DocuSign can share your personal information with its vendors, business partners, and in the event of a sale or merger of the company.
This analysis describes what DocuSign's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Your personal data, including account details and potentially document metadata, can be transferred to third parties for business operations and in corporate transactions, which may expose your information to entities whose privacy practices differ from DocuSign's.
Previous version title focused on 'advertising' whereas current version provides comprehensive enumeration of all third-party sharing scenarios, removing the specific advertising emphasis.
View full change record →Your personal information may be shared with DocuSign's service providers, joint venture partners, and acquirers in a corporate transaction, and these transfers occur without individual notification in most circumstances.
How other platforms handle this
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Loyalty and partner program companies. We share information with our loyalty and partner program companies, like Ulta Beauty and Marriott.
We may share your information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with third-party advertising p...
Monitoring
DocuSign has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We may share your personal information with third parties in the following circumstances: with service providers who perform services on our behalf; with business partners with whom we jointly offer products or services; in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business; and when we believe disclosure is necessary to comply with applicable law or legal process.— Excerpt from DocuSign's DocuSign Privacy Statement
(1) REGULATORY LANDSCAPE: GDPR Articles 13 and 14 require disclosure of third-party recipients and their categories at the time of data collection. CCPA requires disclosure of categories of third parties to whom personal information is disclosed. Sharing with business partners for joint offerings may require analysis of whether this constitutes a sale or sharing under CPRA, triggering opt-out rights. (2) GOVERNANCE EXPOSURE: Medium. The breadth of sharing categories, particularly with business partners for jointly offered products, warrants scrutiny as to whether adequate data processing agreements or joint controller arrangements are in place. Corporate transaction sharing is standard industry practice but requires careful data room controls and transition agreements. (3) JURISDICTION FLAGS: EU users have rights to know specific categories of recipients and may challenge transfers to third countries without adequate safeguards. California residents have the right to know categories of third parties receiving their data and, if sharing constitutes a sale or cross-context behavioral advertising share, to opt out. (4) CONTRACT AND VENDOR IMPLICATIONS: Vendor management teams should maintain a current inventory of DocuSign's disclosed sub-processors and business partners receiving data. Due diligence in any M&A context involving DocuSign as a target or acquiree should include a full data transfer audit. (5) COMPLIANCE CONSIDERATIONS: Organizations embedding DocuSign in customer-facing workflows should disclose DocuSign as a data recipient in their own privacy notices to meet transparency obligations under GDPR and CCPA.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Your personal data, including account details and potentially document metadata, can be transferred to third parties for business operations and in corporate transactions, which may expose your information to entities whose privacy practices differ from DocuSign's.
Your personal information may be shared with DocuSign's service providers, joint venture partners, and acquirers in a corporate transaction, and these transfers occur without individual notification in most circumstances.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by DocuSign.