DocSign
Trust & compliance

How we protect signatures and your data

DocSign is built for teams that need a clear signing flow, strong technical safeguards, and documentation they can stand behind—where applicable law allows.

Get started for freeRead our policies
eIDAS-ready
AES-256
GDPR
Audit trail
AES-256
Audit trail
eIDAS-ready

TLS + AES-256·GDPR aligned·Audit trail per envelope·Certificate of Completion

At a glance

Security and compliance built into every envelope

Explore each pillar below, then read the full detail for legal, security, and procurement reviewers.

eIDAS-ready workflows

Run SES-oriented flows in the browser with clear signer authentication and consent—aligned with counsel for higher-assurance needs.

Learn more

AES-256 encryption

TLS in transit and AES-256-oriented practices at rest, scoped to workspaces and role-aware permissions.

Learn more

GDPR-aligned practices

Purpose limitation, retention aligned to your settings, and clear channels for data subject requests.

Learn more

Verifiable e-signatures

Rich audit trail on every envelope: opens, field completions, and completion signals you can rely on.

Learn more

Certificate of Completion

Download a summary of parties, timestamps, and milestones alongside the signed PDF for your records.

Learn more

Built for legal teams

Standardise intake, engagement letters, and closing packets with templates and traceability built in.

Learn more

eIDAS-ready workflows

European regulation (eIDAS) defines categories of electronic signatures. DocSign is designed so you can run simple electronic signature (SES) flows in the browser: signers authenticate, consent is recorded, and the completed document reflects who signed and when. Whether a given signature meets a specific eIDAS level for your use case depends on how you configure the process, the document, and the law that applies to you—we encourage you to align with counsel where high-assurance or qualified signatures are required.

AES-256 encryption

Data in transit is protected with TLS (HTTPS). Stored assets and sensitive fields are handled with AES-256 oriented encryption practices so files and metadata are not left readable at rest. Access is scoped to authenticated workspaces and role-aware permissions, reducing exposure inside your organisation.

GDPR-aligned practices

Where the GDPR applies, we treat personal data in signing flows (names, emails, audit events) with purpose limitation and retention aligned to your workspace settings and our Privacy Policy. You can exercise access, rectification, erasure, and portability requests via privacy@docsign.app. Enterprise customers can formalise processing with a Data Processing Agreement on request.

Verifiable e-signatures

Each signing request carries an audit trail: who opened the envelope, when fields were completed, IP and user-agent signals where collected, and when the envelope finished. The output PDF is intended to remain tamper-evidentfor ordinary business review. For cryptographic PDF verification inside a dedicated viewer, follow your organisation's forensic or legal process; DocSign focuses on practical traceability for day-to-day operations.

Certificate of Completion

When all signers finish, DocSign can surface a Certificate of Completion summarising the envelope: parties, timestamps, and key audit milestones. Download it alongside the signed PDF as a compact record for compliance or dispute readiness. It is an operational summary—not a court judgment; weight in legal proceedings still depends on jurisdiction and evidence rules.

Binding terms are in our Terms of Use and Privacy Policy.

See it in your next envelope

Create a workspace, send a test document, and review the audit trail and completion output yourself.

Get started for freeTalk to sales