Save time and boost your productivity with Electronic Signatures. Now you can send, sign, and approve documents faster than ever.
If you often wonder about what happens to a document after it has been sent, then you will love the PandaDoc Insights. Get a notification every time your document is opened, read, or signed. You can also see detailed stats on how your recipient interacted with your document. The Dashboard will give you a bird’s-eye view of your documents’ activity.
With PandaDoc you don’t have to switch between several tools to personalize, modify, and deliver your documents. Every quote, proposal, form, or contract can be edited in real-time.
If you’re spending a lot of time editing and sending the same document over and over again, our Templates feature will come in handy. With Templates you can send the same document to a number of people, while generating a personalized version of that document for each individual recipient. All of that in just a few clicks.
With the Workflow feature you can easily define the lifecycle of each document, as well as add additional steps to it. Each document can be set up with a custom approval flow, signing order, and even payment requests.
Easily distribute your content by departments, teams, projects, or specific groups of people with the Workspaces feature. Organize your content with Folders and Tags.
Configure Price Quote (CPQ)
PandaDoc includes robust CPQ functionality. Create reusable Catalog Items and include Dynamic Pricing tables inside your documents. With the Auto Calculate feature, you can handle discount, tax, and margin calculations with little effort.
App for iPhone & iPad
The PandaDoc iOS app is available for the iPhone, iPad, and iPod Touch, running iOS 7.0 or later.
App for Android Devices
The Android app is available for both phones and tablets. It supports most devices running Android 4.0 (ICS) or later.
We support mobile browsers, so whenever you send a document to a recipient, that person can open the document while on the go, and sign it on their phone without needing to create a PandaDoc account or have our apps installed.
PandaDoc ensures compliance with the SOC2 industry standard. We are currently in the process of reviewing our SOC2 certification. We can provide an SSAE16 SOC2 report and attestations of compliance, upon request.
PandaDoc services are hosted on the Amazon AWS platform and this document details the ways in which we leverage the massive investments that Amazon continues to make in security to the benefit of our customers.
The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. It is designed to provide an extremely scalable, highly reliable platform that enables to deploy applications and data quickly and securely.
AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Additionally, AWS has assurance programs that provide templates and control mappings to help establish the compliance of environments running on AWS against 20+ standards, including the CESG (UK), and Singapore Multi-tier Cloud Security (MTCS) standards.
AWS is also fully compliant with applicable EU data protection laws and the AWS Data Processing Agreement incorporates the Article 29 Working Party Model Clauses. This means that transfer of personal data in AWS from the European Economic Area (EEA) to other countries will be given the same high-level of protection it receives in the EEA.
In a traditional data center, common compliance activities are often manual, periodic activities. These activities include verifying asset configurations and reporting on administrative activities. Moreover, the resulting reports are out of date before they are even published. Operating in an AWS environment allows us to take advantage of embedded, automated tools like AWS Config and AWS CloudTrail for validating compliance. These tools reduce the effort needed to perform audits, since these tasks become routine, ongoing, and automated. By spending less time on manual activities, we can help evolve the role of compliance in our company from one of a necessary administrative burden, to one that manages our risk and improves our security posture.
PandaDoc data centers (handled by Amazon AWS) are state of the art, utilizing innovative architectural and engineering approaches. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure.
- AWS data centers are housed in nondescript facilities.
- Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff using video surveillance, intrusion detection systems, and other electronic means.
- Authorized staff must pass two-factor authentication a minimum of two times to access data center floors.
- All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely.
Servers and Networking
All servers that run PandaDoc software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as Amazon RDS, S3 and others, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.
Our web servers use the strongest grade of HTTPS security (TLS 1.2) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.
PandaDoc stores document data (metadata, activity, original files and customers’ data) in different locations, compiles and generates documents on the fly when requested. All data in each location is encrypted at rest with AES-128 and sophisticated encryption keys management.
We follow the principle of least privilege in how we write software as well as the level of access employees are instructed to use in diagnosing and resolving problems in our software and responding to customer support requests.
At PandaDoc, only authorized members of DevOps and Development teams have access to production systems. All production systems access at PandaDoc requires multi-factor token-based VPN access and authentication.
The production network segments are logically isolated from other Corporate, QA, and Development segments.
System Monitoring and Alerting
At PandaDoc, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on-call DevOps team members and escalated appropriately to operations management.
Service Levels, Backups, and Recovery
PandaDoc infrastructure utilizes a number of layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments.
We do full daily automated backups of our databases. All backups are encrypted.
The PandaDoc web application is multi-tiered into logical segments (front-end, mid-tier and database), each independently separated from each other in a DMZ configuration. This guarantees maximum protection and independence between layers.
Coding and Testing Practices
PandaDoc leverages industry standard programming techniques such as having a documented development & quality assurance processes, and also following guidelines such as the OWASP report, to ensure that the applications meet security standards. In addition, we follow a strict process of code and security review before it’s delivered to the QA team.
Before full deployment to production, all application changes at PandaDoc undergo both automated and manual testing including full functional testing in a QA environment and full performance testing in a staging environment.
The Quality Assurance Team also deploys to half of the production system and performs a full regression testing before full production deployment is carried out. This thorough testing process ensures that if anything fails during any step, the production system is not compromised.
Web application security is evaluated by the development team in sync with the application release cycle.
This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.
PandaDoc also leverages external 3rd parties for periodic vulnerability assessments and penetration testing, which ensures our environment is secure and web transactions can occur without risks.
Customer Payment Information
PandaDoc uses Chargify and Authorize.net for payment processing and does not store any credit card information. Chargify and Authorize.net are trusted, Level 1 PCI service providers.