CA-C-002216
DocuSign — DocuSign Privacy Statement
Entity
Date detected
May 21, 2026
Effective date
May 21, 2026
Severity
Low
Direction
Neutral
Affected users
all users eu users california residents
Taxonomy
Disclosure requirement change
Changes
+6 sentences added · 3 sentences modified
Share 𝕏 Share in Share 🔒 PDF
Watch DocuSign Get alerts when this policy changes.
Watch — Free

Event Summary

DocuSign updated its Privacy Statement on May 21, 2026 to expand the scope of personal information collection and describe data sources more explicitly. The updated language now states that DocuSign collects personal information from individuals 'with whom we otherwise communicate in connection with the Services' (broader than website and app users alone) and explicitly identifies 'Marketing Contact Data' collected from third-party provider Clay to support sales and marketing efforts. The policy also clarifies that DocuSign maintains opt-out list data to honor email marketing preferences.

LOW

Consumer Impact

The updated privacy statement explicitly discloses that DocuSign collects marketing contact data (professional details such as email, phone number, job title, employer, and location) from third-party provider Clay to support sales and marketing activities. The policy now clarifies that its data collection scope includes individuals with whom DocuSign communicates about services, extending beyond active website or app users. The policy states DocuSign maintains minimal data (such as email address on an opt-out list) when users have opted out of email marketing to honor that request.

Governance Analysis

The updated privacy statement adds explicit disclosure of where DocuSign obtains marketing contact data (third-party provider Clay) and clarifies its data collection scope extends to individuals who communicate with the company about services, not just active platform users. This transparency addition enables data subjects to understand the sources and breadth of DocuSign's personal data collection practices.

Available Actions

Review DocuSign's privacy notice to understand that marketing contact data may be collected from Clay

Contact DocuSign if you wish to opt out of marketing communications and have your details maintained on their opt-out list

If No Action Is Taken

DocuSign will continue to collect and use marketing contact data from third-party sources as permitted under the updated policy

If you do not opt out of email marketing, DocuSign will maintain your contact information for marketing communications as stated in the terms

Key Clauses Affected

Third-party marketing data collection

Explicitly discloses collection of marketing contact data from third-party provider Clay to support sales and marketing efforts

Scope expansion

Privacy statement now covers individuals with whom DocuSign communicates about services, extending beyond active platform users

Opt-out data retention

Clarifies DocuSign maintains minimal data (e.g., email on opt-out list) to honor email marketing opt-out requests

Full clause-by-clause analysis available with Compliance.
These clauses may change again. Get alerted when they do. Watch DocuSign — Free

This change record describes what was added, removed, or modified in the document. Analysis reflects what the updated agreement states or permits. It does not constitute a legal determination about enforceability. Applicability may vary by jurisdiction. Methodology

Evidence Verification

✓ Verified
Previous Version
935a4067a7272e606a991d5974159c4c704ff5a1373484146fd72e5df1d95cfb
May 6, 2026 21:09 UTC
✓ Verified
Current Version
db171ce667d98db1d8936fb125acc66e0d283cc7f0c00e08307fb68fd757092c
May 21, 2026 00:21 UTC
✓ Verified
Change Detected
May 21, 2026 00:21 UTC
Analysis Methodology
Citation Record
Entity: DocuSign
Document: DocuSign Privacy Statement
Record ID: CA-C-002216
Captured: 2026-05-21 00:21:55 UTC
URL: https://conductatlas.com/change/2026-05-21-docusign-docusign-privacy-statement-2216/
Accessed: July 8, 2026
Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.
For legal and compliance teams

Institutional Analysis

Assessment

DocuSign's updated privacy statement adds explicit disclosure of third-party marketing data collection from Clay and clarifies its scope to include individuals who communicate with the company about services beyond direct platform users. This is primarily a disclosure and clarification change with low operational complexity. Organizations that maintain data relationships with DocuSign or conduct marketing via DocuSign platforms may need to confirm their own privacy notices accurately reflect this third-party data flow if they reference DocuSign's practices. No new regulatory obligation is apparent from the change itself, though data subjects in GDPR or CCPA jurisdictions may assert rights regarding this disclosed processing.

Regulatory Exposure

GDPR (Articles 13, 14 regarding fairness and transparency of processing), CCPA/CPRA (disclosure of data sources and collection practices)

Full compliance analysis

Obligation analysis, escalation trigger, board language, and recommended action.

Monitor $19/mo Compliance $249/mo

Monitor: regulatory citations + obligations. Compliance: full compliance memo.

ConductAtlas provides verified policy intelligence sourced directly from platform documents. All analysis is intended to support, not replace, legal and compliance review. Record CA-C-002216.

Clause-Level Changes

New Provisions Added
Document Content Collection
Medium

This new provision explicitly discloses that DocuSign collects and processes the actual content of documents, which is material for users to understand what data is collected beyond metadata.

Full clause text available with Compliance. See Compliance →
EU/UK Data Subject Rights and Cross-Border Transfers
Medium

This provision consolidates EU/UK data subject rights and cross-border transfer mechanisms in one location with explicit reference to Standard Contractual Clauses, providing critical GDPR/UK GDPR compliance information.

Full clause text available with Compliance. See Compliance →
Provisions Removed
User Data Rights (Access, Deletion, Correction, Portability)
Low

This standalone provision was removed, though its content appears to be partially absorbed into the new EU/UK-specific provision and California-specific provision, potentially fragmenting global user rights information.

Removed clause text available with Compliance. See Compliance →
Children's Data — Age Restriction
Low

Removal of this provision eliminates explicit disclosure about age restrictions and children's data handling, which is typically required by privacy regulations like COPPA and GDPR.

Removed clause text available with Compliance. See Compliance →
Disclosure to Law Enforcement and Government Authorities
Medium

Removal of this standalone provision means law enforcement disclosure practices are no longer explicitly highlighted, though may be covered in the combined third-party sharing provision.

Removed clause text available with Compliance. See Compliance →
Provisions Modified
Controller vs. Processor Role Distinction
Medium

Previous version had no excerpt; current version adds detailed explanation of the distinction between controller and processor roles with specific examples.

Before/after clause text available with Compliance. See Compliance →
Third-Party and Partner Data Sharing
Medium

Previous version title focused on 'advertising' whereas current version provides comprehensive enumeration of all third-party sharing scenarios, removing the specific advertising emphasis.

Before/after clause text available with Compliance. See Compliance →
Cookies and Tracking Technologies
Medium

Previous version had no excerpt; current version adds specific detail about types of tracking technologies (web beacons, pixel tags) and scope of tracking.

Before/after clause text available with Compliance. See Compliance →
California Resident Rights (CCPA/CPRA)
Medium

Previous version had no excerpt; current version adds explicit enumeration of CCPA/CPRA rights including opt-out of sale/sharing and limitation of sensitive data use.

Before/after clause text available with Compliance. See Compliance →
Data Retention
Medium

Previous version had no excerpt; current version adds specific purposes for retention including legal, accounting, and reporting requirements.

Before/after clause text available with Compliance. See Compliance →
Marketing Communications and Opt-Out
Low

Previous version had no excerpt; current version adds detailed description of marketing channels and explicit opt-out mechanisms.

Before/after clause text available with Compliance. See Compliance →

1 provision unchanged.

Cross-platform context

See how other platforms handle similar provisions across the ConductAtlas archive.

Compare across platforms → Browse regulations →

Full Changes

See the full side-by-side comparison of every sentence added, removed, and modified.

🔒 Full diff — Monitor

Document Context

Version history → Policy drift analysis → Document page →
Document
DocuSign Privacy Statement
Entity
DocuSign
Captured
May 21, 2026
Source URL
https://www.docusign.com/company/privacy-policy
Other changes to DocuSign Privacy Statement
Previous change May 6, 2026
DocuSign removed 'English' from the list of languages in which its Privacy Statement is available. The Privacy Statement itself remains …
Low Neutral
View full version history →
More from DocuSign
May 6, 2026 Low
DocuSign Privacy Statement

DocuSign removed 'English' from the list of languages in which its Privacy Statement is available. The Privacy Statement itself remains …

May 6, 2026 Low
DocuSign Privacy Statement

DocuSign's privacy policy now displays language indicating available translations (French, German, Japanese, Portuguese, Spanish, Dutch, Italian, and English) at the …

Related Analysis
Privacy · April 29, 2026
What 38 AI Companies Actually Say About Your Data (2026)

We read the privacy policies and terms of service of 38 AI platforms. Here is what they say about training, retention, arbitration, and lia…

Track DocuSign policy changes

Get alerted when this policy changes again — including what changed and why it matters.

Prefer a weekly summary instead?

Get the biggest policy changes across 352+ platforms every Sunday.