Skip to content
Book a meeting

Data Security

Security for Embedded Workflows

Docue Embed is designed so each embedded drafting or signing workflow gets only the access it needs. Data is stored only for the necessary duration, while your product controls users, permissions and long-term document storage.

Security model for embedding

The embedded model is intentionally narrow: your backend authenticates with Docue, your users stay in your product journey, and Docue powers the legal drafting or signing workflow in the background.

Isolated sessions

Each session for template selection or Legal Engine document drafting is scoped to a single embedded workflow. The hosted UI receives only the access needed for that active session.

Controlled API access

API requests use bearer API keys. Sandbox and production keys are isolated, so test and live data stay separated.

Secure user handoff

Links that open template selection or Legal Engine's automated document creation tool use one-time authorization tokens. Opening a drafting link creates a secure browser session with access to that document only.

No default long-term archive

Docue stores Legal Engine drafting data only for the necessary duration. Your product controls customer permissions, exports and any long-term document storage you want to provide.

EU cloud infrastructure

Embed workflows run on scalable EU cloud infrastructure with security-conscious service operations.

Certified security work

Docue's information security operations are ISO 27001 certified, supporting the processes behind embedded drafting and signing workflows.

What stays in your product

Docue provides the embedded product for document drafting, e-signing or both. Your application remains the primary system of record for customers, user access and the finished document lifecycle.

  • Your product manages end-user identity, permissions, billing and customer support.
  • Your product controls how completed documents are stored, archived and made available to customers.
  • Docue powers the embedded drafting or signing workflow only for the active session.
  • Integration events can be sent back to your application so your product stays up to date.

Need security details for your integration?

Book a meeting with Docue to review your use case, data flow and security requirements before launch.

Book a meeting