DocSend services are designed with a secure, distributed infrastructure with multiple layers of protection. We work to ensure the protection of your data and empower our customers with tools that provide control and visibility. Our security program is designed to assess risks and build a culture of security at DocSend. Learn More >
At DocSend we believe Compliance is an effective way to validate a service’s trustworthiness. We comply with standards and regulations like SOC 2. On an annual basis our independent third-party auditors test our controls and provide their reports and opinions which we can provide to you upon request. Learn More >
Reporting Security Events
If you see something, say something.
At DocSend we take security incidents seriously and you are our most important information security asset. Reporting potential incidents or concerns is the ultimate protection against cybercrime, including fraud. Learn More >
How secure are my documents and data?
DocSend’s systems are annually audited for compliance with the requirements of SOC 2 Type 2 stipulated by the American Institute of Certified Public Accountants (AICPA).
The entire DocSend service uses HTTPS / SSL for securely transmitting encrypted data. Documents are transferred using expiring URLs and ensure that a viewer has a valid viewing key preventing any external, unauthorized transmission.
DocSend is built on top of the Heroku cloud application platform. Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilizes the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
In addition, DocSend has completed the rigorous security review process put in place by Salesforce as part of being listed on the Salesforce AppExchange.
Do DocSend employees have access to my documents and data?
Do third parties have access to my information?