Contact sales Request a demo Request a demo

Privacy Notice

Updated: September 19, 2023

Table of contents

  1. About us
  2. About this Privacy Notice
  3. Third-Party Websites and Services
  4. Types of Information We Collect
  5. Information You Provide Us
  6. Information Collected via Technology
  7. Use and Processing of Personal Information
  8. Use of Non-Personal Information
  9. Sharing of Your Personal Information
  10. Retention of Your Personal Information
  11. How We Protect Your Personal Information 
  12. International Data Transfers
  13. EU-UK Extension/Swiss-U.S. Data Privacy Framework Participation
  14. Children and Minors
  15. Accessibility
  16. Changes to our Privacy Notice
  17. Contacting us 

EU Privacy Rights Addendum

CA Privacy Rights Addendum

Brazil and Canada Privacy Rights Addendum

VA Privacy Rights Addendum

About us

We are a global company based in San Francisco, California, USA. We provide documentation automation software as a service that helps companies streamline processes to create, approve and eSign proposals, quotes, contracts, and other documents. Companies that use our services can provide their customers with a more professional, timely, and engaging experience. 

About this Privacy Notice

This Privacy Notice sets forth the handling practices of PandaDoc, Inc. (variously, “PandaDoc”, “we”, “our” or “us”) and its affiliates in regard to the collection, use and disclosure of personal data or personal information that you may provide to us through using this website (www.pandadoc.com) (the “Website”), by using any product or by using any service, including but not limited to the PandaDoc software-as-a-service product (“SaaS”), downloading, accessing and /or using PandaDoc’s mobile application named PandaDoc (“App”), creating an account, interacting with us, opting-in to receive SMS mobile messages, or engaging with any other websites, pages, features, or content we own, operate and/or provide (collectively with the Website, SaaS and App, the “Services”).

If you do not accept this Privacy Notice and/or do not meet and/or comply with the provisions set forth herein, then you should not use the Services. 

By accepting our Privacy Notice, accessing and using the Services, you consent to our collection, storage, use, and disclosure of your personal data or personal information as described in this Privacy Notice and the Cookie Notice located at https://www.pandadoc.com/cookie-notice/ (“Cookie Notice”). The use of www.pandadoc.com and the App is subject to PandaDoc’s Terms of Service located at https://www.pandadoc.com/terms-of-use/. 

Third-Party Websites and Services 

In some instances, we may process your personal information in accordance with an agreement with a third party.  This may occur, for example, when you sign-in or sign-up for the Services through a third-party or click on a third-party link. In this instance, the terms of the third-party’s agreement and privacy notice will govern how your personal information is processed. You should review the terms and notices of any third-party websites prior to clicking on the links. PandaDoc has no control over the privacy practices of websites or applications that we do not own. We are not responsible for the practices employed by any websites and/or services linked to and/or from our Website, including the information and/or content contained therein. Please also remember that when you use a link to go from our Website to another website and/or service, our Privacy Notice does not apply to such third-party websites and/or services. Your browsing and interaction on any third-party website and/or service, including those that have a link on our Website, are subject to such third-party’s own rules and policies. In addition, you agree that we are not responsible and do not have control over any third-parties that you authorize to access your personal information. If you are using a third-party website and/or service and you allow them to access your personal information, you do so at your own risk.

Types of Information We Collect

We collect “Non-Personal Information” and “Personal Information” and the information we collect from you depends on how you use the Services. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit, and preferences that are generated based on the data you submit and a number of clicks. “Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, and email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data. The following provides examples of the type of information that we collect from you and how we use that information. 

ContextTypes of dataPrimary purpose for collection
and use of data
Client information We collect the name, username, and contact information, of our clients and their employees with whom we may interact. We have a legitimate interest in contacting our clients and communicating with them concerning normal business administration such as projects, services, and billing.
Client user account informationWe collect personal information from our clients when they create an account to access and use the Services. or request certain free Services from our Website. This information could include business contact information such as name, email address, IP address, geolocation, title, company information, industry, and password for our Services. We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Services.
14-day free trial and/or free e-sign accountWe collect personal information from our clients when they request a 14-day free trial or free e-sign account from our Website. This Personal Information includes name, IP address, geolocation, and business contact information such as email address, title, and password for your PandaDoc account.  Clients may also provide a credit card number or other billing details. We have a legitimate interest in providing account-related functionalities to our users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to facilitate ease of account creation if a user chooses to purchase the service during or immediately following a free trial period.
Contact information of vendorsUsers of our Service may ask their vendors or service providers to submit company and security-related information on our platform (e.g., to complete a security questionnaire). When a user invites a vendor we collect the name and email address of the vendor.We have a legitimate interest in contacting vendors on behalf of our clients in order to invite them to communicate with companies through our platform. Among other things, the communication allows our clients to efficiently solicit, and receive, security questionnaires, and allows vendors to efficiently solicit, and transmit security questionnaires. Additionally, we use this information to fulfill our contract to provide Services which may include soliciting, receiving, transmitting, and hosting responses to security questions.
Account information — vendorsWe collect personal information from vendors when they create an account to access and use the Services or request certain free Services from our Website. This information could include business contact information such as name, email address, title, company information, and password for our Services. We have a legitimate interest in providing account-related functionalities to our vendor users, monitoring account log-ins, and detecting potential fraudulent logins or account misuse. Additionally, in some cases, we use this information to fulfill our contract to provide vendor-users with Services.
Cookies and first-party trackingWe use pixels, beacons, cookies, and clear GIFs. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a website is viewed. See our Cookie Notice for further information.We have a legitimate interest in making our website operate efficiently. 
Cookies and third-party trackingWe participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites. 
To learn more about our third-party partners, please read their respective privacy policies. Google Analytics is an analytics service provided by Google LLC. (US).:

Privacy Disclosures Policy

How Google uses information from sites or apps that use our services

Safeguarding your data

You may opt-out of Google Analytics for display advertising or customize Google display network ads by managing your privacy controls on Google’s website. Looker Analytics is a business intelligence tool that we use and this service is provided by Google LLC (US): Privacy Policy – Privacy & Terms – Google
See our Cookie Preference Center for more information. 

We have a legitimate interest in understanding our users and providing tailored services. Non-essential/non-service provider cookies will not be deployed until opt-in consent is obtained.
For individuals that expressly consent, we may engage in behavior-based advertising, capturing Website, SaaS, and mobile application analytics, and engaging third parties to assist with providing Services that are tailored to your interests. See our Cookie Notice for more information on how we use Cookies.
Demographic informationWe use IP information to 1). Ensure the legality of our documents (under eSignature law); 2). Understand how user behavior varies in different locations in order to improve our software; 3.) Depending on location, provide better support and success service. We have a legitimate interest in ensuring that our product/service is legal and providing tailored services based on the location (Country) – such as appropriate 1) support, 2) contract content, and 3) templates. IP information will not be used for behavioral purposes absent explicit consent.
Email interconnectivityIf you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.

If you choose to connect your Gmail account to PandaDoc, we collect personal data such as name, IP address and Gmail account address to enable the functionality of displaying the Gmail account address to your chosen recipients. PandaDoc’s use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

We have a legitimate interest in understanding how you interact with our communications to you. Such data capture will only be deployed following receipt of explicit consent.

Explicit user consent is captured when a user chooses to connect their Gmail account; PandaDoc has a legitimate interest in improving the functionality of our platform.

EmploymentWhen you apply for a job posting or become an employee or contractor, we collect information necessary to process your application or to retain you as an employee or contractor. This may include, among other things, your Social Security Number, diversity or demographic information, including race or ethnicity, gender or gender identity, and veteran or disability status. Providing this information is required for employment.We use information about current employees to perform our contract of employment or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees. We also have a legitimate interest in using your information to have efficient staffing and workforce operations and provide the Website, the Services, and App to our clients. 
Feedback/SupportWe collect Personal Information from you contained in any inquiry you submit to us regarding our Website or Services, such as completing our online forms, calling, or emailing for the purposes of general inquiries, support requests, or to report an issue. When you communicate with us over the phone or over a video-call platform, your calls may be recorded and sent to you as a support measure. These calls may also be analyzed for training, quality control, and for sales and marketing purposes by PandaDoc. During such calls we will notify you of the recording via either voice prompt or script. We may collect sensory information such as audio and visual image. We have a legitimate interest in receiving, and acting upon, your feedback, issues, or inquiries. 
Mailing listWhen you sign up for one of our mailing lists, we collect your email address along with your first and last name.We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Marketing dataWhen you subscribe to one of our mailing list(s) or opt into our SMS feature, we collect your email address, telephone number (if applicable) along with your first and last name (and/or user name provided). We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
Mobile device dataWe collect information from your mobile device when visiting our Website. Such information may include operating system type and/or mobile device model, browser type, domain, and other system settings, the language your system uses and the country and time zone of your device, geo-location, unique device identifier and/or other device identifier, mobile phone carrier identification, and device software platform and firmware information.We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
Order placementSubsequent to Service enrollment (where we collect name, email and phone number, job role, company name and size), to place an order, we collect billing address, and credit or debit card details.We use your information to perform our contract to provide you with products or services.
SMS messagingWhen you opt into receive notices to execute documents via SMS messages we collect your first and last name along with your telephone number.We collect this information based on user’s opt-in consent.  We also use this information to fulfill our contractual duty to our Customers.
Social Media ConnectorsOur Website uses social media connectors. They are social media buttons, such as LinkedIn, Facebook, Twitter, Instagram and YouTube, you see on our Website that allow you to connect and learn more about us and interact with us, our users and marketing partners.We may engage in behavior-based advertising, capturing website and mobile application analytics and engaging third parties to assist with providing services that may be of interest to you.
Transactional Data/Event DataNames and email addresses of parties to a transaction, subject line, history of actions individuals take related to a transaction (i.e. sign and forward features) and personal information about those individuals or their devices, such as name, IP address, email address and other authentication methods.We use this information to fulfill our contractual duties to our Customers. We also have a legitimate interest in creating and maintaining an audit trail proving the authenticity and legality of signatures and documents created by PandaDoc. 
SurveysWhen you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information. Participation in any such surveys is completely voluntary and you therefore have a choice whether to disclose such information. We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
Usage DataSuch as referring and exit pages and URLs, domain names, landing pages and content viewed and the order of those pages, the amount of time spent on particular pages, the frequency of your use of our Services and other related information.We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud
Website interactionsWe use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Web logsWe collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.We have a legitimate interest in monitoring our networks and the visitors to our Website and App as well as the access and use of the Services to enhance the Services. Web logs also help us understand which of our services is the most popular.
User ContentWhen you use PandaDoc, we collect Personal Information that is included in the input, file uploads, and other materials uploaded to your workspace.We use this information to fulfill our contractual duties to our Customers.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, business partners, our affiliates, or publicly available sources. For example, if you submit a job application, or become an employee, we may conduct a background check.

Information You Provide Us

Information Collected via Technology

Use and Processing of Personal Information

In addition to the purposes and uses described above, we use information in the following ways: 

Although the sections above describe our primary purpose in collecting your information, in many situations we have more than one purpose. For example, if you sign up for Services, we may collect your information to complete that transaction, but we also collect your information as we have a legitimate interest in maintaining your information after your transaction is complete so that we can quickly and easily respond to any questions about your Services. As a result, our collection and processing of your information is based in different contexts upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in conducting our business.

Use of Non-Personal Information

In general, we use non-personal information to help us improve the Services and customize the user experience. We also aggregate non-personal information in order to track trends and analyze use patterns on the Services. This Privacy Notice does not limit in any way our use or disclosure of non-personal information and we reserve the right to use and disclose such non-personal information to our partners, advertisers and other third parties at our discretion.

Sharing of Your Personal Information

In addition to the specific situations discussed elsewhere in this policy, we may share personal information in the following situations: 

Except as otherwise stated in this Privacy Notice, we do not sell, trade, rent or otherwise share for marketing purposes your personal information with third-parties without your consent. 

Retention of Your Personal Information

The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws. We keep your personal information for no longer than necessary for the purposes for which it was collected and/or processed. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.

See the Section “Your choices” about storage of your personal information.

How We Protect Your Personal Information 

We implement security measures designed to protect your personal information from unauthorized access. We apply these tools based on the sensitivity of the personal information we collect, use, and store, and the current state of technology. We protect your personal information through technical and organizational security measures to minimize risks associated with data loss, misuse, unauthorized access, and unauthorize disclosure and alteration. We periodically review our information collection, storage and processing practices, including technical and organizational measures, to guard against unauthorized access to systems. Any account you have on our Website, SaaS or App is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use.

Because the internet is not a completely secure environment, PandaDoc cannot warrant the security of any information you transmit to PandaDoc or guarantee that information on the Website may not be accessed, disclosed, altered and/or destroyed by breach of any of our physical, technical and/or managerial safeguards. In addition, while we take reasonable measure to ensure that service providers keep your information confidential and secure, such service provider’s practices are ultimately beyond our control. 

We are not responsible for the functionality, privacy and/or security measures of any other organization. By using our Website, you acknowledge that you understand and agree to assume these risks. To exercise your personal privacy rights, please click below for the applicable location:

EU (GDPR and UK GDPR) and the rest of the world

California, USA

Brazil

Your Choices 

You may take the below actions to change or limit the collection or use of your Personal Information. 

  1. Sign you out immediately
  2. Remove or anonymize any identifiable user information

International Data Transfers

Our company operates globally and has a global infrastructure. We utilize cloud computing which means your personal data may be transferred to a country with data protection laws not as strong as where you reside. We will transfer your Personal Data to countries deemed having adequate levels of data protection as determined by the European Commission.

PandaDoc may rely on data processing agreements (DPAs) with attached standard contractual clauses (SCCs) approved by the European Commission or other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the GDPR. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us. 

EU-UK Extension/Swiss-U.S. Data Privacy Framework Participation

PandaDoc complies with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. PandaDoc is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). PandaDoc is an active Privacy Shield participant and as such is automatically covered by the DPF framework until October 10, 2023.  PandaDoc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  PandaDoc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Although PandaDoc does not sell personal data, in the context of an onward transfer to a third-party such as a business partner (“third-party agent”), PandaDoc shall remain liable under DPF Principles if such third-party agent processes any personal data in a manner inconsistent with DPF principles, unless PandaDoc can prove that it is not responsible for the event giving rise to the damage.

In compliance with the EU-US Data Privacy Framework Principles, PandaDoc commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact PandaDoc. To exercise your personal privacy rights, please click below for the applicable location:

EU (GDPR and UK GDPR) and the rest of the world

California, USA

Brazil

PandaDoc is committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers  for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Children and Minors 

PandaDoc does not knowingly collect personal data from children under the age of thirteen (13). If we learn that we have collected Personal Information from a child under age thirteen (13), we will delete such information as quickly as possible. To exercise your personal privacy rights, please click below for the applicable location:

EU (GDPR and UK GDPR) and the rest of the world

California, USA

Brazil

By using the Services, you represent that you are at least eighteen (18) years old and understand that you must be at least eighteen (18) years old in order to create an account and/or purchase the goods and/or services through the Website.

Accessibility 

If you are visually impaired, you may access this notice through your browser’s audio reader.

Changes to our Privacy Notice

In general, changes will be made to this Privacy Notice to address new or modified laws and/or new or modified business procedures. However, we may update this Privacy Notice at any time, with or without advance notice, so please review it periodically. We may provide you additional forms of notice of modifications and/or updates as appropriate under the circumstances. Your continued use of the Website after any modification to this Privacy Notice will constitute your acceptance of such modifications and/or updates. You can determine when this Privacy Notice was last revised by referring to the date it was last “Updated” above.

Contacting us

For questions or complaints regarding our use of your personal information or Privacy Notice, please contact us at PandaDoc, Inc., Attention: Privacy Department, 3739 Balboa St. #1083, San Francisco, CA 94121. To exercise your personal privacy rights, please click below for the applicable location:

EU (GDPR and UK GDPR) and the rest of the world

California, USA

Brazil