Electronic signature for enterprise.

Enterprise pricing is custom and scoped to your organization rather than a fixed per-seat list price. It is built from the variables that actually drive cost: the number of seats, your document volume, how many regions you need, and the specific capabilities you turn on, such as SSO, SCIM, data residency, BYOK, or full whitelabel. Most engagements are annual and paid by invoice or wire rather than a credit card. The process is quick: a 30-minute scoping call with sales engineering establishes the footprint, and we send a written proposal with pricing within 48 hours. There is no obligation to that call, and you get a concrete number to take to procurement rather than a range.

Enterprise adds the controls that a security, IT, and procurement team require before rolling an e-signature tool out organization-wide. On top of everything in Business, you get single sign-on over SAML 2.0 and OIDC, SCIM 2.0 auto-provisioning, a bring-your-own signing domain (sign.yourcompany.com) with the SSL certificate we provision, an optional bring-your-own signing certificate for PAdES seals, full whitelabel with zero "Powered by" footprint anywhere, US or EU data residency, customer-managed encryption keys through AWS KMS, a dedicated account manager, and a custom contract. In short, Business is a complete product for a team, and Enterprise wraps it in the identity, residency, branding, and contractual guarantees a large organization needs.

Most enterprise customers go from first call to first signed envelope in about two weeks. That window covers a security review, MSA and DPA negotiation, SSO and SCIM integration with your identity provider, custom signing-domain and certificate provisioning, and audit-policy configuration. The technical implementation itself - wiring up SSO and SCIM, provisioning the domain and certificate, and migrating templates - typically lands in five to ten business days. Larger or more heavily regulated rollouts, or ones that need extended legal review or a deeper architecture assessment, can extend to roughly six to eight weeks. We give you a realistic timeline during scoping so the date you commit to internally is one we can actually hit.

We are early in our formal certification program and do not have a SOC 2 Type II report yet, and we would rather tell you that plainly than imply otherwise. What we can share today is substantial: our DPA, our sub-processor list, security posture documentation, a penetration-test summary, and an architecture review on request. We have a defined path and a target audit window for SOC 2. For HIPAA, contact sales for the current BAA timeline. For most enterprises this evidence is enough to start, and for the few where a completed SOC 2 letter is a hard, non-negotiable gate, we will say so upfront so we do not waste your evaluation time.

Yes. We maintain a baseline MSA and DPA that most legal teams accept with light edits, and we are genuinely flexible on terms wherever a change does not compromise the security posture or the operational model that keeps the service reliable. You are not handed a take-it-or-leave-it click-through agreement. In practice, most legal cycles close within one to two weeks of review, because the starting documents are already written to be reasonable for a large buyer. Your dedicated account manager and our team stay in the loop through redlines so questions get answered quickly rather than bouncing between inboxes, which is usually what keeps a contract from closing on time.

Once you select a region - US (Virginia) or EU (Frankfurt) - your documents, audit logs, and backups stay in that region and never leave it. The selection is enforced at the infrastructure level on dedicated, monitored infrastructure, not just a setting. Customer-managed encryption keys can be scoped regionally through AWS KMS, so the keys protecting EU data live in the EU. For organizations that operate across regions, residency can be selected at the workspace level, so one part of the business can sign in the EU while another signs in the US under the same account. This is how teams meet GDPR and internal data-handling requirements without standing up a separate tool per region.

Yes. Documents signed with Document eSign are legally binding under the U.S. ESIGN Act of 2000 and state UETA laws, and under the EU's eIDAS regulation, which give an electronic signature the same standing as wet ink when intent, consent, attribution, and a retained record are present. Every signed document is sealed with a SHA-256 hash and a PAdES-B-LT signature carrying an independent TSA timestamp, verifiable in Adobe Acrobat, and optionally sealed with your own organization's certificate. Each one ships with a certificate of completion recording every signer's email, IP address, and timestamp on an append-only audit log. That gives a large organization defensible, court-ready evidence at scale, which is exactly what legal and compliance teams ask for before standardizing on a signing platform.