Security and Compliance

Software security, data privacy, and control

At DocHub, we implement the necessary tools and measures to protect your data.

Access control

All services related to operations and infrastructure have secure connectivity and require multi-factor authentication. Additionally, our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, and lockout, and disallows reuse.

Payment information

DocHub complies with the Payment Card Industry (PCI) Data Security Standard (DSS) to increase security around cardholder data. However, DocHub does not process and store payment card data on our servers. Instead, this responsibility is handled by our payment providers who are dedicated to storing your sensitive data on PCI-Compliant servers.

Data storage & physical security

DocHub's technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. AWS data centers employ physical and security measures that include 24x7 monitoring, cameras, visitor logs, and entry requirements.

Vulnerability management

Before production deployment, all systems and applications undergo security review to detect vulnerabilities. Additionally, all application dependencies are monitored for vulnerabilities with third-party dependency scanning tools.

Downloadable report

We engage a third-party provider to regularly audit our infrastructure, systems, and processes. The security report is updated on a daily basis and you can download it here. To access the report, enter your email and use dochub ("dochub" - all lowercase) in the password field.

Audit trail

DocHub records a detailed history of all actions taken in a document along with who performs them, including email address, geolocation, web browser, OS, and IP addresses to prove the validity of signed PDFs in DocHub.

Employee access

At DocHub, our staff has access to software development and customer support only on the need-to-know basis. We regularly review permissions and revoke accesses after team members leave the company.

Data encryption

All data received and stored in DocHub servers, as well as data transmitted between the visitors of DocHub website and its users, is encrypted with a 256-bit encryption algorithm both in transit and at rest.

Got questions?

Below are some common questions from our customers that may provide you with the answer you're looking for. If you can't find an answer to your question, please don't hesitate to reach out to us.

Is DocHub confidential?

Yes. Data confidentiality is a top priority for us. DocHub employs security measures, processes, and tools to protect and encrypt your sensitive information and ensure a safe document editing and signing experience. DocHub also is a ready-to-use SaaS solution in the light of industry-specific and global security standards, including GDPR, HIPAA, CCPA, a SOC 2 Type 1 certification, and more.

Is DocHub safe?

Absolutely. For us, data security comes first. Our approach to data security includes tools and procedures that range from data encryption, user authentication, access control, and more to ensure you can edit, sign, and send documents with confidence while satisfying compliance requirements.

Can DocHub be trusted?

Of course. We secure the information that you entrust to us. DocHub is consistent with industry-recognized standards, including HIPAA, CCPA, GDPR, SOC 2 Type 1, and more. Additionally, DocHub has established technical and organizational measures to help prevent unauthorized access, disclosure, and alteration or misuse of information that you manage with the DocHub website and platform.

Does DocHub offer HIPAA compliance?

Yes. DocHub is a HIPAA-ready solution. HIPAA-covered entities and their third-party service providers can send protected health information (PHI) through DocHub under the HIPAA's rules.

Can you trust DocHub?

Absolutely. DocHub employs security measures to protect the information you entrust to us. You can learn more about how we collect and share your personal information in our Privacy Notice.

Is DocHub GDPR compliant?

DocHub undertakes reasonable measures to meet the General Data Protection Regulation's (GDPR) requirements designed to enhance personal data protection in the European Union, aiming to give individuals more control over their personal data. DocHub follows the GDPR principles. When you create an account, we use incremental authentication to grant the minimum permissions to access your data. In addition to monitoring logs, we undergo regular 3rd party security assessments. If you wish, you can request to delete your account, including all documents and profile data, from our servers.

How do I secure a document?

Every document you upload to DocHub and all of your personal information is safe. DocHub is encrypted from end to end and stores all files in AWS (Amazon Web Services) using encrypted S3 storage. However, you can add an additional layer of security to your document with the following options. You can add password encryption to your downloaded PDF and set two-factor authentication and access control. Additionally, you can view and download a detailed Audit trail for every document.

Does DocHub have an audit trail?

Of course. DocHub records a detailed history of all actions taken in a document. This record includes information about all parties and all actions made in a document, such as email address, geolocation, web browser, OS, IP addresses, views, email notifications sent, eSignatures, initials, and other modifications. You can view the Audit trail from your document or dashboard, or download it to your device.

Uncompromised data security and privacy

Compliance certifications and regulations

Over 83 million users around the globe trust DocHub