Last updated: November 14, 2023
Note: Capitalized terms used in this section are as defined or referenced in the Binding Corporate Rules (BCRs) and other applicable privacy terms in effect between DocuSign and its customers.
DocuSign uses certain infrastructure subprocessors, platform subprocessors and customer success subprocessors to provide services to its customers. It should be noted the applicability of these subprocessors is dependent upon one or more of the following: data center location, the services purchased and service specific features as further described below:
Data Center Locations
Example: Customer accounts provisioned in the EU will use all EU infrastructure subprocessors (for example, Azure and Equinix)
The services purchased
Example: SMS authentication feature, which is included in the Business Pro plan, requires the use of platform subprocessors
Service specific features
Example: Customer use cases that utilize SMS authentication will necessitate the use of platform subprocessors (TeleSign, Vonage, Prove, Sinch AB)
Trust Service Provider and Identity Verification Services:
As defined under Regulation (EU) No 910/2014 (eIDAS), a Trust Services Provider is: “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider."
DocuSign France SAS operates as a Qualified Trust Service Provider for the EU, under the supervision of the French supervisory body ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) and adheres to a strict set of requirements that ensure the validity and security of the certificates, keys and signatures that are the foundation of these services.
DocuSign also engages additional subprocessors to provide identification and authentication mechanisms in order to support services offering AES and QES.
In addition, DocuSign engages a number of additional subprocessors to provide identity verification in relation to our services (such as DocuSign Notary) and optional features (such as ID Verification).
Identity verification enables a customer's ID documents to be authenticated digitally and in real-time, whether the user is in-person or remote.
A full list of our Trust Service Provider and Identity Verification subprocessors is further described below in the Service Platform Subprocessors and Trust Service Provider sections.
DocuSign Group Members:
Where Docusign or a member of the DocuSign Group, bound by the BCRs or other transfer safeguard, such as the EU Standard Contractual Clauses, subcontracts any processing or obligations under a service agreement (with the authorization of the customer), we do so under written agreement that ensures adequate data protection is provided as set out in the BCRs or other transfer safeguard and Master Services Agreement between DocuSign and its customer. In addition, DocuSign requires all subprocessors to implement appropriate safeguards (including applicable standard data protection clauses) and sufficient guarantees to implement appropriate technical and organizational security measures in such a manner that processing will meet the requirements of DocuSign’s BCR or other transfer safeguard obligations.
DocuSign Group Members
DocuSign Group Members that may offer account management and /or technical support for the applicable DocuSign Services are bound by DocuSign’s Binding Corporate Rules.
Note: Even though not all DocuSign products are sold in all geographic regions, an authorized employee from any DocuSign Group Member in any region, could access some limited Personal Information for support purposes. This is due to the fact that DocuSign uses a ‘follow the sun’ model in relation to technical support and, therefore, it is possible that should a customer require technical support, depending on the time of day, such support may be provided by an authorized employee from any of the DocuSign Group Member entities. Note further that the Personal Information accessible by such employees will not include the contents of the actual eDocuments. Customer eDocuments are always stored in the region of the account that sent the eDocuments through the DocuSign Service. For more information please see our Data management and privacy practices for DocuSign eSignature and Data Residency pages.
DOCU Group Member
DocuSign France SAS
DocuSign Brasil Soluções Em Tecnologia Ltda. (formerly, Comprova.com)
DocuSign Israel Ltd
Seal Software Egypt LLC
DocuSign International (EMEA) Limited
DocuSign Japan KK
DocuSign International, Inc.
DocuSign UK Limited
DocuSign Canada Ltd.
DocuSign Germany GmbH
Contract Analytics Development Sweden AB
DocuSign Mexico, S. de R.L de C.V.
Liveoak Technologies, Inc.
Seal Software Norway AS
DocuSign International (Asia-Pacific) Private Limited
Seal Software Inc.
DocuSign Italy S.r.l.
DocuSign Netherlands B.V.
DocuSign Spain, S.L.U.
DocuSign will make updates to the subprocessor lists via this website. Below are two options for subscribing to updates to the subprocessor lists at https://www.docusign.com/trust/alerts/feed:
Objecting to a subprocessor
You may object to a subprocessor by submitting your objection by email to email@example.com with subject line “Subprocessor Objection,” along with your name, your company’s name, name of the DocuSign Service, name of the subprocessor and grounds for objection (see the Processor Policy for objective justifiable grounds) unless otherwise provided for in your service agreement with DocuSign which terms control.
List of Subprocessors
To access DocuSign’s Subprocessor List, please click here.