Trust center
Security, privacy, and compliance — in one place
We publish our security posture, data-residency architecture, sub-processor list, and GDPR positioning because your compliance team needs these answers to be direct. Not long paragraphs — just the facts, precisely.
Your tenant
Documents, metadata, and audit logs live in your M365 tenant. Never in a separate SaaS cloud.
1 + 1
Two sub-processors when DocuSign is enabled (Microsoft + DocuSign). One when it isn't (Microsoft only).
50+
Microsoft compliance attestations your tenant already inherits. ISO 27001, SOC 2, HIPAA BAA, GDPR DPA, FedRAMP.
Append-only
Audit logs are structurally immutable. Not a policy, an architectural property. Admins can't edit entries.
Documents on the trust center
Security
Security posture
How the platform is protected — architecture, access controls, incident response, and what we inherit from Microsoft's attestations.
Read the page →Residency
Data residency
Where your documents, metadata, and audit logs live. Why the answer is structural rather than configurable in most cases.
Read the page →Processors
Sub-processors
The complete list of third parties with access to your data — deliberately short. Updated per GDPR Article 28 notification requirements.
Read the page →Privacy
Privacy & GDPR
The Article 28 DPA, privacy-by-design decisions, and how our layer interacts with your organization's GDPR compliance program.
Read the page →Regulatory regimes
How docs365.ai maps to the regulations your program faces
Two tiers. Tier A regimes — ISO 9001, ISO 27001, GDPR — are the ones we're built end-to-end to support. Tier B regimes — HIPAA, FDA 21 CFR Part 11, SOX, NIS2 — are ones where we provide capabilities customers use in their own compliance programs, without positioning the product as a certified solution.
Need a specific answer your team can cite?
Security questionnaires, DPAs, vendor-risk assessments — we've seen most of the question shapes before. A 30-minute call is usually the fastest way to get precise, citation-ready answers.