DocSpring follows industry best-practices to keep your data safe:
You can only access the DocSpring service via
We enforce this with
When you submit data to generate a PDF, this data is encrypted at rest using AES-256.
All stored files are encrypted at rest, using the AWS Key Management Service.
This includes template PDFs, generated PDFs, and any other files that are stored in
Passwords are hashed using
with 11 key expansion rounds. We do not store plaintext passwords in our database.
We subscribe to security mailing lists and patch any vulnerabilities as soon as possible.
Compliance (HITRUST, HIPAA, SOC 2, PCI DSS, etc.)
Unfortunately, DocSpring is not currently PCI DSS or HITRUST certified.
This means that you must not submit any credit card information or protected health information (PHI)
to the DocSpring service. Please contact
on-site hosting inquiries.
DocSpring welcomes vulnerability disclosures.
Please send an email to [email protected]
to report any security vulnerabilties.
You can find our PGP public key at: