Skip to main content

Last updated: April 14, 2026

Docusign is committed to providing customers with transparency and control over the geographic locations for storing, managing, and maintaining their Agreement Data (i.e., a contract, notice, disclosure, or other record or document generated using or deposited into Docusign Services for processing). 

Data residency refers to the physical or geographic location where a customer’s Agreement Data is persistently stored, for the customer’s management and maintenance of such data. The following explains where your data is stored and managed when you use Docusign.

Where does Docusign store my data? Can I choose where?

Docusign stores your Agreement Data in one of five geographically distinct data center regions. Customer service instances are provisioned in the data center region closest to the location where you sign up for a Docusign account (e.g., based on your company billing address). For Web customers, automatic logic based on your location determines your data center region. Each of these regions employs the same technical and organizational security and has the same data protection measures in place.

Customers working with a Docusign representative can choose their preferred data center region when setting up an account. Customers can have multiple accounts, and those accounts can be provisioned to different data center regions. 

Docusign is enhancing its services by moving all transactions from our on-premise servers to the Microsoft Azure cloud for better traffic management, a more agile and resilient system, and faster innovation. This does not impact the residency of your data. See this article for more.

Region

eSign

IAM

CLM

U.S.

Yes

Yes

Yes

Canada

Yes

Yes

No

Europe

Yes

Yes

Yes

Australia

Yes

Yes

Yes

Japan

Yes

Yes

No

Can I change my data center region later?

No, Docusign cannot move customer Agreement Data from one region to another after the initial account provisioning. This is why choosing the correct region at setup, especially when working with a Docusign representative, is critical for meeting your data residency requirements. You can also clone existing accounts to a new region via our Admin API

What data is stored within my data center region?

Docusign securely stores data tied to your eSign and Intelligent Agreement Management (IAM) plans at rest in the data center region where your service instance is provisioned. If you have a Contract Lifecycle Management (CLM) plan, Docusign also stores workflow configurations, documents, and their metadata at rest in the region where your service instance is provisioned.

Is there any data not stored in my data center region?

Yes. Because Docusign is a global service, certain limited data needs to be processed or replicated across regions to ensure a smooth, global user experience. This type of data is called Transaction Data, or information about activity within the service. It may be hashed and copied across multiple secure data center regions to ensure speed, availability, and business continuity.

Examples of Transaction Data include:

  • Sender and signer personal data (e.g., name and email address) used for authentication (logging in).

  • Metadata, such as audit trails (e.g., unique IDs, IP Addresses, and device identifiers). 

Certain customer actions also may lead to limited data processing outside of your designated data center region:

  • Engaging Customer Support: Support personnel from different geographic regions may assist you. They have access to basic Transaction Data to help troubleshoot, but they cannot access your Agreement Data.

  • Authenticating to Docusign: When you log in, your username and password may be redirected to servers outside your region to improve the login experience and reduce latency.

  • Optional Authentication Methods: If you choose third-party authentication methods (e.g., SMS passcodes or knowledge-based authentication), your data may be shared with that third party to complete the process.

  • Third-party Integrations: If you enable an integration with another service, data may be transmitted outside of your region, as determined by that specific third-party provider.

All data transfers are conducted in accordance with Docusign’s Data Protection Attachment and are safeguarded by the security measures detailed below and in the Security Attachment for Docusign Services.

So, what happens to my data when I send or receive an agreement?

When you send a document to a recipient outside your geographic region for a transaction, such as reviewing or signing, the Agreement Data is securely stored only in your data center region.

To enable the transaction, limited personal data, such as the sender and signer’s name and email address, must be transferred to the signer’s location for notification and authentication purposes (so they can be notified and log in to sign).

For example, John Smith, a user of a Docusign account provisioned in the Europe data center region, may initiate an eSignature transaction with recipient Jane Anderson, located in Brazil. Jane will receive a notification containing a link to authenticate, access, and electronically sign the document. Upon Jane signing the document, limited personal data (e.g., username and email address) is sent to John. This limited personal data is also included as part of the transaction’s verifiable audit trail, known as the Certificate of Completion, which records details of the signing event. The Agreement Data itself remains securely stored in the Europe data center region at all times, and only the limited personal data necessary to support notifications, authentication, and the audit trail may be processed outside that region.

Does the GDPR require personal data to stay in the EU?

No, the GDPR does not require personal data of EU data subjects to be stored only within the EU. As described above, limited data may be replicated outside your data region to support the global use of Docusign, using approved EU transfer safeguards. See Privacy and the GDPR for more on how Docusign prioritizes GDPR-compliant processes and is committed to customer privacy.

Do I need to be physically located where the Docusign account’s region is provisioned to access that account?

Customer-authorized users and designated recipients can securely perform Docusign Services transactions from virtually anywhere via an Internet connection to Docusign’s website (www.Docusign.com), aside from certain locations to comply with U.S. sanctions and export controls. For details, see Section 13.5 (Trade Restrictions) of the Docusign Master Services Agreement. All access is secured with industry-standard encryption.

Where can I find more on how my data is managed?

Please see Data Management and Privacy Practices for more information on how data access, retention, privacy, and compliance are handled at Docusign.