Data management and privacy practices

Data deletion and retention

Customers determine their account’s retention policies. For example, in DocuSign eSignature, customers are free to purge their eDocuments at any time and can use the API to verify that a purge has been completed. Once an eDocument or its envelope is purged, it’s also purged on a near real-time basis from the active sites.

Envelope purging is a process to permanently remove documents and their field data from completed and voided envelopes after a specified retention period. If a customer purges the envelopes sent from their account, we retain the audit log data (which includes the Certificate of Completion and history) to support our ability to attest to the details of a transaction. This behavior is viewed by customers as a valuable feature that allows DocuSign to be a neutral record.

Audit log data in DocuSign eSignature may include: 

  • Envelope addressing information, including sender and signer(s)
  • Envelope history
  • Specific envelope information, such as:
    • IP’s
    • Date/time of signing
    • Authentication methods used by recipients

DocuSign provides a feature in DocuSign eSignature, when enabled, that allows customer administrators to redact personal data from the audit log as part of the purge process. More information on the Redact Personal Data feature can be found in the DocuSign Support pages.

For more information about the ways in which DocuSign collects and uses personal data, visit the Privacy Policy.

Data access

The segmentation and systematic encryption (and key escrow management) employed by DocuSign doesn’t allow DocuSign personnel to view or read eDocuments sent through DocuSign eSignature for electronic signature. Only select DocuSign employees (based on role/responsibility) with a demonstrated need to know have access to transactional data surrounding the envelopes. These employees can’t generate or extract reports on the data.

Such transactional data includes:

  • Username, phone number, email address, and address
  • Authentication method
  • Envelope metadata, history, and subject line

DocuSign’s employee logical access authorization chain requires direct manager approval, application/data source owner approval, and, in cases of sensitive applications and data sources, security management approval. Access to critical applications and data sources is removed at employee termination and is reviewed to verify that appropriate and current access levels are maintained. DocuSign is ISO 27001 certified and maintains formal policies and procedures for access control.

DocuSign enforces the “rule of least privilege” and has documented segregation of duties. We also enforce formal logical and account separation of the development, QA, and production environments.

Data subject rights

Individuals in the EU and individuals whose personal data is processed by entities established in the EU have rights to know and determine how their personal data is collected and used, among many other rights. These individuals are defined as “data subjects” under the relevant data protection regulations.

Individuals or their representatives may submit a request using the request form on the DocuSign Support Center.

Subprocessors

We maintain a list of the subprocessors that we employ, including the activities and services performed and their country location.

Privacy notices

Our privacy policy is available at https://www.docusign.com/company/privacy-policy. We’ve also developed internal personal data protection policies that are based on privacy principles gathered from several international privacy regimes, including the General Data Protection Regulation (GDPR).

Training and awareness

We developed annual privacy and security training content that’s mandatory for all employees to complete. These trainings are tracked through our Learning Management System to ensure completion. We also provide periodic privacy and security reinforcements for employees to reinforce data privacy and data security best practices.

Governance and accountability

DocuSign is supported by a Chief Privacy Officer and a group of privacy professionals. IAPP-certified privacy professionals review company activity with data protection implications, assess risk, and make recommendations to reduce risk. Our privacy governance structure has been reviewed and accepted by European data protection authorities as a part of our BCRs approval process.

Privacy by design

Our product and engineering teams collaborate with our privacy group to assess and mitigate potential privacy risks during the various phases of product development, starting at concept, through requirements gathering, and throughout implementation. The collaboration typically includes regular meetings where the teams develop products/services that meet and/or exceed applicable data privacy requirements.

Our privacy professionals assess a variety of activity involving personal data for risk and frequently make recommendations for how to reduce any risks identified.