Trust Center

At DocSend the security and privacy of customer data is our #1 priority.


DocSend services are designed with a secure, distributed infrastructure with multiple layers of protection. We work to ensure the protection of your data and empower our customers with tools that provide control and visibility. Our security program is designed to assess risks and build a culture of security at DocSend. Learn More >


At DocSend we believe Compliance is an effective way to validate a service’s trustworthiness. We comply with standards and regulations like SOC 2. On an annual basis our independent third-party auditors test our controls and provide their reports and opinions which we can provide to you upon request. Learn More >

Reporting Security Events

If you see something, say something.

At DocSend we take security incidents seriously and you are our most important information security asset. Reporting potential incidents or concerns is the ultimate protection against cybercrime, including fraud. Learn More >


At DocSend we believe that you own your data, and we’re committed to keeping it private. Our Privacy Policy clearly describes how we handle and protect your information. Learn More >


How secure are my documents and data?

DocSend’s systems are annually audited for compliance with the requirements of SOC 2 Type 2 stipulated by the American Institute of Certified Public Accountants (AICPA).

The entire DocSend service uses HTTPS / SSL for securely transmitting encrypted data. Documents are transferred using expiring URLs and ensure that a viewer has a valid viewing key preventing any external, unauthorized transmission.

DocSend is built on top of the Heroku cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

In addition, DocSend has completed the rigorous security review process put in place by Salesforce as part of being listed on the Salesforce AppExchange.

Do DocSend employees have access to my documents and data?

Senior engineering and support staff may access your account, with your permission, and only if it’s required for servicing your account or resolving an incident you’ve reported. However, this rarely requires viewing a document itself. The controls in place are very strict adherence to our privacy policy and a culture built from respect of our users.

Do third parties have access to my information?

We will only share data if you explicitly authorize it. We do not give or sell customer data to anybody. You can read more in our privacy policy here.