DocSpring Logo
  • Pricing
  • Documentation
  • Contact
    • CHAT: Open Live Chat
    • EMAIL: [email protected]
Sign In Start Free Trial
Dashboard Sign Out
Start Free Trial
  • Documentation
  • Pricing
  • Changelog
  • API Status
  • Blog
  • Security
  • Privacy
  • TOS
  • GitHub
  • Twitter
Sign In Start Free Trial
Dashboard Sign Out

Security

DocSpring follows industry best-practices to keep your data safe:

  • You can only access the DocSpring service via TLS (https). We enforce this with HSTS headers.
  • When you submit data to generate a PDF, this data is encrypted at rest using AES-256.
  • All stored files are encrypted at rest, using the AWS Key Management Service. This includes template PDFs, generated PDFs, and any other files that are stored in Amazon S3.
  • Passwords are hashed using bcrypt with 11 key expansion rounds. We do not store plaintext passwords in our database.
  • We subscribe to security mailing lists and patch any vulnerabilities as soon as possible.

Compliance (HITRUST, HIPAA, SOC 2, PCI DSS, etc.)

Unfortunately, DocSpring is not currently PCI DSS or HITRUST certified.

This means that you must not submit any credit card information or protected health information (PHI) to the DocSpring service. Please contact [email protected] for on-site hosting inquiries.

Vulnerability Disclosures

DocSpring welcomes vulnerability disclosures. Please send an email to [email protected] to report any security vulnerabilties. You can find our PGP public key at:
https://docspring.com/pgp-key.txt

Questions?

Any questions about security can be sent to [email protected]

Last Modified:

DocSpring Logo
Product
  • Pricing
  • Changelog
  • API Status
Developers
  • Documentation
  • Template Editor
  • HTML Templates
Company
  • DocSpring Blog
  • GitHub
  • Twitter
Legal
  • Security
  • Privacy
  • TOS
© 2017-2023 DocSpring, Inc.