Docubee Security & Compliance
Keep the security and compliance of every contract you send a priority with Docubee.
HIPAA Compliant
Docubee is a fully HIPAA-compliant automation platform. We’re committed to solving paperwork problems for those in the healthcare industry and any company that deals with sensitive health information for their clients or employees. All Protected Health Information (PHI) collected and shared through Docubee meets or surpasses HIPAA requirements to ensure protection and compliance. Please note, covered entities that wish to use Docubee to store information under HIPAA compliance must have at least one Docubee Organization on the Enterprise Plan and execute a Business Associate Agreement (BAA) with Docubee. BAA’s are available upon request.
SOC 2 Type II Compliant
Docubee is SOC 2 Type II compliant. SOC 2 Type II is a voluntary compliance standard detailing the ways in which digital companies should handle customer data. Our system is designed to protect client data under these standards using a number of encryption and authentication features.
FERPA Compliant
Docubee serves schools and universities of all sizes and is fully FERPA compliant. Under FERPA regulations, student data must be protected and inaccessible to unauthorized users, while still being accessible to students, parents, and staff members with authorization. Docubee allows users to segment access using roles and permissions to comply with FERPA standards.
CCPA Compliant
Docubee satisfies all requirements for CCPA compliance. All information stored and accessed in Docubee can be retained or deleted, and all workflows created in Docubee have the ability to provide an information disclosure for full transparency, meeting all requirements for this regulation.
SMS Two-Factor Authentication
Docubee offers two-factor authentication, an industry standard for SaaS product security. Users have the ability to add a mobile phone number to their account. Users are still required to sign in using their email and password. Upon entering this info and hitting the login button, Docubee will send a verification code via text to authenticate their identity. Standard text and messaging rates may apply.
Single Sign-On (SSO)
Docubee supports Single Sign-On (SSO) configuration for enterprise accounts. SSO enables users to use a single set of credentials to securely autheticate with mutliple applications and reduce threats from hackers.
Secure, Intelligent Contract Automation
Create, manage, sign, and track digital contracts the secure way.
Our Secure Software Features
Encryption at Rest
Docubee employs 256-bit AES encryption at rest, which is a fast and extremely secure method of encryption that is regarded as virtually unbreakable that covers documents and other data. Most government agencies, military organizations, and even the browsers most people use rely on 256-bit AES.
Encryption in Transit
Docubee employs TLS 1.2 to facilitate data privacy and protection as information is sent between Docubee and other platforms. TLS is imperative to keeping personal data like medical records, credit card info, and social security locked down and safe from hackers.
Tamper-Proof Documents
Tamper-proof documents aren’t just for physical paper. Docubee features tamper-proof digital documents, enforced by public-private key encryption, meaning only specified parties have access and are able to sign or make changes to documents sent through the Docubee system. Tamper-proof documents are essential in the event a document is contested in a court of law.
Servers & Networking
Docubee runs on Linux systems that are regularly updated with the latest security fixes. These servers are hosted in the secure data centers of Amazon Web Services (AWS) alongside our secured data in the AWS S3 and RDS services.
Customer Payment Information
Docubee does not process, store, or transmit payment card data from users. Instead, we rely on Braintree for payment processing.
Coding & Testing Practices
Docubee leverages industry-standard programming and testing techniques including rigorous automated testing, manual quality assurance checks, and detailed documentation. Our secure coding practices closely follow guidelines laid by the OWASP report.
Employee Access
To ensure security and lockdown data, we follow the principle of least privilege (POLP) in our solution. We segment employee access only to authorized users working within the product or with customers in real-time.
Isolated EnvironmentsÂ
Docubee relies on logically isolated production network segments.
Periodic Vulnerability TestingÂ
With each product release, web application security is evaluated and tested for vulnerabilities. Widely used testing toolkits and scanners are used to identify vulnerabilities and notify the Docubee team before updates are released to production.
Consistent System Monitoring
Our infrastructure and production applications are monitored around the clock, 365 days a year. Docubee’s dedicated monitoring systems automatically send out alerts in the event of an exception. Docubee engineers are alerted of these occurrences to escalate and proceed accordingly.
Service Levels & Backups
OnTask’s product infrastructure utilizes a wide number of layered techniques to ensure reliability and avoid product downtime. These techniques include load balancing, task queues, rolling deployments, and auto-scaling. Like the rest of the data in Docubee, all backups are encrypted using industry standards.
Password-Protected Signing
You can assign a one-time password to your documents to be sure only the intended recipient is able to access and sign a sent document. Available now in the Signature API & My Documents section.
