Security

DocSpring follows industry best-practices to keep your data safe:

You can only access the DocSpring service via TLS (https). We enforce this with HSTS headers.
When you submit data to generate a PDF, this data is encrypted at rest using AES-256.
All stored files are encrypted at rest, using the AWS Key Management Service. This includes template PDFs, generated PDFs, and any other files that are stored in Amazon S3.
Passwords are hashed using bcrypt with 11 key expansion rounds. We do not store plaintext passwords in our database.
We subscribe to security mailing lists and patch any vulnerabilities as soon as possible.

Compliance (HITRUST, HIPAA, SOC 2, PCI DSS, etc.)

Unfortunately, DocSpring is not currently PCI DSS or HITRUST certified.

This means that you must not submit any credit card information or protected health information (PHI) to the DocSpring service. Please contact [email protected] for on-site hosting inquiries.

Vulnerability Disclosures

DocSpring welcomes vulnerability disclosures. Please send an email to [email protected] to report any security vulnerabilties. You can find our PGP public key at:
https://docspring.com/pgp-key.txt

Questions?

Any questions about security can be sent to [email protected]

Last Modified:

Security

Compliance (HITRUST, HIPAA, SOC 2, PCI DSS, etc.)

Vulnerability Disclosures

Questions?

Product

Developers

Company

Legal