Skip to main content

Binding Corporate Rules

OverviewController PolicyProcessor Policy

Subprocessor List

Last updated: November 14, 2023

Note: Capitalized terms used in this section are as defined or referenced in the Binding Corporate Rules (BCRs) and other applicable privacy terms in effect between DocuSign and its customers. 

General:

DocuSign uses certain infrastructure subprocessors, platform subprocessors and customer success subprocessors to provide services to its customers. It should be noted the applicability of these subprocessors is dependent upon one or more of the following: data center location, the services purchased and service specific features as further described below:

  • Data Center Locations 

    • Example: Customer accounts provisioned in the EU will use all EU infrastructure subprocessors (for example, Azure and Equinix) 

  • The services purchased 

    • Example: SMS authentication feature, which is included in the Business Pro plan, requires the use of platform subprocessors

  • Service specific features 

    • Example: Customer use cases that utilize SMS authentication will necessitate the use of platform subprocessors (TeleSign, Vonage, Prove, Sinch AB) 

Trust Service Provider and Identity Verification Services:

  • As defined under Regulation (EU) No 910/2014 (eIDAS), a Trust Services Provider is: “a natural or a legal person who provides one or more trust services either as a qualified or as a non-qualified trust service provider."

DocuSign France SAS operates as a Qualified Trust Service Provider for the EU, under the supervision of the French supervisory body ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) and adheres to a strict set of requirements that ensure the validity and security of the certificates, keys and signatures that are the foundation of these services.

DocuSign also engages additional subprocessors to provide identification and authentication mechanisms in order to support services offering AES and QES. 

  • In addition, DocuSign engages a number of additional subprocessors to provide identity verification in relation to our services (such as DocuSign Notary) and optional features (such as ID Verification).  

Identity verification enables a customer's ID documents to be authenticated digitally and in real-time, whether the user is in-person or remote. 

A full list of our Trust Service Provider and Identity Verification subprocessors is further described below in the Service Platform Subprocessors and Trust Service Provider sections. 

DocuSign Group Members:

Where Docusign or a member of the DocuSign Group, bound by the BCRs or other transfer safeguard, such as the EU Standard Contractual Clauses, subcontracts any processing or obligations under a service agreement (with the authorization of the customer), we do so under written agreement that ensures adequate data protection is provided as set out in the BCRs or other transfer safeguard and Master Services Agreement between DocuSign and its customer.  In addition, DocuSign requires all subprocessors to implement appropriate safeguards (including applicable standard data protection clauses) and sufficient guarantees to implement appropriate technical and organizational security measures in such a manner that processing will meet the requirements of DocuSign’s BCR or other transfer safeguard obligations.

DocuSign Group Members

DocuSign Group Members that may offer account management and /or technical support for the applicable DocuSign Services are bound by DocuSign’s Binding Corporate Rules.

Note: Even though not all DocuSign products are sold in all geographic regions, an authorized employee from any DocuSign Group Member in any region, could access some limited Personal Information for support purposes. This is due to the fact that DocuSign uses a ‘follow the sun’ model in relation to technical support and, therefore, it is possible that should a customer require technical support, depending on the time of day, such support may be provided by an authorized employee from any of the DocuSign Group Member entities. Note further that the Personal Information accessible by such employees will not include the contents of the actual eDocuments. Customer eDocuments are always stored in the region of the account that sent the eDocuments through the DocuSign Service. For more information please see our Data management and privacy practices for DocuSign eSignature and  Data Residency pages. 

DOCU Group Member

Country location(s)

Applicable Service(s)

DocuSign, Inc.

United States

All

DocuSign France SAS

France

All

DocuSign Brasil Soluções Em Tecnologia Ltda. (formerly, Comprova.com)

Brazil

All

DocuSign Israel Ltd

Israel

All

Seal Software Egypt LLC

Egypt

All

DocuSign International (EMEA) Limited

Ireland

All

DocuSign Japan KK

Japan

All

DocuSign International, Inc.

United States

All

DocuSign UK Limited

United Kingdom

All

DocuSign Canada Ltd.

Canada

All

DocuSign Germany GmbH

Germany

All

Contract Analytics Development Sweden AB

Sweden

All

DocuSign Mexico, S. de R.L de C.V.

Mexico

All

Liveoak Technologies, Inc.

United States

All

Seal Software Norway AS

Norway

All

DocuSign International (Asia-Pacific) Private Limited

Singapore

All

SpringCM, Inc.

United States

All

Seal Software Inc.

United States

All

DocuSign Italy S.r.l.

Italy

All

DocuSign Netherlands B.V.

Netherlands

All

DocuSign Spain, S.L.U.

Spain

All

DocuSign will make updates to the subprocessor lists via this website. Below are two options for subscribing to updates to the subprocessor lists at https://www.docusign.com/trust/alerts/feed:

  1. Add an RSS reader extension to your browser (Chrome, Firefox)

  2. Enable via Outlook on a PC

Objecting to a subprocessor

You may object to a subprocessor by submitting your objection by email to privacy@docusign.com with subject line “Subprocessor Objection,” along with your name, your company’s name, name of the DocuSign Service, name of the subprocessor and grounds for objection (see the Processor Policy for objective justifiable grounds) unless otherwise provided for in your service agreement with DocuSign which terms control.

List of Subprocessors

To access DocuSign’s Subprocessor List, please click here.