Skip to main content

Binding Corporate Rules

OverviewController PolicyProcessor Policy

Subprocessor List

Last updated: November 14, 2023

Note: Capitalized terms used in this section are as defined or referenced in the Binding Corporate Rules (BCRs) and other applicable privacy terms in effect between DocuSign and its customers. 


DocuSign uses certain infrastructure subprocessors, platform subprocessors and customer success subprocessors to provide services to its customers. It should be noted the applicability of these subprocessors is dependent upon one or more of the following: data center location, the services purchased and service specific features as further described below:

  • Data Center Locations 

    • Example: Customer accounts provisioned in the EU will use all EU infrastructure subprocessors (for example, Azure and Equinix) 

  • The services purchased 

    • Example: SMS authentication feature, which is included in the Business Pro plan, requires the use of platform subprocessors

  • Service specific features 

    • Example: Customer use cases that utilize SMS authentication will necessitate the use of platform subprocessors (TeleSign, Vonage, Prove, Sinch AB) 

Trust Service Provider and Identity Verification Services:

  • As defined under Regulation (EU) No 910/2014 (eIDAS), a Trust Services Provider is: “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider."

DocuSign France SAS operates as a Qualified Trust Service Provider for the EU, under the supervision of the French supervisory body ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) and adheres to a strict set of requirements that ensure the validity and security of the certificates, keys and signatures that are the foundation of these services.

DocuSign also engages additional subprocessors to provide identification and authentication mechanisms in order to support services offering AES and QES. 

  • In addition, DocuSign engages a number of additional subprocessors to provide identity verification in relation to our services (such as DocuSign Notary) and optional features (such as ID Verification).  

Identity verification enables a customer's ID documents to be authenticated digitally and in real-time, whether the user is in-person or remote. 

A full list of our Trust Service Provider and Identity Verification subprocessors is further described below in the Service Platform Subprocessors and Trust Service Provider sections. 

DocuSign Group Members:

Where Docusign or a member of the DocuSign Group, bound by the BCRs or other transfer safeguard, such as the EU Standard Contractual Clauses, subcontracts any processing or obligations under a service agreement (with the authorization of the customer), we do so under written agreement that ensures adequate data protection is provided as set out in the BCRs or other transfer safeguard and Master Services Agreement between DocuSign and its customer.  In addition, DocuSign requires all subprocessors to implement appropriate safeguards (including applicable standard data protection clauses) and sufficient guarantees to implement appropriate technical and organizational security measures in such a manner that processing will meet the requirements of DocuSign’s BCR or other transfer safeguard obligations.

DocuSign Group Members

DocuSign Group Members that may offer account management and /or technical support for the applicable DocuSign Services are bound by DocuSign’s Binding Corporate Rules.

Note: Even though not all DocuSign products are sold in all geographic regions, an authorized employee from any DocuSign Group Member in any region, could access some limited Personal Information for support purposes. This is due to the fact that DocuSign uses a ‘follow the sun’ model in relation to technical support and, therefore, it is possible that should a customer require technical support, depending on the time of day, such support may be provided by an authorized employee from any of the DocuSign Group Member entities. Note further that the Personal Information accessible by such employees will not include the contents of the actual eDocuments. Customer eDocuments are always stored in the region of the account that sent the eDocuments through the DocuSign Service. For more information please see our Data management and privacy practices for DocuSign eSignature and  Data Residency pages. 

DOCU Group Member

Country location(s)

Applicable Service(s)

DocuSign, Inc.

United States


DocuSign France SAS



DocuSign Brasil Soluções Em Tecnologia Ltda. (formerly,



DocuSign Israel Ltd



Seal Software Egypt LLC



DocuSign International (EMEA) Limited



DocuSign Japan KK



DocuSign International, Inc.

United States


DocuSign UK Limited

United Kingdom


DocuSign Canada Ltd.



DocuSign Germany GmbH



Contract Analytics Development Sweden AB



DocuSign Mexico, S. de R.L de C.V.



Liveoak Technologies, Inc.

United States


Seal Software Norway AS



DocuSign International (Asia-Pacific) Private Limited



SpringCM, Inc.

United States


Seal Software Inc.

United States


DocuSign Italy S.r.l.



DocuSign Netherlands B.V.



DocuSign Spain, S.L.U.



DocuSign will make updates to the subprocessor lists via this website. Below are two options for subscribing to updates to the subprocessor lists at

  1. Add an RSS reader extension to your browser (Chrome, Firefox)

  2. Enable via Outlook on a PC

Objecting to a subprocessor

You may object to a subprocessor by submitting your objection by email to with subject line “Subprocessor Objection,” along with your name, your company’s name, name of the DocuSign Service, name of the subprocessor and grounds for objection (see the Processor Policy for objective justifiable grounds) unless otherwise provided for in your service agreement with DocuSign which terms control.

List of Subprocessors

To access DocuSign’s Subprocessor List, please click here.