DocuSign's Law Enforcement Guidelines
DocuSign is committed to operating its business with the utmost integrity and highest ethical standards. The purpose of the following information is to provide operational guidance regarding DocuSign’s methods for responding to third-party requests for information. These guidelines are generally applicable to law enforcement and governmental inquiries and requests, as well as to subpoenas, inquiries, requests, and orders arising in civil legal proceedings.
DocuSign may disclose information in response to valid legal process in accordance with our Terms of Use, the applicable Master Services Agreement in effect between DocuSign and its customers regarding the DocuSign services, the DocuSign Privacy Policy, and to the extent consistent with the Federal Stored Communications Act, 18 U.S.C. §§ 2701 et seq. (the “SCA”) and other applicable laws. In fulfilling its legal obligations, DocuSign respects customers’ privacy.
DATA AVAILABLE
Before seeking information from DocuSign, you first should directly approach the DocuSign customer that is the party who initiated the transaction. Parties to the transaction will generally have access to the contents and any information about the transaction facilitated via DocuSign. A party may gain access by logging into their account through DocuSign’s service portal.
If you are unsuccessful in your attempt to contact the customer directly and you properly serve DocuSign as provided in these guidelines, DocuSign will respond to your request for information. Depending on the DocuSign service and type of account at issue, DocuSign may have basic subscriber information (e.g., customer name, email address, means and source of payment) and metadata related to transactions.
Please note that DocuSign’s products have been specifically designed to restrict DocuSign’s ability to access the contents (“contents” defined as customer documents enclosed within an envelope) of customers’ transactions in order to preserve the confidentiality of customers’ information uploaded to DocuSign services. For this reason, DocuSign’s ability to provide the requested information may be limited by DocuSign’s technical capabilities at the time of your request.
DOCUSIGN eSIGNATURE
With respect to DocuSign eSignature, DocuSign encrypts the contents of documents that are stored on its systems and is therefore unable to search the contents of documents or produce a decrypted or plaintext version. All requests for information from DocuSign eSignature must identify the envelope or account at issue with particularity (e.g. by providing the email address of the account holder, Envelope ID and/or Account ID and a date range associated with the transaction(s) at issue).
In response to requests for envelopes in DocuSign eSignature, DocuSign produces the Certificate of Completion and/or Envelope History (Audit Trail) for a given envelope. For more information and examples of these records, please visit https://support.docusign.com/guides/ndse-user-guide-history-coc.
SERVICE AND FORM OF LEGAL PROCESS
DocuSign accepts service of process via its registered agent, United Agent Group, Inc., in any state in which DocuSign is registered to do business. Please verify the address through your state’s Secretary of State website. United Agent Group, Inc.’s address in the State of Washington is as follows:
United Agent Group, Inc.
707 W. Main Avenue, #B1
Spokane, Washington 99201
Acceptance of legal process at DocuSign’s offices or by any other means is for convenience only and does not waive any objections, including lack of jurisdiction or proper service.
DocuSign discloses information solely in accordance with its Terms of Use, applicable Master Services Agreement in effect between DocuSign and its customers regarding the DocuSign services, the DocuSign Privacy Policy, and applicable law. Law enforcement and other governmental entities must properly serve DocuSign with a valid subpoena, court order, or search warrant before DocuSign can be compelled to disclose any information. DocuSign may disclose responsive records in accordance with local legal process requirements, but foreign governmental entities may be required to engage in a process for international cooperation (such as a Mutual Legal Assistance Treaty (MLAT) or letters rogatory) prior to obtaining any information. More information may be available by contacting the Office of International Affairs at the U.S. Department of Justice.
As described in our Terms of Use, DocuSign may also share user information: (i) when we have a good faith belief that an emergency involving danger of death or serious physical injury requires disclosure without delay; or (ii) in connection with the investigation of violations of DocuSign’s Privacy Policy or other agreements with DocuSign; or (iii) to protect the legal rights of third parties, including our employees, users, or the public; or (iv) to report suspected illegal activity; or as otherwise required by local law.
FORM OF REQUEST
When drafting a request for information and/or data, please include an email address of the account holder, Envelope ID and/or Account ID and a date range associated with the transaction(s) at issue. As stated above, DocuSign is unable to query its systems based on the contents of envelopes or other user information (such as proper name, date of birth, social security number, or a particular piece of real property associated with a corresponding transaction).
PRESERVATION REQUESTS
DocuSign will comply with preservation requests from law enforcement and governmental entities in accordance with 18 U.S.C. § 2703(f). DocuSign will preserve responsive records (to the extent any exist) for a period of 90 days, which may be extended for an additional 90 days upon request by law enforcement and/or the governmental entity.
INTERNATIONAL REQUESTS
DocuSign is a United States company, and all of its U.S.-based data is stored inside the U.S. As such, DocuSign only responds to valid legal process issued by a U.S. governmental entity or court and properly served on it in the U.S. Parties to civil litigation or governmental entities outside the U.S. should appropriately domesticate requests through a U.S. court by working through the appropriate process for international cooperation, such as letters rogatory or a Mutual Legal Assistance Treaty. More information may be available by contacting the Office of International Affairs at the U.S. Department of Justice. DocuSign may disclose data pursuant to an emergency disclosure request when we believe that doing so is necessary to prevent death or serious physical harm to someone.
Under its Binding Corporate Rules, DocuSign is required to notify the Irish Data Protection Commission (Irish DPC) when a non-EEA enforcement authority requests EEA data, unless it is legally prohibited from doing so, or there is an imminent risk of serious harm.
NOTICE TO CUSTOMERS
Prior to the disclosure of information and/or documents, DocuSign is obligated to provide notice to affected customers regarding legal process requesting information about the content of their accounts. Law enforcement officials, governmental entities, and other third parties who believe that notice to affected customers would jeopardize an investigation must obtain a non-disclosure order pursuant to 18 U.S.C. § 2705(b), or other appropriate legal mechanism that prohibits DocuSign from providing notice to its customers.
TESTIMONY
DocuSign does not provide expert testimony support. Generally, DocuSign records are self-authenticating pursuant to applicable law and should not require the testimony of a records custodian. If a special form of certification is required, attach it to your subpoena or other legal process.
COST REIMBURSEMENT
DocuSign may seek reimbursement from third-party requestors for costs incurred responding to requests for information as provided by law. DocuSign may also charge additional fees for costs incurred in responding to extraordinary or burdensome requests. DocuSign may waive these fees at its sole discretion.
TO BETTER UNDERSTAND OUR eSIGNATURE PRODUCT
eSIGNATURE
For an overview of our eSignature product, please visit the following website: https://www.docusign.com/products/electronic-signature.
Data Management
DocuSign maintains personal information (personal data) for no longer than necessary for the purposes for which it is processed. The length of time for which DocuSign retains personal information depends on the purposes for which DocuSign collected and used it and/or as required to comply with applicable laws as set out in DocuSign’s internal policies. Where there are technical limitations that prevent deletion or anonymization of personal information, DocuSign safeguards personal information and generally limits use of it. For an overview on DocuSign data management and privacy practices regarding eSignature, please visit the following website: https://www.docusign.com/trust/privacy/data_mgmt_privacy.
Data Residency
For an overview on DocuSign eSignature document and data storage locations, please visit the following website: https://www.docusign.com/content/data-residency
Authorized Users and Account Administrators
Customers may assign and expressly authorize an Authorized User(s) to manage its account(s). Authorized Users must be identified by a unique email address and username. Customers may update Authorized Users by logging into their account through DocuSign’s service portal.
Customers may appoint an employee, agent or third-party business partner or contractor to act as its Account Administrator(s) and may change its designation at any time through its Account.
FREQUENTLY ASKED QUESTIONS
Can DocuSign disclose the contents of an envelope or copies of documents signed using DocuSign?
DocuSign encrypts the contents of customers’ documents on its system and DocuSign employees do not have access to the contents of these documents, nor the ability to decrypt or search the contents of these documents.
What business records are retained by DocuSign and are subject to production?
The Certificate of Completion and Envelope History associated with a specific Envelope ID, account subscriber profiles for DocuSign customers, and limited payment records pertaining to some DocuSign customers.
What identifying information is required by DocuSign to perform a search for business records?
DocuSign will need an email address of the account holder, Envelope ID and/or Account ID and a date range associated with the transaction(s) at issue.
Can I email my request directly to DocuSign’s legal department?
No, we do not respond to any requests emailed to DocuSign. All third-party requests for data or information must be served via DocuSign’s registered agent for service of process: United Agent Group, West 505 Riverside Avenue #500, Spokane, WA 99201.
Can I serve my request directly to a DocuSign office location?
Acceptance of legal process at DocuSign’s offices is for convenience only and does not waive any objections, including lack of jurisdiction or proper service. Check your local jurisdiction’s rules governing third-party requests for information before serving a request.
Does DocuSign retain customer communications?
The Federal Stored Communications Act (“SCA”), 18 U.S.C. § 2701, et seq. strictly prohibits a provider such as DocuSign from disclosing the contents of communications to third parties.
Where is DocuSign’s customer data stored?
DocuSign utilizes multiple secure data centers for the eSignature service. For more information, please visit the following website: https://www.docusign.com/content/data-residency .
Does DocuSign record the physical location of the sender or signer of a particular envelope?
While a user’s physical location is not recorded in the Certificate of Completion associated with an envelope, the IP address of all signers is recorded in the Certificate of Completion.
Last Updated Date: November 1, 2021