Security & Compliance

Security built into every layer

We take security seriously. ShareDoc is built with enterprise-grade security and compliance standards to protect your sensitive documents.

Transparency notice

SOC 2 attestation is currently in progress. End-to-end encryption is available via custom onboarding and will limit analytics features (e.g., heatmaps, engagement insights) while enabled.

Security First

Meet David—he sleeps better now

David is a VP of Security at a healthcare company. He used to wake up at 3 AM thinking: "What if we get breached through document sharing?"

Legacy tools stored everything on their servers. No audit trails. No watermarking. No control over who forwarded what to whom.

ShareDoc gave him back control: dynamic watermarks on every page, complete audit logs, instant access revocation, and optional BYOS means data never leaves their infrastructure. Now he sleeps through the night.

Watermarking

Recipient info on every page

Audit Logs

Track every document action

BYOS

Data stays in your infrastructure

Optional End-to-End Encryption

Available via custom onboarding. Disables certain insights/features; transit and at-rest encryption are always on by default.

Access Controls

Granular permissions, SSO/SAML integration, and IP allowlisting for enterprise security.

Audit Logs

Complete audit trail of all document access, sharing, and modifications.

Data Residency

Choose where your data is stored. GDPR and regional compliance support.

Compliance

SOC 2 attestation in progress. Built with GDPR, HIPAA, and CCPA supporting controls.

Threat Detection

Real-time monitoring and alerting for suspicious activity and security events.

Certifications & Compliance

We meet the highest industry standards for security and data protection.

SOC 2 (attestation in progress)

Encryption in transit & at rest

GDPR-aligned practices

HIPAA supporting controls (BAA on request)

CCPA readiness

Data Protection Practices

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Encryption keys are managed using industry-standard key management practices.

Infrastructure Security

Our infrastructure is hosted on AWS with multiple availability zones for redundancy. We implement network segmentation, firewalls, and intrusion detection systems.

Access Management

We enforce principle of least privilege, multi-factor authentication for all employees, and regular access reviews. Customer data is isolated and access is logged.

Monitoring & Response

24/7 security monitoring with automated threat detection. Incident response procedures are regularly tested and updated.

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please email us at [email protected] with details. We commit to responding within 48 hours.