Thousands of companies trust DocSend with highly sensitive information. We take that responsibility seriously and place security at the heart of every decision we make.

How secure are my documents and data?

DocSend’s systems are annually audited for compliance with the requirements of SOC 2 Type 2 stipulated by the American Institute of Certified Public Accountants (AICPA).

The entire DocSend service uses HTTPS / SSL for securely transmitting encrypted data. Documents are transferred using expiring URLs and ensure that a viewer has a valid viewing key preventing any external, unauthorized transmission.
DocSend is built on top of the Heroku cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

In addition, DocSend has completed the rigorous security review process put in place by Salesforce as part of being listed on the Salesforce AppExchange.

Do DocSend employees have access to my documents and data?

Senior engineering and support staff may access your account, with your permission, and only if it’s required for servicing your account or resolving an incident you’ve reported. However, this rarely requires viewing a document itself. The controls in place are very strict adherence to our privacy policy and a culture built from respect of our users.

Do third parties have access to my information?

We will only share data if you explicitly authorize it. We do not give or sell customer data to anybody. You can read more in our privacy policy here.