Data residency
The Signature service is architected to provide customers with clarity regarding the storage location of their uploaded and completed eDocuments.
Currently, DocuSign maintains four instances of the eSignature service one each in the U.S., Canada, the EU and Australia. When DocuSign provisions a customer’s account, the customer’s Signature service is assigned to one of these regions (customers may select their region). This determines where their eDocuments will be stored. Once the account and region are established, eDocuments are stored only within DocuSign data centers in that region.
Regional eDocument storage
Within both the US and the EU, DocuSign utilizes multiple secure data centers for the Signature service. Redundant copies of eDocuments may be stored in every data center within the particular region to which a customer’s account is assigned. This helps assure the performance, availability, and business continuity of the Signature service.
Sharing of data between regions
To facilitate a “broad global access” user experience, some data is shared between the U.S. and E.U. instances of DocuSign Signature service. This includes:
- Customer account identity information
- Audit trail data on the transactions generated by the Signature service (see Transaction Data for additional detail)
For example, if an envelope is sent to Jane Anderson, an existing user residing in the U.S., by a customer with an account tin the E.U., the identity data shared between the two regional instances of the Signature service would be used to alert Jane; and the email notifying Jane of the eDocument would come from the U.S. instance. However, the signing experience would be directed to the E.U. instance of the Signature service, and the eDocument would be stored in the E.U. region.
An additional example of how this information is used includes when customers require customer or technical support. However, data shared between the two instances doesn’t include the actual eDocuments. Customer eDocuments are always stored in the region of the account that sent the eDocuments through the Signature service.
eDocument access and control
With the Signature service, customers have complete control over the storage of their eDocuments and who can access them.
Controlled access rights
The Signature service allows customers to control who can access their eDocuments, which is limited to the customer’s authorized users and their designated eDocument recipients. The Signature service is architected such that all eDocument content is encrypted upon upload and inaccessible by DocuSign employees.
Global access
Any customer-authorized user or designated recipient may access an eDocument on the Signature service from any location in the world via an Internet connection to DocuSign’s website (www.DocuSign.com).
Data deletion and retention
Customers determine their account’s retention policies, including the option to purge their eDocuments and redact personal data.