Adobe Sign supports a customizable data retention policy which can be configured on customer accounts to delete documents and collected data from Adobe Sign. By default, Adobe Sign securely retains all customer documents on the service. Adobe Sign complies with several industry standards for data security and availability such as PCI DSS 3.0, HIPAA, SOC 2 Type II and ISO 27001. Customers can request the configuration of an automated data retention policy to comply with their organization’s data retention requirements and have their documents automatically deleted from Adobe Sign.
Alternatively, on-demand retention can be enabled, where customers have the option to use the Adobe Sign API to remove documents individually under Admin control.
A configurable data retention policy is available for the business and enterprise service plans. Adobe Sign supports two different options for configuration:
1. Automated Data Retention: With this option, customers can choose to set an automated policy on their account so that documents are retained for a specified a period of time in Adobe Sign. For example, an account can be configured to retain documents for a period of 30 days after they are signed. There is no limit on the duration of time that can be configured for the data retention period—the retention period can be as short as a few seconds or as long as several years. The automated data retention policy can be configured for the entire account so that all agreements from an account have the same policy. Alternatively, the policy can be configured for specific groups in an account such that different groups have different retention policies.
2. On-demand Data Retention: With this option, customers can delete documents from Adobe Sign at any time through the Adobe Sign API. This option is typically used when Adobe Sign is integrated into an external system of record such as a Document Management System, Records Management System, HR System etc. where the retention policy is configured and managed within this external system.
Data retention is only applied to documents that have one of the following statuses in Adobe Sign:
- Signed or Approved—The document has been completed (signed or approved) by all recipients.
- Cancelled/Declined—The document has been cancelled by the sender or was declined by a signer or approver.
- Expired—The document expired before the signature process was completed. Data retention is not applied to documents with any other statuses.
For an organization that has a retention policy configured for their account, when a document reaches the terminal state, Adobe Sign sets the retention date on the agreement based on the configured policy. Using the earlier example—for an organization that has a 30-day retention policy configured for their documents—as soon as a particular document gets signed, the retention date (and time) is set for 30 days in the future.
When the retention date and time is reached, the data purging process within Adobe Sign permanently deletes all versions of the signed documents and all the associated form data that was collected during the signature workflow process. Once the data is deleted from the primary system, active data replication ensures that the data is deleted from the DR site or any backups. After the documents and data have been deleted from Adobe Sign, an explicit event gets added to the transaction history of the particular transaction indicating when the documents were purged from the system.
Adobe Sign continues to retain the audit trail for the transaction to provide context around the transaction if the need ever arises.
In this configuration, an external system or application makes an explicit request to Adobe Sign through the API to delete a particular document. Adobe Sign receives the request, validates it, and immediately sends the document to the data purging process. The purging process deletes the signed document, all intermediate versions, and all the associated form data collected during the signature workflow from the primary operation site and the secondary DR site. The data deletion event is captured in the transaction history. Adobe Sign continues to retain the audit trail for the transaction to provide context around the transaction if the need ever arises.
Before data retention can be enabled for an account, the customer must sign a Data Retention agreement with Adobe indicating their desire to have their documents and data permanently deleted from Adobe Sign. Additional configuration information, such as the duration of time that data should be retained in cases where the customer wants automated data retention, may be required to complete the configuration.
Adobe requires that organizations that have data retention enabled to, at a minimum, provide a copy of the completed signed document as a PDF attachment to any signatories/participants outside their organization. This choice cannot be changed once Data Retention is enabled.
Organizations can optionally choose to provide copies of signed agreements to internal participants.
The Signed and Filed email that is delivered to each recipient after the agreement is completed contains a note informing the recipient that they should save the PDF copy:
"The agreement is fully executed. The sender of this agreement has control over the retention period for this agreement which determined the amount of time it will be available for download from Adobe Sign. Adobe recommends that you save a local copy of this fully executed -agreement for your records."
Document Retention for Workday Integrations –
The Workday Integration is configured to not send a Signed & Filed email when a transaction has been completed as the documents are stored within the Workday system.
Installing a Retention Policy will change that configuration so that the Signed & Filed email will be sent with the Signed PDF attached.