Request a demo

Choose where your data gets stored and processed

PandaDoc provides the flexibility your business needs for data residency* in two equally secure locations: the U.S. and EU.

Choose where your data gets stored and processed
Control where your data goes

Control where your data goes

Have peace of mind knowing your business information is secure, deeply encrypted and stored in defined geographic locations.

Foster trust and transparency

Foster trust and transparency

Show your customers a commitment to protecting their data privacy, while upholding the highest standards of data security.

Utilize powerful infrastructure

Utilize powerful infrastructure

All our regional clouds function with speed and efficiency, so you can gain access to your data quickly and reliably.

Enterprise-grade security & compliance

eIDAS compliant

eIDAS compliant

PandaDoc works with Trust Service Providers to ensure that all your signatures are verified, secure, and compliant. Safely send documents knowing that the signer is the person you’re doing business with, as you protect their sensitive data while making sure these documents are admissible in court.

Physical security

Physical security

PandaDoc data centers (handled by Amazon AWS) are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.

SOC 2 certified

SOC 2 certified

PandaDoc is SOC 2 Type II certified. We can provide an SSAE 18 SOC 2 report and attestations of compliance, upon request. PandaDoc services are hosted on the Amazon AWS platform and this document details the ways in which we leverage the massive investments that Amazon continues to make in security to the benefit of our customers.

Servers and networking

Servers and networking

All servers that run PandaDoc software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon RDS, S3 and others, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.

Service levels and backups

Service levels and backups

PandaDoc infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We do full daily automated backups of our databases. All backups are encrypted.

Application architecture

Application architecture

The PandaDoc web application is 
multi-tiered into logical segments (front-end, mid-tier, and database), each independently separated from each other in a DMZ configuration. This guarantees maximum protection and independence between layers.

Frequently asked questions

* Which data is stored in the regional locations?

The US and EU versions of PandaDoc are similar and equally secure. However, the versions are independent and isolated installations of the application. This means that if you have a PandaDoc account within the US, PandaDoc EU would not know about this account and would not have any information. We keep the environments isolated in order to provide data residency to our customers.

The following information is be stored and processed in bounds of chosen region:

  • PandaDoc Account’s Configuration
  • Documents (PandaDocs, Templates and PDF copies of signed documents)
  • Images Assets
  • Document’s Texts, Attachments and Metadata
  • In-document communication (Comments)
  • Billing Information (Billing Addresses, Account Names, Subscription Details)
  • PandaDoc Contacts
  • Forms (including information your customers enter)
  • Content Library Items
  • Catalog Items
  • PandaDoc Inboxes (you account members and your customers)
  • Reporting and Document’s Analytics

Is there any data not stored in our regional location?

Yes. The following information, regardless of which version of PandaDoc is chosen, is stored (and transferred to the US):

  • Your communication with PandaDoc representatives, specifically our Customer Support team and all interactions with this team. In order to provide best in class support for our customers PandaDoc remains to be a global company, this means that our representatives are hosted across the globe and would be happy to help as soon as possible. Unfortunately, we can’t isolate our communications in one particular region. This means that information such as video calls, account information, customer ticket information can be accessed and transferred to the US.
  • The transactional analytical information about your account that helps us to make PandaDoc a better application for you.
  • 3rd Party integrations that our Customers enable within their account could transfer data outside of your chosen PandaDoc application location. This is dependent on the specific integration and the 3rd party provider. If you have questions on your specific integrations, let us know and we will help you.
  • Interactions with our Sales team, basic sales contact information, and the initial contractual sales documentation.

Can I transfer data between data centers in the EU and in the US?

Unfortunately, for security purposes, this is not possible. You cannot transfer data from PandaDoc one data center to another. If you’ve chosen the US server, you will be able to have a separate account in the EU with the same email address of the account owner, but it would be a second account that does not share neither license, nor any information with the first one — you’ll need to set up and maintain it separately, which gives you full control over your data residency.