What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This notice engages GDPR and UK GDPR for EEA and UK data subjects, CCPA and CPRA for California residents, Brazil's LGPD, Australia's Privacy Act, and Canadian privacy law. The FTC has jurisdiction over unfair or deceptive trade practices in the US context. Cross-border data transfers for EU personal data are addressed through Standard Contractual Clauses, though the adequacy of these mechanisms remains subject to ongoing regulatory evolution following Schrems II. (2) …

How does DocuSign's DocuSign Privacy Statement affect users?

Users operating through DocuSign's platform are subject to data processing practices that extend to document content and associated metadata shared with designated third parties. Enterprise customers are governed primarily by separate data processing agreements rather than this public privacy statement, which establishes different contractual terms for organizational versus individual data subjects. The statement establishes user rights to request data access, deletion, or marketing opt-out thr…

How often is DocuSign's DocuSign Privacy Statement updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when DocuSign updates this document?

Yes. Watcher subscribers ($9.99/month) can add DocuSign to their watchlist and receive same-day email alerts whenever this document or any other DocuSign document changes.

CA-D-000198

DocuSign Privacy Statement

DocuSign

Last change detected May 6, 2026 Privacy policy

SHA-256: 935a4067a7272e606a9… 4 versions captured 2 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at DocuSign ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

0 High severity

7 Medium severity

1 Low severity

Summary

DocuSign's Privacy Statement establishes the company's data collection, processing, and sharing practices for personal information generated through its document signing and management platform. The statement authorizes DocuSign to process document content and metadata, and permits sharing of personal data with third-party service providers and business partners for service delivery, analytics, and marketing purposes. The statement defines data subject rights available to California residents and EU users, including access, deletion, and opt-out mechanisms available through DocuSign's privacy portal.

Technical / Legal Breakdown

This document is DocuSign's global Privacy Notice, governing the collection, use, storage, and disclosure of personal data across DocuSign's products and services, with legal bases including consent, contractual necessity, and legitimate interests depending on jurisdiction. The notice states that DocuSign collects identifiers, contact data, device and usage data, geolocation, payment information, and the contents of documents processed through its platform, and the terms authorize sharing this data with service providers, business partners, and in connection with corporate transactions such as mergers or acquisitions. A notable operational distinction is DocuSign's role as both a data controller (for account and marketing data) and a data processor (for customer-submitted document content), meaning the privacy protections applicable to document content depend substantially on the enterprise customer's own data agreements rather than this notice alone. The notice engages GDPR and UK GDPR for EEA and UK users, CCPA and CPRA for California residents, and references additional regional frameworks including Brazil's LGPD, Australia's Privacy Act, and Canadian PIPEDA; cross-border data transfer mechanisms including Standard Contractual Clauses are referenced for EU data flows. Material compliance considerations include the adequacy of consent mechanisms for marketing communications, the scoping of processor versus controller obligations for enterprise customers, and the exercise of data subject rights across multiple applicable regimes.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

2 important changes detected

4 versions captured · Last updated: May 2026

May 6, 2026

low

What changed DocuSign removed 'English' from the list of languages in which its Privacy Statement is available. The Privacy Statement itself remains unchanged in content; only the language availability list was modified. This is a minor administrative update with no impact on privacy rights or protections.

Why this matters This change removes English from the list of languages in which DocuSign's Privacy Statement is published. For English-speaking users, the Privacy Statement content itself remains unchanged and available; only the language header was modified. This is a formatting change with no material impact on privacy rights, data practices, or consumer protections.

View full change record →

May 6, 2026

low

What changed DocuSign's privacy policy now displays language indicating available translations (French, German, Japanese, Portuguese, Spanish, Dutch, Italian, and English) at the beginning of the document. This is a formatting and accessibility update that does not change the actual privacy protections or data handling practices described in the policy.

Why this matters This change is a formatting and accessibility update that does not alter DocuSign's privacy practices or consumer protections. The policy now explicitly indicates that translations are available in seven languages in addition to English. This may improve access to privacy information for non-English speakers but does not change what data DocuSign collects, how it uses it, or what rights consumers have.

View full change record →

Medium — 7 provisions

Document Content Collection

DocuSign collects and stores the actual content of documents you send, receive, or sign through its platform, including any personal information those documents contain.

Added May 10, 2026 Rare
Controller vs. Processor Role Distinction Compare →

DocuSign plays two different legal roles depending on the situation: it controls your account and marketing data on its own terms, but processes document content strictly on behalf of the business that sent you the document.

Added May 10, 2026 Standard Seen across 189 platforms
Third-Party and Partner Data Sharing Compare →

DocuSign can share your personal information with its vendors, business partners, and in the event of a sale or merger of the company.

Added May 10, 2026 Standard Seen across 246 platforms
Cookies and Tracking Technologies Compare →

DocuSign uses cookies and tracking tools to monitor your activity on its platform and across other websites and online services over time.

Added May 8, 2026 Standard Seen across 251 platforms
California Resident Rights (CCPA/CPRA)

California residents have legal rights to see, delete, and correct their data held by DocuSign, and to opt out of the sale or sharing of their personal information for advertising purposes.

Added May 10, 2026 Rare
EU/UK Data Subject Rights and Cross-Border Transfers Compare →

EU and UK users have extensive legal rights over their personal data held by DocuSign, and their data is transferred internationally using Standard Contractual Clauses as the legal safeguard.

Added May 10, 2026 Standard Seen across 246 platforms
Data Retention Compare →

DocuSign keeps your personal information for as long as needed for its business purposes, legal obligations, and to handle any disputes.

Added May 10, 2026 Standard Seen across 223 platforms

Low — 1 provision

Marketing Communications and Opt-Out Compare →

DocuSign and its partners may send you marketing messages by email, phone, and mail, but you can opt out by following unsubscribe instructions or contacting DocuSign.

Added April 3, 2026 Standard Seen across 262 platforms

Monitoring

DocuSign has updated this document before.

Watcher includes same-day alerts, structured change summaries, and monitoring for up to 10 platforms.

Start Watcher free trial Or create a free account →

Professional Governance Intelligence

Need provision-level monitoring and regulatory mapping?

Professional includes governance timelines, compliance memos, audit-ready analysis, and full provision tracking.

Start Professional free trial

Cross-platform context

See how other platforms handle Identity Verification and Biometric-Adjacent Data Collection and similar clauses.

Compare across platforms →