World-class legal protection of eSignatures

DocuSign sets the standard for
world-class legal protection

With presence in 188 countries, you can trust DocuSign meets statutes and regulations around the world, and leads the industry in compliance and enforceability. We provide the most authentication options, a comprehensive digital audit trail and bank-grade security.

• DocuSign was the first company to warrant compliance with the U.S. ESIGN Act, state laws modeled after 1999 UETA and certain key aspects of the UK Electronic Communication Act (2000).
• DocuSign is designed to assist in meeting the requirements for a valid electronic signature under section 10 of the Electronic Transactions Act 1999 (Cth).
• DocuSign is designed for global compliance with key components of the European Directive 1999/93 EC on a Community Framework for Electronic Signatures, including the UK Electronic Communication Act.
• DocuSign fully enforces consumer consent, unique signature adoption and signature process flow provisions.
• DocuSign meets specialized rules from the FDA, FTC FHA, IRS, FINRA, among many others.
• We provide extensive, configurable authentication options to verify the identities of your signers.
• DocuSign offers a court-admissible Certificate of Completion with a comprehensive digital audit trail to confirm the validity of your transactions.
• DocuSign utilises industry leading encryption standards, retention and storage practices and data security, so you can count on the integrity of the data to support the legality of your transactions.

Prove who signed what, when and where they signed it

Most eSignature providers meet the minimum requirements of eSignature statutes, but that is just the beginning. These statutes do not ensure your eSignature provider offers the tools to prove  who signed what, or when and where they signed it. Nor do these statutes verify your eSignature provider  maintains the integrity of your transaction. And these two areas, attribution and record integrity, are where DocuSign differs from other technologies.

DocuSign offers the widest range of advanced authentication methods including:

• Email address
• DocuSign account
• Federated/SSO
• Access code
• SMS
• Phone/Voice
• Social ID
• Third party ID
• Digital Certificates
• Knowledge-Based Authentication
• In-Person Authentication
• Electronic Notary

Our court admissible, digitally signed and tamper sealed Certificate of Completion contains a comprehensive digital audit trail including:

• Signer names
• Authentication history
• Digital signatures
• Email addresses
• Signer IP addresses
• Chain of custody (i.e., sent, viewed, signed, etc.)
• Trusted timestamps
• Geolocation capture of signer (if provided)
• Completion status

Industry leading record integrity

DocuSign offers best in class record integrity with unparalleled hashing and encryption standards, retention and storage practices and data security ensuring the document can only be accessed, read and executed by designated users.

Hashing & encryption standards

Our SHA-1 hashing technology verifies that a document has not been modified and enables you to verify the documents’ integrity. DocuSign also hashes internally to ensure each time a document is accessed, it has not been modified outside our controls. DocuSign’s digital signatures secure documents upon completion with a tamper-evident seal.

Retention & storage practices

DocuSign offers multiple geo-dispersed ISO 27001 and SSAE 16 certified datacenters providing leading security for the retention and security of you documents. All documents are encrypted using the AES-256 standard and 256-bit SSL document transmission to prevent tampering and ensure validity from the moment they enter our system. This ensures that only designated users have access to documents.

Data security

No other digital transaction management company can match the security investments we’ve made. In fact, DocuSign is the only digital transaction management company that complies with the xDTM standard with a comprehensive bank-grade security program, is ISO 27001 certified across the entire company and internationally, along with other important US, EU, and global certifications.
› Learn more about our bank-grade security

Privacy

DocuSign takes customer privacy very seriously. We take all possible measures to protect your and your customers’ information.

Personally identifiable information

DocuSign ensures that no personally identifiable information (PII) is displayed to users via email or on our website without the recipient successfully identifying himself/herself through one or more of the authentication options.

Access to your documents

We ensure the privacy of your legal documents by encrypting them and enacting internal security policies to ensure no employee, even customer support, can view your sensitive documents.

Privacy regulations

We offer a comprehensive privacy program and comply with global privacy and data protection regulations. DocuSign is Payment Card Industry Data Security Standard (PCI DSS) compliant as both a merchant and a service provider. For additional details, please read our privacy policy.

Continually defining legal and security standards

DocuSign plays a leading role in promoting Digital Transaction Management and eSignature regulation and policy. We’re on the board of the Electronic Signature and Records Association (ESRA) and chair its Public Policy Committee. And we actively advise Federal, State and Local governments on eSignature policy, helping to inform new legislation and regulations.

Note: Please consult your legal advisor if you have any question regarding the legality of eSignature.