Privacy Policy

Last Updated: August 20, 2024

DocuSeal, LLC (“we,” “our,” or “us”) is dedicated to respecting your privacy. This Privacy Policy outlines how your personal information is collected and used by DocuSeal.

This Privacy Policy is applicable to our services and their related domains (collectively referred to as our “Service”). By accessing or using our Service, you confirm that you have read, comprehended, and consented to our collection, storage, and use of your personal information as detailed in this Privacy Policy and our Terms of Service.

1. Data We Collect

We collect several different types of data:

Electronic identification data, including IP address, device & browser data, timezone.
Information about your use of our website, including how you ended up on our website and the pages you visited.
Account information: first and last name, email, company name, password, electronic signature, and initials of registered users.
Billing details: name, email, address, and payment details based on your chosen payment method (stored and processed by Stripe) if you subscribe for a paid service.
Documents, contacts, and other content you upload and create on the platform.

2. Purpose for Collection and Use of Data

We use the collected data for the following reasons:

To deliver our service to you.
To personalize your experience.
To improve our services.
To communicate with you regarding updates, promotions, and account-related issues, thereby keeping you informed and engaged.
To respond to customer support inquiries.
To process payment transactions.
To record details about transactions with our services involving electronic signatures.
To respond to legal requests or prevent fraud.

3. Sharing Your Information

Protecting your privacy is crucial for us, which is why we do not sell, trade, or otherwise transfer your personal information to outside parties, except under defined circumstances, such as:

Sharing with service providers and partners who assist us in operating the Services, including cloud storage services, payment processors, and software vendors, ensuring they comply with stringent data protection standards:
- AWS - Hosting;
- Stripe - Payment processor;
- Twilio - Messaging;
- Hubspot - CRM;
- Rollbar - Error logs;
- Google - Company email and office tools;
Complying with legal requirements, such as responding to a law, regulation, court order, or government request, which obligates us to disclose certain data.
Protecting the rights, property, or safety of DocuSeal, our customers, or the public, which may involve sharing information to prevent fraudulent activities or harm.
In connection with business transactions, such as mergers, acquisitions, or asset sales, where personal information may be part of the transferred assets.
With your explicit consent, where you have agreed to share your information for specific purposes.

4. Data Residency and International Transfer

docuseal.co - Our primary operations involving personal data occur within the US (AWS Northern Virginia region). Your data may be transfered to locations outside the US for the reasons outlined in Section 3. We perform due diligence on our service providers to ensure that the entities receiving your personal data implement adequate data protection and security policies.

docuseal.eu - We use AWS EU region, and all documents and user data are stored in Ireland, EU. Your data may be processed in countries outside the EU by third-party service providers that help us operate (see section 3). We rely on data processing agreements (DPAs) with Standard Contractual Clauses (SCCs) to address cross-border transfers.

5. Data Security

DocuSeal Cloud services implement the Service Organization Control 2 (SOC 2) standard, which helps to ensure data security and privacy.

We employ strict security measures to safeguard your data from unauthorized access, disclosure, alteration, and destruction. This includes using encryption technologies, access controls, and secure network infrastructures. However, it's essential to understand that no security system is impenetrable. We continuously monitor for potential threats and update our security practices to address new risks. Nevertheless, the effectiveness of these measures also depends on your actions, so we encourage you to use strong passwords with 2FA, and exercise caution when sharing personal information.

6. Data Retention

Your personal information is retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, accounting, or reporting obligations. This retention period may vary based on the type of information and the nature of our relationship. Once the retention period expires or if you request deletion, we will securely dispose of or anonymize your data.

7. Your Rights

You have various rights regarding your personal data. These rights include:

Access: You can request information about the personal data we hold about you and how it is processed.
Rectification: You can request the correction of inaccurate or incomplete data.
Erasure: You can request the deletion of your personal data.
Object: You have the right, in certain situations, to object to how or why your personal information is processed.
Restriction: You can request the limitation of processing your data under specific circumstances.
Data Portability: You can request a copy of your data in a structured, machine-readable format.

To exercise these rights, contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request in accordance with applicable laws.

8. Cookies and Tracking Technologies

A cookie is a piece of data that a website saves on a user's computer, which the user's browser sends back to the website whenever they return. We do not use cookies for tracking and analytics purposes.

Essential cookies are used to authenticate the user's login session and provide access to the services. Essential cookies are also used during the submission completion process to authorize the data input form and implement the necessary compliance and fraud prevention measures.

We do not use third-party tracking services to collect information about you.

9. Children’s Privacy

Safeguarding the privacy of young children is of utmost importance. Our Services are not directed towards individuals below the age of 18, and we do not intentionally collect personal data from minors. If we discover that we have unintentionally obtained personal information from someone under the age of 18 without confirming parental consent, we will take appropriate measures to remove such information from our records. If you suspect that we may have any information from or about a minor under the age of 18, please reach out to us using the contact information provided at the end of this Privacy Policy, and we will strive to address and resolve the issue promptly.

By using the Services, you affirm that you are at least 18 years old and acknowledge that you must be at least 18 years old to create an account and/or purchase services through our website.

10. Gmail Integration

If you use the Gmail integration with DocuSeal, you will be asked to grant us permission to send emails from your Gmail account.

IMPORTANT: DocuSeal's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We do not access your emails through your Gmail account. We use the granted access to your Gmail account to implement the emails sending from your connected email address.

11. GDPR

We may be collecting and using information from you if you are from the European Economic Area (EEA), and in this section of our Privacy Policy, we are going to explain exactly how and why this data is collected, and how we maintain this data under protection from being replicated or used in the wrong way.

GDPR is an EU-wide privacy and data protection law that regulates how EU residents' data is protected by companies and enhances the control the EU residents have over their personal data.

The GDPR is relevant to any globally operating company and not just EU-based businesses and EU residents. Our customers’ data is important irrespective of where they are located, which is why we have implemented GDPR controls as our baseline standard for all our operations worldwide.

Learn more about how we implement GDPR here.

12. California Residents

The California Consumer Privacy Act (CCPA) requires us to disclose categories of Personal Information we collect and how we use it, the categories of sources from whom we collect Personal Information, and the third parties with whom we share it, which we have explained above.

We are also required to communicate information about rights California residents have under California law. You may exercise the following rights:

Right to Know and Access. You may submit a verifiable request for information regarding the:
- categories of Personal Information we collect, use, or share;
- purposes for which categories of Personal Information are collected or used by us;
- categories of sources from which we collect Personal Information;
- specific pieces of Personal Information we have collected about you.
Right to Equal Service. We will not discriminate against you if you exercise your privacy rights.
Right to Delete. You may submit a verifiable request to close your account and we will delete Personal Information about you that we have collected.
Request that a business that sells a consumer's personal data, not sell the consumer's personal data.

If you would like to exercise any of these rights, please contact us.

We do not sell the Personal Information of our users.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, the regulatory environment, or the expanding functionality of our Services. When we make changes, we will notify you by updating the "Effective Date" at the top of this policy, and in some cases, we may provide additional notification such as displaying a prominent notice on our website. Changes to the policy will be effective as of the date specified in the notice. Your continued use of the Services after any changes or revisions to this Privacy Policy indicates your agreement to the terms of the revised policy. We encourage you to review this Privacy Policy regularly to stay informed about our information practices and the ways you can protect your privacy.

14. Contact Us

We’re committed to maintaining the confidentiality, integrity, and security of your personal information. If you have any questions, concerns, or comments about this Privacy Policy or our data handling practices, please do not hesitate to reach out to us. You can contact us using the following information:

DocuSeal, LLC
332 S Michigan Ave, Suite 121 #5896,
Chicago IL 60604

privacy@docuseal.co