Compliance

At DocEndorse, we allocate a significant portion of our resources to ensure that our internal processes adhere to international best practices and the standards that govern the businesses in the industries we serve. We are fully aware that the consequences of non-compliance include millions of dollars in civil fines, or criminal prosecution, or in extreme cases, prison time for company officers.

We continuously seek ways to improve upon our success in exceeding global standards on data privacy and management. In this context, we are open to any questions or suggestions that you may have that can further our ability to meet your compliance needs. We can be reached at support@docendorse.com. Some of the laws/regulations that we comply with are:

• The U.S. ESIGN act of 2000
• The Uniform Electronic Transactions Act (EUTA) of 1999
• The eIDAS regulation for the EU of 2016 (EU Regulation 910/2014), coming from the European EC/1999/93 Directive.
• The eIDAS regulation for the UK post Brexit
• PCI Data Security Standard
• GDPR (General Data Protection Regulation)
• Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) of 2004
• Canada's Uniform Electronic Commerce Act of 2000
• The Electronic Transaction ACT of 2006

There are other laws and regulations to which we comply but have not mentioned. Understandably, most of these regulations are similar in spirit as they seek to achieve similar objectives. See our legal section for more information.

In meeting these regulations, we have installed the following policies and procedures:

• Terms of Use Policy
• Code of Conduct
• Incident Response Plan
• Information Security Policy
• Privacy Policy
• Breach Notification Policy
• Change Management Procedure
• Incident Response Plan

Our standard operating model utilizes a combination of industry leading tools to enhance the security and privacy of your data. As a matter of standard practice, we ensure that:

• All documents are stored behind a firewall in private folders outside of the public view.
• All potential viewers or signatories of any document go through a two-level authentication before they are granted access, including session verification, and user authentication and identification.
• All communications use TLS (Transport Layer Security) encryption, including documents in-transit, and business to customer communications.
• All documents are stored and encrypted at rest using AES 256-bit encryption. Each document is encrypted using a unique document key (DEK), and that DEK is then encrypted using a master key.
• HTTP Strict Transport Security (HSTS) is mandatory for all web browsers or user agents that want to use our services.
• A detailed track and trace mechanism to maintain the integrity of all documents as they are being signed or altered, including a detailed audit trail from upload to completion, and a unique digital fingerprint for every signed document.
• A detailed track and trace mechanism for all signatories to a document and users on our platform. Among the data we collect are IP addresses, location, time and date, browser, and system information.

Compliance with international laws and best practices in one of the many ways we ensure that we meet our client's objectives. If you want to know more about the products and features that we offer you, you can visit the features page on our website. If you wish to get more information on pricing or you want to purchase a product you can go to our pricing page. You can also contact us us to get more information about our products and services or to speak to a care specialist.