Last updated on December 15th, 2016.
- The Information We Collect
- How We Use the Information We Collect and How We Collect it
- How We Share Information
- Online Analytics and Tailored Online Advertising
- Data Retention, Accessing Your Information, and Closing Your Account
- Email and Direct Marketing Choices
- How we Protect Your Information
- Linked Sites and Services
- Users From Outside the United States
- Children’s Privacy
- Your California Privacy Rights
- Changes to this Policy
- How to Contact Us
1. The Information We Collect and How We Collect it.
To provide the Services, we need to know certain information about you and other users with whom you interact. The types of information we collect depends on how you use the Services. Several categories of information are collected from you, as described below.
A. Information Provided by You
Information that you may provide to us includes, but is not limited to:
- email addresses
- mailing address
- phone number
- billing information
For example, we may collect information from you when you:
- Log in or create an account
- Start, sign or review an electronic document (“eDocument”)
- Use the third-party payment solutions we support
- Create or edit your user profile
- Complete an online form
- Enter a sweepstakes or contest or register for a promotion
- Request certain features (e.g., newsletters, demos, and other products)
- Contact customer support
- Provide a user testimonial
You may also choose to provide the following:
- User-Generated Content. If you choose to comment on our blogs or in our community forums or otherwise volunteer information, you provide us with that information and it may be available to other users and even the public. This means that it can be read, collected, and used by others without our knowledge, including to send unsolicited communications.
- Profile Information. Our Services may allow users to search for other users and view those users’ public profile information (also called your “ID card”). To change the information appearing in your public profile or to make this information private, please visit your account settings.
- Information About Others. You may provide us with information about others when you:
- Create and Send Envelopes. When users create envelopes through our Services and arrange for them to be sent to recipients, they provide information like name and email address of the recipients. When users want additional assurances about the identity of the individual signing their contracts, they may require us to collect some additional information that we use to authenticate recipients before they are able to sign a contract.
- Share Lists & eDocuments or Other Information in a Transaction Room. When users set up a transaction room and share aspects of the room with others, they typically provide names and email addresses for the other participants in the room.
- Refer Friends. When users participate in our referral service to tell a friend about our Services, they will provide a friend’s name and email address. We will send an email to the address provided, inviting the friend to try the Services. DocuSign stores this information for the purposes of sending these emails and tracking the success of our referral program. The individuals who receive these messages can follow the instructions for unsubscribing in the message or contact us at the email address in Section 13 below to request that we remove this information from our database.
The decision to provide us with information is optional; however, if you elect not to provide certain information, you may not be able to access certain content or features available through the Services.
B. Information That Is Collected Automatically
We may automatically collect certain information about your use of the Services, including when you use our websites or apps without logging in.
Device and Usage information. We may collect information about: (i) the computers or devices (including mobile devices) you use to access the Services; and (ii) how you use the Services. Examples of the information that we may automatically collect and analyze include, but are not limited to:
- IP Address, a.k.a. internet protocol address (your point of access to the Internet). IP address can reveal a web user’s general location (city/state/country).
- Location Information, such as the geo-location of your device. If you use our mobile apps, you will be asked to give the apps access to your mobile device’s geolocation data. If you grant such permission, we may collect information about your precise geolocation information (i.e., your real-time geographic location), and may use that information to customize the Services with location-based information and features. If you access the Services through a mobile device and you do not want your device to provide us with location-tracking information, you can withhold permission to access that data or you should be able to turn off the GPS or other location-tracking functions on your device by visiting settings or privacy settings or settings for location services;
- Unique Device Identifiers, such as MAC Address, IDFA, IDFV, IMEI, and Advertising IDs;
- Device Attributes, such as browser types, browser language, and operating system;
- Usage Data, such as information related to the ways in which you interact with the Services, such as: web log data, referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information; and
- Transactional Data relating to the contracts you upload or sign on the Services, such as: envelope metadata, envelope subject, authentication method used, and envelope history.
As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
Cookies and Related Technologies. We use “cookies” and other “tracking” technologies for a variety of purposes. The technologies we may use include, but are not limited to: (i) browser cookies; (ii) web beacons; (iii) tracking pixels; and (iv) local shared objects (“flash cookies”). Our uses of cookies and related technologies include, but are not limited to: storing your username and password; analyzing usage of the Services by collecting the device/usage information discussed above; customizing the Services; and personalizing and delivering the advertising displayed by or within the Services or our emails, as well as advertisements that may be displayed on other sites or mobile applications. As we adopt additional technologies, we may also gather additional information through other methods.
C. Information from Other Sources
We may obtain information about you from other sources such as marketers, partners, affiliates (e.g. entities under common ownership or control with DocuSign), researchers, and others where they are legally permitted to share such information with us. For example, if you register for DocuSign on another website or use a website that facilitates your activity on DocuSign, that website may provide information about you and your transactions to us.
2. How We Use the Information We Collect.
In general we use the information we collect to provide and administer the Services. More specifically, we might use the information we collect to:
- Provide you with the services and products you have requested, such as to create and maintain audit trails of activity associated with any particular eDocument or to generate and maintain certificates of completion for completed transactions;
- Send you records regarding our relationship and transactions or notifications of activity through different channels, such as email or push notifications;
- Notify you about new features, products, and special events;
- Provide you with newsletters or marketing communications about our products and services as well as third party products and services we think may be of interest to you;
- Administer sweepstakes and contests;
- Personalize and deliver content and advertising on the Services;
- Test changes and develop new features, products and services;
- Generate and review data and reports describing our user base and usage patterns;
- Analyze the accuracy, effectiveness, usability, or popularity of the Services and perform research;
- Verify your identity, deter and prevent fraud, and enforce the legal terms that govern your use of the Services; and
- Resolve disputes and troubleshoot the Services.
3. How We Share Information.
- Recipients Designated by You or Associated With Your Account.
- Other Users.
- If you invite other users to access, use, or edit content you create through the Services (for example, if you invite others to view or sign an eDocument or to participate in a Transaction Room), we will make such content available to the individuals you invite.
- If you are an authorized user of an account, the account subscriber or person who controls the account (e.g. administrator) will have access to information describing your use of the Services.
- Third Parties.
- If you make a payment to another user within the Services, we will share your payment method details with the third-party payment processor you select.
- Other Users.
- Service Providers. We may share your information with third parties that we refer to as service providers to assist us in providing services to you. For example, we might use these third parties to provide search technology, advertising services, authentication systems, bill collection and fulfillment, fraud detection, customer support, and recruiting. Our contracts with service providers contain terms governing their use of your data.
- Business Transactions. As we develop our business, we may sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets or the assets disclosed in connection with the due diligence for any such transaction. If DocuSign is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our websites of any change in ownership or uses of your information, as well as any choices you may have regarding your information.
- Consent. We may share your information in other ways and for new purposes if you have asked us to do so or have consented to such sharing. For example, we post customer testimonials on our Services that may identify you if we have received your consent.
4. Online Analytics and Tailored Online Advertising
We may use third-party web analytics services on our Services, such as those of Google Analytics and Mixpanel. These providers use cookie-related technologies (described in the “Information that is Collected Automatically” section above) to help us analyze how users use the Services, including by noting the third-party website from which you arrive. The information collected will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser by clicking here, and you may also use Mixpanel’s opt out by clicking here.
Tailored Online Advertising.
If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer or mobile browser to deliver tailored advertising (i.e., not just for the Services), you may visit the following pages/sites to learn more and opt-out of receiving tailored advertising from companies that participate in those programs.
- Network Advertising Initiative’s Consumer Opt-Out Link
- Digital Advertising Alliance’s Consumer Opt-Out Link
- TRUSTe’s Advertising Choices
To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page.
Please note that to the extent advertising technology is integrated into the Services, you may still receive advertising content even if you opt-out of tailored advertising. In that case, the advertising content will just not be tailored to your interests. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
When accessing the Services from a mobile application you may also receive tailored in-application advertisements. Each operating system - iOS, Android and Windows Phone - provides its own instructions on how to prevent the delivery of tailored in-application advertisements. You may review the support materials and/or the privacy settings for the respective operating systems in order to opt-out of tailored in-application advertisements. For any other devices and/or operating systems, please visit the privacy settings for the applicable device or operating system or contact the applicable platform operator.
California Do Not Track Disclosure. We are committed to providing you with meaningful choices about the information collected on our Services for third party purposes, and that is why we provide above the NAI “Consumer Opt-out” link, DAA opt-out link, our dispute resolution provider’s opt-out link, and Google opt-out link. However, we do not recognize or respond to browser-initiated Do Not Track signals, as the Internet industry is currently still working on Do Not Track standards, implementations and solutions.
5. Data Retention, Accessing Your Information, and Closing Your Account.
Data Retention. We will retain your information for as long as your account is active or as necessary for legitimate business purposes.
Reviewing and Updating Your Account. We offer you the ability to access, review and change information associated with your account (such as your profile information, password, billing information, and user preferences) by logging into the Services and visiting your Profile. You can also make a request to modify information that cannot be amended or deleted through the Services by contacting us using the contact information below in Section 13. We will take reasonable steps to permit you to modify or delete information that is inaccurate or incomplete, in accordance with applicable laws.
Closing Your Account. If you wish to close your account, please visit your account settings. Upon your request, we will close your account, and delete your contact information, billing information, and shipping information from our active databases. You may also request to close your account by emailing us at the contact information provided below in Section 13. Your account will be closed as soon as reasonably possible based on your account activity and in accordance with applicable law. However, please note that even after you close your account, we may retain and use certain of your information (such as information regarding transactions made through our Services) where permitted by law to prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigations, enforce our user agreements and terms, and comply with legal requirements. If you have shared content or information through our Services with other users, such content or information may still be available to those other users if they have not also deleted it or closed their accounts.
Information We Collect & Process on Behalf of Subscribers. When our subscribers use our Services, we may process and store personal information on their behalf as a data processor. For example, in DocuSign Signature when a subscriber (or the subscriber’s authorized users) upload documents, contracts or signatures, we will act primarily as a data processor and process such information on the subscriber's behalf and in accordance with their instructions. In those instances, the subscriber as the data controller, is responsible for most aspects of the collection and use of the information. If you have any questions or concerns about how personal information is handled in these cases, you may wish to contact the subscriber directly, or refer to their privacy policies.
6. Email and Direct Marketing Choices.
We provide opt-out information in all commercial email messages we send via an “unsubscribe” link. We reserve the right to send one message confirming your opt-out from a messaging program. Please note that it may take us some time to process your requests consistent with applicable law. You do not have the ability to opt-out of transactional or relationship messages (e.g., signing notifications or account notifications) that we send if you are a registered user of our Services or if you have engaged in transactions with us. To opt out of other direct marketing from us, please contact us using the email below in Section 13.
7. How We Protect Your Information
8. Linked Sites and Services.
9. Users From Outside the United States.
If you are established in Switzerland and the European Economic Area ("EEA"), you understand and acknowledge that DocuSign may transfer your Personal Data outside of Switzerland and the EEA for processing. Upon your explicit written request, DocuSign may execute Standard Contractual Clauses approved by the European Commission for the benefit of the Customer ("Customer SCCs") in order to ensure adequate protection for the Personal Data in accordance with the requirements of Articles 25 and 26 of the EU Data Protection Directive. You acknowledge that DocuSign has applied for Binding Corporate Rules ("BCRs") for Processors and that, with effect from the date that DocuSign's BCRs are approved by the competent data protection authority and upon notice from DocuSign, all personal data transfers resulting from the use of DocuSign Signature made by or to DocuSign from Switzerland and the EEA shall be conducted under, and in full compliance with, DocuSign's BCRs and any applicable Customer SCCs shall immediately terminate. The terms “Personal Data”, “Process/Processing”, “Controller”, “Processor”, “Subprocessor”, and “Data Subject” will have the meanings ascribed to them in the EU Data Protection Directive.
10. Children’s Privacy.
The Services are not designed for and are not marketed to minors. We do not knowingly collect or solicit personal information from minors, and we do not knowingly allow such persons to use the Services. If you are a minor, please do not attempt to use the Services or send any information about yourself to us. In the event that we learn that we have collected personal information from a minor without verified parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a minor, please contact us using the contact information below.
11. Your California Privacy Rights.
California law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. As discussed above, we do not currently share personal information with third parties for their own marketing purposes.
13. How to Contact Us.