As we started our journey as an open-source solution, our primary goal was to make document signing simple and accessible. Launching a cloud-hosted document signing service was a strategic decision, and we’re dedicated to maintaining the highest standards of data security and privacy across all our services.
We use HTTPS (Hypertext Transfer Protocol Secure) on our services at all times. HTTPS ensures that any data exchanged between your browser and our servers is encrypted, safeguarding your sensitive information from potential threats like eavesdropping and tampering.
At DocuSeal, we leverage AWS for database and cloud storage, adhering to best practices for securely storing customer data. Database access is restricted to a private application network, ensuring heightened security measures.
Document download URLs are both expirable and protected with signatures, helping to prevent unauthorized access to the documents. For API users, we offer an option to enforce API token authorization for file downloads as an extra security measure for all the documents stored on the service.
Also, we’ve implemented industry-standard practices such as hashing passwords and encrypting API keys and credentials. Hashing passwords ensures that your passwords remain securely stored as irreversible, unique strings, safeguarding your account from unauthorized access. Additionally, encrypting API keys and credentials adds an extra layer of protection, preventing unauthorized parties from intercepting and exploiting sensitive information.
Powered by AWS, our SaaS platform utilizes the industry best high-availability and fault-resistant solutions. At the heart of our commitment to reliability lies our goal of maintaining a 99.99% availability across all our cloud services. Through meticulous planning, redundant infrastructure, and continuous monitoring, we strive to uphold this high bar, ensuring that your business operations remain uninterrupted and your data remains accessible whenever you need it.
We implement a disaster recovery plan to outline meticulous steps to maintain uninterrupted service. Regular testing of scenarios and continual refinement of methodologies reinforce our commitment to providing customers with reliable access to our service. Additionally, we implement a robust backup system to safeguard customers’ data.
We implement ongoing monitoring of the logs and network traffic, which helps to detect and respond to potential security incidents.
We implement a Multi-factor Authentication (MFA) on our platform. By requiring an additional verification step beyond just a password, MFA adds an extra layer of security to prevent unauthorized access and keep your data safe.
For Pro and Enterprise customers we offer a secure Single Sign-On solution. By centralizing authentication through trusted identity providers, SAML SSO minimizes the risk of unauthorized access and password theft.
Employee training and security awareness programs help us reduce the likelihood of human error and ensure that customer data is stored securely. All new hires are required to complete these programs as part of their onboarding process, emphasizing the importance we place on their understanding and adherence to our security commitments.
We’ve undergone a penetration test and work with ethical hackers to find vulnerabilities and improve the security of our services. You can report vulnerabilities by emailing us at security@docuseal.co.
You can find more information on vulnerability reporting here: https://github.com/docusealco/docuseal/blob/master/SECURITY.md
We’ve created DocuSeal as a self-hosted solution available in open-source, Pro, and Enterprise versions, offering the means to securely store sensitive data within on-premises environments.
With on-premises hosting, our customers maintain full control over their data. This enables our customers to implement stringent access controls that ensure sensitive data remains within the physical or virtual boundaries of their organization.
For industries subject to strict regulatory requirements regarding data privacy and security, hosting data on-premises enables organizations to directly manage compliance efforts, ensuring adherence to relevant regulations.
With on-premises hosted solutions, customers gain full control and responsibility over their data without third parties being involved, including DocuSeal.