DocHub Security
We take security very seriously. Ensuring that the information collected by our website and platform is secure and protected is very important to us. Consistent with industry standards and applicable law, DocHub has established appropriate technical and organizational measures to help prevent unauthorized access to, disclosure, alteration or misuse of information collected by the DocHub website and platform (“Collected Data”).
We use Amazon Web Services to store all Collected Data. Amazon employs a robust physical and network architecture security program with multiple certifications. For more information on Amazon’s security processes, please visit https://aws.amazon.com/security/.
Continually Updated Third Party Report
We engage a third-party firm, Vanta, to continually audit our infrastructure, systems, and processes. Their report is updated daily.
View DocHub's Vanta Security Report
Software Security
We employ a team of specialists to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
Encryption
All data transmitted between visitors to the DocHub website and users of the DocHub platform is encrypted in transit.
All data received and stored by DocHub servers is encrypted at rest.
Physical Security
DocHub’s technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. Physical security controls at AWS data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.
Access Control
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. DocHub grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee termination.
PCI Compliance & Credit Cards
DocHub operates as a card-not-present merchant and is compliant with Payment Card Industry (PCI) Data Security Standards (DSS). When you sign up for a paid account on DocHub, we do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.
View the full report: DocHub PCI Compliance SAQ
Employees
DocHub employees undergo background checks, are held accountable to non-disclosure agreements, and complete mandatory security training programs. DocHub limits software development, customer support and sensitive data access exclusively to internal employees. Permissions to sensitive data are granted only if needed for employees to perform their duties and are are revoked immediately if the employee is terminated.
Vulnerability Management
All systems and applications undergo security review for vulnerabilities prior to production deployment. All application dependencies are monitored for vulnerabilities using third party dependency scanning tools.
Incident Management
DocHub maintains industry standard security incident response policies and procedures.
Vulnerability Reporting & Bug Bounty
DocHub values the work done by security researchers in improving the security of our products and service offerings. We are committed to working with this community to verify, reproduce, and respond to legitimate reported vulnerabilities.
Contact Us
Have a question, concern, or comment about DocHub security? Please contact [email protected].