involved, including DocuSeal.