Security
Your documents, protected.
DocTray treats signed documents like the legal records they are. Here's how.
🇪🇺 EU-hosted
100% European
GDPR
Compliant by design
eIDAS
Aligned
ISO 27001-aligned
In progress
European Sovereignty
DocTray is a 100% European product. All infrastructure, processing, and storage live inside the EU. No data, metadata, or backups are ever transferred to extra-European organizations, no CLOUD Act, no FISA 702 exposure.
Encryption
AES-256 at rest, TLS 1.3 in transit. Keys managed in an EU-hosted HSM with quarterly rotation.
Signature integrity
Every signed document is sealed with a PKI signing certificate. Tamper-evident, with a verifiable certificate chain, eIDAS-aligned.
Vulnerability disclosure
We run a coordinated disclosure program. Report findings to security@doctray.com, we respond within one business day.
Sub-processors
All sub-processors are European entities operating exclusively within the EU. The current list is published and customers are notified before any change.
DPA & GDPR
We sign a Data Processing Addendum with all paid customers. No Standard Contractual Clauses required, processing stays in the EU.
Send your first document in the next 5 minutes.
Free forever for individuals. No credit card. No demo required.