GDPR Compliance

Last updated May 5, 2024

At DocuSeal, we prioritize the privacy and security of your personal data. This GDPR Compliance Policy outlines our commitment to compliance with the General Data Protection Regulation (GDPR) and our efforts to safeguard your rights and data privacy.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data privacy and security law enacted by the European Union (EU). It came into effect on May 25, 2018, and applies to all EU member states as well as any organization that processes personal data of individuals within the EU, regardless of where the organization is located.

Under GDPR, individuals have several rights regarding their personal data, including the right to access, rectify, erase, restrict processing, data portability, and object to processing.

Who Does GDPR Affect?

GDPR applies to organizations that process personal data of individuals within the EU, regardless of where the organization is located. This includes businesses, service providers, and other entities that handle personal data in the context of offering goods or services to individuals in the EU or monitoring their behavior.

Is DocuSeal GDPR Compliant?

DocuSeal ensures that all the data collected through our platform is managed in compliance with GDPR regulations. We educate our users on best practices for handling data to keep them informed and prepared to use our platform in a manner that aligns with GDPR requirements.

Our Compliance as Data Processors

DocuSeal acts as a data processor in compliance with the GDPR requirements.

As data processors, we process personal data on behalf of our customers who are the data controllers in accordance with their instructions. We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data and assist our users in meeting their GDPR obligations.

Our Subprocessors:

Software Use Location GDPR Compliance
AWS Hosting US
Stripe Payments US
Twillio Messaging US
Postmark Emailing US
Hubspot CRM US
Rollbar Error logs US
Google Email US

Our Compliance Measures

Data Storage: We maintain servers in Ireland for EU users, ensuring that personal data of EU individuals is stored and processed within the EU as required by GDPR.

Data Sharing: We do not sell personal data or use it for marketing purposes. Information is shared with service providers only to support our business operations, and they are required to comply with GDPR. See Subprocessors section.

Data Protection: We implement robust security measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. This includes encryption, access controls and regular security assessments.

Transparency and Consent: We provide transparent information about our data processing activities and obtain consent from customers before processing their personal data.

Data Subject Rights: We respect the rights of data subjects, including the right to access, rectify, erase, restrict processing and data portability. We provide mechanisms for individuals to exercise their rights and respond to requests in a timely manner.

Data Processing Agreements: Customers' data on the cloud service is stored and processed within the EU. Our subprocessors are committed to adhere to the GDPR guidelines concerning cross border data transfers. Furthermore, we maintain oversight and due diligence in selecting and monitoring our subprocessors to ensure compliance with GDPR requirements and safeguard the privacy rights of our customers.

At our customer’s request, we enter into data processing agreements to ensure that personal data is processed in compliance with GDPR requirements and that appropriate safeguards are in place.

Please read our Privacy Policy to learn more about how we handle your data.

Contact Us

If you have any questions or concerns about our GDPR Compliance Policy or how we handle personal data, please contact us at

Learn more

Send a GDPR compliant signature request


This GDPR Compliance Policy is provided for informational purposes only and does not constitute legal advice. It is subject to change as GDPR regulations evolve. For specific legal advice regarding GDPR compliance, please consult with a qualified legal professional.