DocuSigner
Back to Advanced Topics
Data Security & Privacy
Learn about DocuSigner's commitment to protecting your data and ensuring user privacy.

At DocuSigner, the security of your documents and the privacy of your personal information are of utmost importance. This guide outlines our conceptual approach to data security and privacy within the platform.

Document Security

We aim to implement robust measures to protect your documents throughout their lifecycle:

  • Encryption: Conceptually, documents would be encrypted both in transit (using HTTPS/TLS) and at rest (using strong encryption algorithms like AES-256) when stored on our servers.
  • Access Controls: Only authorized users (sender and designated participants) would have access to documents. Granular permissions would control who can view, sign, or manage documents.
  • Secure Storage: Documents would be stored in secure, reputable cloud infrastructure with physical and digital safeguards.
  • Tamper Evidence: Mechanisms would be in place (e.g., cryptographic hashing, secure audit trails) to ensure document integrity and detect any unauthorized modifications after signing.

User Privacy

We are committed to respecting your privacy and handling your personal information responsibly:

  • Data Minimization: We would aim to collect only the personal information necessary to provide and improve our services.
  • Transparency: Our Privacy Policy details what information we collect, how we use it, and with whom we might share it.
  • User Control: You would have control over your profile information and preferences.
  • Compliance with Regulations: We would strive to comply with applicable data protection laws and regulations (e.g., GDPR, CCPA) in relevant jurisdictions.

Account Security

Protecting your DocuSigner account is a shared responsibility:

  • Strong Passwords: We enforce minimum password complexity and encourage users to create strong, unique passwords.
  • Secure Authentication: The login process uses secure authentication mechanisms provided by Firebase Authentication.
  • Email Verification: Email addresses are verified during account setup to confirm ownership.
  • Session Management: Secure session management techniques would be used to protect active user sessions.
  • Two-Factor Authentication (Conceptual Future): We envision implementing 2FA/MFA for an added layer of account security.

Firebase Security

DocuSigner leverages Firebase for authentication and, conceptually, for backend services. Firebase provides its own robust security infrastructure, including:

  • Secure user authentication and identity management.
  • Security rules for database access control (e.g., Firestore/Realtime Database).
  • Infrastructure designed to protect against common web vulnerabilities.

For more details, you can refer to Firebase's own security documentation.

Your Responsibilities:

  • Create a strong, unique password and keep it confidential.
  • Be cautious of phishing attempts and only log in through the official DocuSigner website or app.
  • Ensure the security of the devices you use to access DocuSigner.
  • Review your account settings and notifications regularly.

While DocuSigner is a prototype, these principles guide our conceptual approach to ensuring a secure and private experience for all users. For specific details on data handling, always refer to our official Privacy Policy.