DocuSign collects and stores the actual content of documents you send, receive, or sign through its platform, including any personal information those documents contain.
This analysis describes what DocuSign's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Documents signed through DocuSign frequently contain sensitive personal, financial, legal, or medical information, and this clause confirms that content is collected and processed by DocuSign as part of its service.
Interpretive note: The extent of DocuSign's use of document content for its own purposes versus purely as a processor for enterprise customers depends on separate customer agreements not contained in this public notice.
This new provision explicitly discloses that DocuSign collects and processes the actual content of documents, which is material for users to understand what data is collected beyond metadata.
View full change record →Any sensitive information in your contracts, agreements, or forms processed through DocuSign, such as social security numbers, financial account details, or health information, is collected and stored by DocuSign and subject to the terms of this notice or, for enterprise users, the applicable customer agreement.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
If we collect health information from these integrations (such as heart rate), we will not sell or use it for advertising or other similar purposes; we do not disclose it to third parties without your prior consent; and we will only use it for the specific purposes described in this Policy.
We collect your personal data when you use our Services, create a new eBay account, provide us with information via a web form, add or update information in your eBay account, participate in online community discussions or otherwise interact with us.
Monitoring
DocuSign has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We collect and process information you provide when you use our products and services. This includes the content of the documents you send and receive through our products, including any personal information contained in those documents.— Excerpt from DocuSign's DocuSign Privacy Statement
(1) REGULATORY LANDSCAPE: Document content processing may implicate GDPR Article 9 if documents contain special category data, as well as HIPAA if the enterprise customer is a covered entity and the documents contain protected health information. The FTC Act applies to any unfair or deceptive practices in how this data is handled in the US. The extent of DocuSign's obligations depends on whether it acts as a controller or processor for a given data set. (2) GOVERNANCE EXPOSURE: Medium. As a data processor for enterprise customers, DocuSign's obligations for document content are defined by customer agreements rather than this public notice. However, if DocuSign uses document-derived data for its own purposes such as product improvement or AI model training, that use could trigger controller obligations and heightened scrutiny under GDPR and CCPA. (3) JURISDICTION FLAGS: EU and UK users are protected by GDPR and UK GDPR requirements for lawful bases and data minimization in document content processing. California residents may have rights under CPRA to know and limit the use of sensitive personal information contained in documents. Healthcare-adjacent organizations should evaluate HIPAA Business Associate Agreement requirements. (4) CONTRACT AND VENDOR IMPLICATIONS: Enterprise customers should confirm that their DocuSign Data Processing Agreement explicitly addresses document content as processor data, restricts secondary use by DocuSign, and identifies all sub-processors with access to document content. Procurement teams should request current sub-processor lists. (5) COMPLIANCE CONSIDERATIONS: Legal teams should map document content data flows to confirm appropriate lawful bases are in place, particularly for any automated processing or AI-assisted features applied to document content. Organizations in regulated industries should assess whether DocuSign's processor commitments satisfy sector-specific requirements.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Ad personalization controls removed. Contact scanning added. Advertiser data partnerships quietly dropped. A timeline of every change.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Documents signed through DocuSign frequently contain sensitive personal, financial, legal, or medical information, and this clause confirms that content is collected and processed by DocuSign as part of its service.
Any sensitive information in your contracts, agreements, or forms processed through DocuSign, such as social security numbers, financial account details, or health information, is collected and stored by DocuSign and subject to the terms of this notice or, for enterprise users, the applicable customer agreement.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DocuSign.