Skip to content
ZiaSignZiaSign
ZiaSign
    • Individuals & TeamsPay by document, unlimited users.
    • DevelopersREST API, SDKs, webhooks, sandbox.
    • EnterpriseSSO, QES, dedicated CSM, on-prem.
    Individuals pricingDevelopers pricingEnterprise pricing
  • Free PDF Tools
  • Browse by topic

    • Getting StartedQuickstart, account, first send
    • Documents & SigningPrepare, send, sign, track
    • Developer APIREST, SDKs, webhooks, sandbox
    • AI FeaturesField detection, summaries, Q&A
    • Billing & PlansSubscriptions, invoices, limits
    • Mobile AppiOS & Android guides

    Quick links

    • Quickstart
    • API reference
    • Authentication
    • Webhooks
    • How-to guides
    • Changelog
    Building with the API?Free sandbox, full REST + webhooks, SDKs in 5 languages.
    Browse all documentation
  • Pricing
  • Company

    • About
    • Blog
    • Investors
    • Security

    Compare

    • vs DocuSign
    • vs Adobe Sign
    • vs PandaDoc
    • vs iLovePDF
    • vs Smallpdf
    • vs PDF24
    • vs Sejda
    Investor connectLatest blog
PDF ToolsFreePricing
Start Free
Start Free
Trust Center

Legal · Sub-processors

Sub-processor list

Every third party that may Process customer Personal Data, with purpose, legal entity, regions of operation, and current certifications. We notify customers at least 30 days in advance of any new sub-processor or material change.

Subscribe to changes Raise an objection

Last updated: 23 April 2026 · 12 active sub-processors

Infrastructure

Sub-processorPurposeRegion(s)
Amazon Web Services
Amazon Web Services, Inc. (USA) / AWS EMEA SARL (LU)
SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018, PCI DSS
Primary cloud hosting, object storage, KMSus-east-1, eu-central-1, ap-south-1
Microsoft Azure
Microsoft Corporation (USA) / Microsoft Ireland Operations Ltd
SOC 2 Type II, ISO 27001, FedRAMP, HIPAA
Secondary infrastructure, AKS for control-plane servicesEU North, India South
Cloudflare
Cloudflare, Inc. (USA)
SOC 2 Type II, ISO 27001, PCI DSS
Edge CDN, DNS, WAF, DDoS protectionGlobal edge network

AI inference

Sub-processorPurposeRegion(s)
OpenAI
OpenAI, L.L.C. (USA) / OpenAI Ireland Ltd
SOC 2 Type II · zero-retention enterprise API tier · DPA signed
AI inference for clause extraction, summarization, drafting assistanceCustomer-region pinned (US, EU)
Anthropic
Anthropic, PBC (USA) / Anthropic Ireland Ltd
SOC 2 Type II · zero-retention API · DPA signed
AI inference for review-side reasoning and risk surfacingUS, EU

Communications

Sub-processorPurposeRegion(s)
Resend
Resend, Inc. (USA)
SOC 2 Type II
Transactional email delivery (signing requests, notifications)EU
Twilio
Twilio Inc. (USA) / Twilio Ireland Ltd
SOC 2 Type II, ISO 27001, HIPAA-eligible
SMS / WhatsApp delivery for OTP, signing remindersGlobal; routed by recipient region

Identity

Sub-processorPurposeRegion(s)
WorkOS
WorkOS, Inc. (USA)
SOC 2 Type II
SSO (SAML/OIDC) and SCIM provisioning for enterprise tenantsUS
Stripe Identity
Stripe, Inc. (USA) / Stripe Payments Europe Ltd
SOC 2 Type II, ISO 27001, PCI DSS Level 1
Identity verification for high-assurance signing flowsCustomer-region routed

Observability

Sub-processorPurposeRegion(s)
Datadog
Datadog, Inc. (USA) / Datadog France SAS
SOC 2 Type II, ISO 27001, HIPAA
Application performance monitoring, infrastructure metrics, error trackingEU; metadata only, no customer document content
Sentry
Functional Software, Inc. dba Sentry (USA)
SOC 2 Type II, ISO 27001
Error and exception tracking (stack traces, no document content)EU

Payments

Sub-processorPurposeRegion(s)
Stripe
Stripe, Inc. / Stripe Payments Europe Ltd / Stripe India
SOC 2 Type II, ISO 27001, PCI DSS Level 1
Subscription billing and payment processingCustomer-region routed

Notification & objection process

  1. 1. ZiaSign publishes intended additions or replacements to this page and notifies all subscribed customers by email at least 30 days before the change takes effect.
  2. 2. Customers may object on reasonable data-protection grounds within the 30-day window by emailing privacy@ziasign.com.
  3. 3. If we cannot resolve the objection, the customer may terminate the affected portion of the Service with prorated refund.
  4. 4. Emergency replacements (e.g. a sub-processor going bankrupt) may shorten the notice window; in such cases we notify as far in advance as commercially possible.

Product

  • eSignature
  • AI Document Assistant
  • Templates & Workflows
  • Pricing
  • What's New

Solutions

  • Individuals & Teams
  • Developers & API
  • Enterprise
  • Trust & Security

Free PDF Tools

  • Browse All Tools
  • Merge PDF
  • Split PDF
  • Compress PDF
  • PDF to Word
  • Use-Case Guides

Developers

  • Documentation
  • API Reference
  • How-To Guides
  • Status

Compare

  • vs DocuSign
  • vs Adobe Sign
  • vs PandaDoc
  • vs iLovePDF
  • vs Smallpdf
  • vs Sejda

Company

  • Investors
  • Blog
  • Privacy
  • Terms
  • DPA
  • Sub-processors
ZiaSignZiaSign
ZiaSign

Sign. Automate. Scale — with AI.

© 2026 ZiaSign. All rights reserved.

SOC 2 (in audit)GDPR · DPDPeIDAS · ESIGN