The software solution you can trust. Documate protects your data and your clients' information with top security features and protocols.
Law firms, government organizations, and courts across the world trust Documate with their sensitive data. As a result, we take several measures to ensure the collection, storage, and transfer of this data is secure. Each Documate customer is set up on their own subdomain and isolated database.
We continuously monitor for potential vulnerabilities and review and update our code and systems configuration to ensure your data is always protected. Documate also maintains high standards for code quality, mandatory code reviews, and constant internal security consultations.
Each year, Documate works with a leading cybersecurity firm that tests the software using the most advanced techniques to ensure that Documate's platform is secure.
All of the data you and your users collect and transmit is encrypted in transit and at-rest using industry best practices, including Transport Layer Security (TLS). Documate requires all third party integrations (configurable by you) that receive data from Documate to provide secure, encrypted endpoints that will receive the data.
Your data is encrypted at rest with AES-256 encryption in AWS data centers. AWS data centers are managed in accordance with SOC 1-3, PCI DSS Level 1 and ISO 9001/ISO 270001. For users who use Documate for payment processing, our payment processing vendors are also PCI compliant.
You have full control over whether the data collected by your workflows is stored in your account. Please use the Settings tab for each of your workflows to choose whether you want to store data. If you do choose to store data, you also have full control over immediately deleting any and all data in your account.
By default, Documate will store your data in the United States. Documate also offers hosting options in the European Union, Canada, Australia, or any other AWS region (see here). Additional setup costs apply.
Documate only uses and integrates with payment vendors who are operating in accordance with PCI legislation. Documate does not store any payment information.
Documate enforces physical, technical, and administrative protocols, including but not limited to two-factor authentication, background checks, regular employee security training, and secure access policies.
Documate customers may set up two-factor authentication and/or single sign-on (SSO) with your preferred provider in order to further limit access through your organization. We also enforce strong passwords, regular password resets, and will also automatically lock your account for a period of time after too many failed login attempts.