Skip to content
Book a meeting

Data Security

Security for Embedded Workflows

Docue Embed is designed so each embedded signing or drafting workflow gets only the access it needs. Data is stored only for the necessary duration, while your product controls users, permissions and long-term document storage.

Security model for embedding

The embedded model is intentionally narrow: your backend authenticates with Docue, your users stay in your product journey, and Docue powers the signing or drafting workflow in the background.

Isolated sessions

Each signing or drafting session is scoped to a single embedded workflow. The hosted UI receives only the access needed for that active session.

Controlled API access

API requests use bearer API keys. Sandbox and production keys are isolated, so test and live data stay separated.

Secure user handoff

Links that open signing flows, template selection or document drafting use one-time authorization tokens. Opening a workflow link creates a secure browser session with access to that workflow only.

No default long-term archive

Docue stores signing or drafting data only for the necessary duration. Your product controls customer permissions, exports and any long-term document storage you want to provide.

EU cloud infrastructure

Embed workflows run on scalable EU cloud infrastructure with security-conscious service operations.

Certified security work

Docue's information security operations are ISO 27001 certified, supporting the processes behind embedded signing and drafting workflows.

What stays in your product

Docue provides the embedded product for e-signing, document drafting or both. Your application remains the primary system of record for customers, user access and the finished document lifecycle.

  • Your product manages end-user identity, permissions, billing and customer support.
  • Your product controls how completed documents are stored, archived and made available to customers.
  • Docue powers the embedded signing or drafting workflow only for the active session.
  • Integration events can be sent back to your application so your product stays up to date.

Need security details for your integration?

Book a meeting with Docue to review your use case, data flow and security requirements before launch.

Book a meeting