Everything about Dropbox Sign a Electronic signature

Sign Use Cases cover several verticals, from HR and on-boarding, to real estate, to sales, to insurance, to education.

Vertical	Use Case
HR / On-Boarding	Employee onboarding, W-2/I-9, authorizations, offer letters, NDA's
Real Estate	Lease Agreements or HOA resolutions
Purchase / Sales	Sales contracts, RFP's, procurement agreements
Loan / Insurance / Tax	Tax, Insurance or financial documents such as loan agreements or credit applications
Education	Student Contracts, tuition assistance, fundraising, campus events, scholarships, faculty agreements, parental approval forms

These use cases show how to streamline the document signing process and improve efficiency by eliminating the need for manual printing, signing, and scanning of documents.

Additionally, electronic signatures can help ensure the authenticity and integrity of signed documents, which can be particularly important for legally binding agreements or regulatory compliance.

Electronic signatures also enable remote signing, which is useful for organizations that have a remote workforce or need to obtain signatures from individuals who are not physically present.

Dropbox Sign Plans

In general there are 3 things you need to understand to for the best plan.

1. Understand the customer's use case and what features they need.
2. Identify the preferred interface (the API or Web App) they will primarily be using to send out their signature requests.
3. Understand the volume of requests or users they need. This will help you recommend the appropriate pricing metric.

Per User License Model	Per Envelope License Model
Only Web-App (no API)	API and Web-App Included
Unlimited envelopes	Unlimited users (great for scaling

You can have up to 20 signers on one document.

Team Management

If you’re on a Dropbox Sign team, you’ll be assigned one of four roles – admin, team manager, developer (for API plans) or member. Your role determines what you have permission to see and do in Dropbox Sign. See the table below for a detailed list of permissions for each role.

If you have multiple teams, each team has its own admins and team managers.

The Admin Console is the headquarters of team management. Admins are able to create new teams, invite and manage users, track template ownership, and manage team settings.

Admin Console	Description
User Section	The first section in the Admin Console is Users. This is where Admins are able to invite new users, either individually or in bulk, and manage current users (add and remove team members). They can also update their role (make them admins), as well as the team which they are on.
Team Section	Allows Admins to able to create and manage teams. The Dashboard at the top of the page will show the team name, and the Admin and Manager for the teamOn a Sign team, there are four roles: - Admin - Team Manager- Member- Developer (for those on an API plan)
Reporting Section	The Reporting section provides Admins team data, such as user activity, compliance, and document status reports. Team Managers will be able to view charts and pull reports for those users on their teams. The reports available are: User activity Total requests sent Compliance Document status
Settings	Inside Settings are four sections: General, Signature requests, Documents and templates, and Syncing and sharing. General: Here, you can change the Company name, Tagline, upload a logo, and specify the industry. Signature requests: The Signature Requests page allows customizations to the From field, email signature, default document title, the default date format and much more. Documents and templates: The Document and templates page provides control and access settings to templates and document data. It also provides the ability to sync documents to your preferred cloud storage (Dropbox, Box, Google Drive, or OneDrive), as well one-time document deletion or ongoing document deletion.
Security	Where Admins are able to manage SAML SSO and multi-factor authentication.

"We don't have an eSignature solution...”

• How are you signing important business documents (contracts, legal documents, etc.)?
• How are they currently being sent out? What is the dream end state?
• How are these signed documents collected and archived?
• What team or teams manage this process?
• How many people send documents for signature? Which departments send the most documents?
• How many documents do they send per month?

Note: You can not merge two different accounts under two different emails addresses as long as that they belong to the same person. For security reasons, Sign is unable to merge two different accounts under two different email addresses, even if they both belong to the same person. Similarly, we can’t assign the same email address to two different accounts. However, you can delete the account that you don’t want, then change the email address on the account that you want to keep on the “Settings” page.

Dropbox Sign numbers to remember:

• Up to 40 files in a signature request
• 40MB per document
• 500 pages total per request
• up to 20 signers per signature request.
• up to 250 people in one bulk reques

With in-person signing, you can set up a template on an iPad or tablet so that a client or customer can sign the form in person with their finger.

In-person signing is available on Standard and Premium plans.

Note: in-person signing is intended for single signer documents only. If more than one signer per document is needed, the request will need to be sent through the web app. To utilize this option a template is required (covered later).

You can send single and multi-signer signature requests to up to 250 people with bulk send.

Bulk send is available to Sign users on Standard and Premium plans.

Bulk Sign requires you to use a CSV.

You can download our CSV template and format it to meet your needs. Your CSV file can contain as many columns of data as you like, but it must include at least a signers’ names column (labelled “name” in the header row) and a signers’ emails column (labelled “email_address” in the header row).

If you’re on a Sign Premium plan, you can create multiple teams, each with its own admin, under one Sign account.

Each team has its own admins and team managers, who can manage what team members can do. Members can’t see other teams’ documents or information, even if they’re in the same organisation.

If you’re on a Dropbox Sign team, you’ll be assigned one of four roles – admin, team manager, developer (for API plans) or member.

Your role determines what you have permission to see and do in Dropbox Sign. See the table below for a detailed list of permissions for each role.

If you have multiple teams, each team has its own admins and team managers.

Note: Multi-teams are only available on Premium plans.

Admins can delete their teams’ documents in bulk from the Admin console.

Before you use bulk deletion, we recommend that you activate team cloud sync. There are 2 options:

One-off delete Ongoing delete

An account can have up to three levels of teams, with a total of 50 teams. The diagram below illustrates the outline of a simple team structure.

One-off delete is a manual bulk delete option that removes all documents completed to date (signed or declined) from your Sign account. This option is irreversible and has a 72-hour retention period that allows you and other administrators to download any documents you wish to retain, prior to deletion.

Active signature requests and draft documents will not be deleted with one-off delete. You can delete these documents individually, by cancelling a signature request or deleting the draft in your Documents section. If you have activated ongoing delete, these documents will be automatically deleted after they are completed.

How to use one-off delete:

1. Sign in to Sign with your admin credentials
2. Hover over your initials in the top right-hand corner
3. Click Admin console
4. Click Settings in the left sidebar
5. Click Documents and templates in the left sidebar
6. Click Configure to the right of Delete documents
7. Locate One-off delete and click Delete Documents next to the description
8. Review the terms and text and tick the tickboxes to agree
9. Click Delete Documents

With ongoing delete, admins can opt to have all future documents automatically deleted from their Sign account upon completion. Activating this feature means that from now on, all documents will be deleted 72 hours after completion. If ongoing delete is deactivated, any pending deletion of documents (those that are within the 72 hour retention period) will be cancelled and those documents will not be deleted.

How to use ongoing delete:

1. Sign in to Sign with your admin credentials
2. Hover over your initials in the top right-hand corner
3. Click Admin console
4. Click Settings in the left sidebar
5. Click Documents and templates in the left sidebar
6. Click Configure to the right of Delete documents
7. Locate Ongoing delete and click Activate next to the description
8. Review the terms and text and tick the tick boxes to agree
9. Click Delete future documents. You'll see a notification indicating the feature has been successfully activated

Sign recommends admins to activate team cloud sync prior to using bulk delete options. Documents stored outside your Sign organisation, such as those synced to your cloud storage solution or signers’ copies that are not part of your organisation, won't be deleted.

One-off delete + sync We recommend confirming that all of your existing documents have synced to the cloud storage service of your choice before using the one-off delete feature to ensure ongoing access. One-off delete doesn't confirm whether a document has successfully synced before it is deleted.

Ongoing delete + sync If your organisation is using both cloud sync and ongoing deletion, documents will be deleted from Sign 72 hours after a successful sync. If a document fails to sync to the integrated cloud storage solution, Sign will notify the organisation administrator and will not queue the document for deletion. If that occurs and you still wish to delete the document from Sign, you can use the one-off deletion feature to do so.

Note: once a synced document is queued for deletion, it will be removed from your Sign organisation in 72 hours even if it is subsequently deleted from the cloud storage account.

Dropbox Qualified Electronic Signatures

QES verification requires a face-to-face video call to verify the signer’s identity. The signer receives an email requesting a QES, reviews the document in Sign, completes an IDnow video call to verify their identity, and signs the document.

Note: the signer can access IDnow via the IDnow app (on Android or iOS) or web browser (on phone, tablet, or laptop).

Detailed process

Once IDnow has verified the signer’s identity, Dropbox Sign applies a digital QES certificate generated by Namirial (a TSP on the EU Trusted List) to the signature and sends confirmation to both signer and sender that the process has been completed.

IDnow stores signer identification data on servers located in Germany for 90 days. After 90 days, the data is completely deleted.

The resulting audit trail does not show the QES completion and time stamp. However, it does show that the document was reviewed and completed on the Sign platform, then sent to IDnow for identity verification. The audit trail is part of the document PDF, which needs to be finalised before the QES is added.

If the signer exits the process (such as to do the video call later), both signer and sender receive periodic email reminders until the process has been completed. Signers who exit the process have 90 days to complete it.

If you resend the request (such as due to a mistake), it counts towards your quota. If a verification fails and you don’t resend the request, it doesn’t count towards your quota.

QES requests can only be sent to one signer at a time – they can’t be used in bulk send requests

Also QES cannot be used for embedded API singing

As an admin, you’ll receive an email when 80% of your team’s purchased QES quota has been used. If you use all your QESs, more are automatically added to your plan.

For example, if you purchase QESs in increments of 100 and use them, 100 more are added at a time until you reach 1000. If you purchase QESs in increments of 1000 and use them, 1000 more are added.

Note: Your QES quota is available for one year from the time it is purchased or added.

Admins can temporarily turn off the QES option so your team members can’t use it. We recommend the admin to let their team members know when they toggle this off or on.

Dropbox Document Management

Document Searching

You can search the documents in your Sign account by name or owner.

You can also search for a document using the document’s ID. To further refine your search, you can add modifiers to your search query.

Deleting documents as a User

You can delete documents from your own account.

Documents that have been deleted for everyone are permanently deleted after 30 days, after which they can no longer be accessed or recovered. You can download a document that’s been deleted for everyone at any time before that document is permanently deleted.

Note: you can’t delete documents that are pending signature.

Deleting documents as an Admin

Admin can delete a document for everyone. Admins can also create settings to allow senders to delete documents.

Admins can also delete their teams’ completed documents in bulk from the Admin console. There is a 72 hours retention period.

There are 2 options:

One-off delete: Removes all documents completed to date (signed or declined) from your Sign account. Active signature requests and draft documents will not be deleted with one-off delete unless the signature request is cancelled or the draft is deleted. This option is irreversible and has a 72-hour retention period that allows admins to download any documents you wish to retain, prior to deletion.

Ongoing delete: Admins can opt to have all future documents automatically deleted from their Sign account upon completion. Activating this feature means that from now on, all documents will be deleted 72 hours after completion. Before they use bulk deletion, we recommend admins to activate team cloud sync so the documents are removed from Sign but stored in the company preferred location.

Deleting documents: notifications

All parties (admins, owner, shared access users, signers, approvers) will receive an email letting them know that the document has been deleted. All parties will also receive an email 3 days before the document is permanently deleted.

Sign will notify all of the admins and managers for your organisation when and admin use either of the bulk delete options above. This gives your teammates visibility, and the opportunity to back up any documents they wish to retain access to.

Dropbox Templates

Dropbox Template links

1. Template links allow you to share direct links to documents for people to sign. Anyone you share the link with will be able to sign the document.

2. Template links are available to Sign users on Essentials, Standard and Premium plans. The number of templates and template links you can have depends on which plan you have.

The biggest difference between templates and template links is how you use them to request signatures.

Templates are used to create signature requests and can only be sent directly to specific signers via email.

For example, an employment handbook from HR that needs to be sent to every new joiner would be a good use case where a signature request is only sent to a specific signer. Template links can be shared via a URL and anyone with the link can sign your document.

For example, you could use a template link to add a waiver to your website so that anyone who goes to your website could sign it. This way, you don’t have to send the waiver to each person individually like you would with a template.

Note: you can request signatures from multiple people at a time using a template, but you can only request signatures from one person at a time using a template link.

Creating variable signers with Dropbox Sign

Learn how how to set up variable signers for a template within a Premium account in Dropbox Sign.

Managing templates and template links	Descriptions
Create	Creating templates or template links is an easy process. Just follow the instructions Sign provides you.
Search	Finding templates and template links works same as in Document search, to further refine your search, you can add modifiers to your search query.
Editing Templates and Links	You can edit a template or template link at any time. Before you make edits, there are a few things to consider: If you edit a template, you’ll need to cancel any pending signature requests that were sent using that template, and send new signature requests using the updated version. If you edit a template link, the URL will remain the same and you won’t need to resend the link.
Delete a Template or Links	You can delete any template or template link you own. When you delete a template or template link, it’s deleted for you and anyone you’ve shared it with; Admins can delete any template or template link, even if they aren’t the owner. Deleting a template doesn’t cancel any pending signature requests that were created using that template. If you’d like, you can cancel those signature requests separately.

Dropbox In-person signing

As a reminder, with in-person signing, you can set up a template on an iPad or tablet so that a client or customer can sign the form in person with their finger.

Note: in-person signing is intended for single signer documents only. If you need more than one signer per document, send the request through the web app. Additionally, in-person signing requires an internet connection.

Dropbox Sign Set/Change the order of who signs

The signing order is important in a document because it establishes the sequence in which individuals are signing the document and can indicate the level of authority or responsibility of each signatory.

This can be important for legal or financial documents, where the order of signatures may affect the validity or enforceability of the document.

Additionally, the signing order can also be used as evidence of who agreed to the terms and conditions of the document and when, which can be important in disputes or legal proceedings.

Signature request

If you’d like to copy (CC) someone on a signature request, click + Add CC recipient in the Review and send section (the last step before you send for signature). You can continue clicking + Add CC recipient to CC as many people as you’d like.

Once the signer completes the document, the signer, requester and whoever is CC’d will receive a signed and fully executed copy of the document via email.

You can also create CC roles in templates while you’re creating them, but keep in mind these roles will be CC’d whenever you use the template.

As an admin you can enable HIPAA compliance (US compliance) which will remove the option for users to add a CC recipient.

Editing

You can edit and resend a document for signature at any time. However, when you resend a signature request, anyone who has already signed will need to sign again.

Note: you may not have the option to edit the Document title and Message fields if an admin on your team has enabled HIPAA compliance.

Cancelling

You can cancel a signature request at any time before all signers complete the request. If all signers have signed the document, you can delete the document instead.

Downloading signed documents

Once a signature request has been completed, you can download the signed documents on the website or the Sign mobile app.

Branding signature requests

There are five ways Sign Business senders may brand their accounts.The branding options are:

1. Upload a company logo, which will appear on:

• Signature request email notifications
• The signer page when reviewing documents for signature.

2. Create an email tagline

3. Create a “from” field

4. Create an email signature to appear in all signature request emails

5. Take signers to a custom URL after they’ve completed a signature request.

Dropbox Sign API allows more customisation like white labelling, where admins that want to offer a branded version of a electronic signature process to their customers, allowing also to integrate Dropbox Sign into their own systems and processes.

You can get different notifications with Sign:

• When I sign and send a document
• When someone signs a document I sent
• When someone opens a document I sent
• When I sign a document on a third-party site
• Daily outstanding signature request summary
• Send an email to all parties in an ordered signature request when the request has started
• Send an email to CC'd recipients when a document is sent, completed, declined, viewed or reassigned

Emailing PDF copies

With Sign you can enable when a PDF copy will be sent. The signed document will be stored in the location you decide, however you have the option of sending a copy.

• When a signature request is completed – email me a copy
• When a signature request is completed – email a copy to the other signers and anyone CC'd
• When I send someone a document via Dropbox Sign – email me a copy
• When I send someone a document via Dropbox Sign – email them a copy (and not just a link)

Working with the Dropbox Sign API

An API (Application Programming Interface) is a set of rules and protocols that allows different software programs to communicate with each other.

It specifies how software components should interact and APIs allow for the integration of different systems and applications.

APIs can be used to access web-based services, such as Sign’s electronic signature and to access software libraries, frameworks, and tools.

Dropbox Sign API is the industry's fastest eSignature API integration. Approximately 90% of our API customers implement Sign in less than 5 days, which is way faster than our competition.

Dropbox Sign key differentiators

Some of Sign API’s key differentiators include:

• Built to be embedded
• World-class developer experience
• Best-in-class user experience
• Developer staffed support teams
• Fastest rate of innovation

What do you use? A Dropbx API or App?

For teams that want a non-embedded experience or who don’t want to deal with any coding, our standalone product Sign is a great option.

For teams of 10 or more, we offer a secure and scalable enterprise eSignature platform.

However, if you need a customizable eSignature collector that embeds seamlessly into your workflow, Dropbox Sign API is your best bet.

As an API-first company, Sign prioritizes developing and supporting our API unlike anyone else in the industry.

Some of the biggest benefits customers enjoy include:

• A huge improvement in user experience that flawlessly represents your brand
• Resource savings
• Compliance management
• Innovation
• Low maintenance costs
• Flexibility to integrate into almost any environment and
• The focus of a team who know every facet of the eSignature industry.

Dropbox Sign has built-in security features:

• Court admissible audit trails appended to every signed document
• Every interaction with a signature request is logged in the audit trail
• All communications use SSL encryption
• All forms and audit trail databases are stored in an ISO 27001, ISO 900, SOC 1 Type 2, and SOC 2 Type 2 data center

Signer authentication

When you ask someone to sign a document, you can make sure the right person signs it with signer authentication. Admins can enable this option for the users.

• All documents at rest are stored using AES 256-bit encryption
• Audit trail data can be decoupled from signed PDF
• All form and audit data can be accessed for reporting

There are two kinds of authentication:

SMS: when the signer gets the signature request email, they’re prompted to send a code to their phone. They must enter the code to access the document.

Password: the sender sets a password that signers must use to access the file.

The sender has to give this password to signers – it’s not included in the email request.

Single Sign On

Admins on a Premium plan can enable SAML SSO in their account settings or the admin console.

Multi-factor authentication

Multi-factor authentication (MFA) is a method of authentication that requires the user to provide two or more forms of identification. This is in contrast to single-factor authentication, which only requires one form of identification, such as a password. This is also supported.

Dropbox Audit Trail

Sign creates a comprehensive transaction trail between signing parties. To provide you with a transaction history, we track and timestamp various information from the moment the document is submitted for signature to when it is completely signed and secured, such as IP address.

To ensure that any tampering of your transaction log is detectable, we process the transactions log with hashing technology. Should you ever need to rely on a transaction log, we are right by your side to assist you.

The audit trail that is appended to all executed signature requests includes an identifier that we can use to look up the corresponding transaction log in our database. You can separate the audit trail so that it comes back to you as its own file instead of being appended to the signed document.

These records include a hash of the PDF document that we can compare to the hash of a questionable PDF document to determine whether or not it has been modified or tampered with.

Note: self-signed documents (i.e. documents signed using the 'Just me' signing option) don't include an audit trail because you are the only signer on the document.

Dropbox Compliance

Sign technology leverages an ATL (Adobe Trusted List) compliant cloud based HSM to provide “certifying” digital signatures.

Certifying signature is applied “invisibly” providing authenticity, integrity, and origin assurance.Dropbox Sign certifying signatures allow no-further changes, annotations, form fill-ins, nor additional digital signatures.

Dropbox HIPAA compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a U.S. law that was enacted in 1996 to protect the privacy and security of certain health information. It sets standards for protecting certain health information, known as protected health information (PHI), and applies to certain entities known as covered entities, such as health care providers, health plans, and health care clearinghouses.

Sign supports HIPAA compliance for customers who are on an annual Standard or Premium plan, have a signed Business Associate Agreement (BAA) and meet the minimum contract value.

Dropbox Data residency

Sign offers regional storage and storage integration options to control the storage location of your documents.

Regional storage is for managing documents directly in Sign. Storage integration is for syncing documents to a cloud storage service, such as Dropbox. Sign has data infrastructure for document storage in the US, Australia, the EU, Japan, Canada and the UK. The default region for all plans is the US. Customers on Premium plans can choose to store their documents in an alternative region.

If you choose to store your documents in an alternative region, all at-rest documents for your organisation will be stored in our AWS data infrastructures in the specified region, for example in Frankfurt, Germany with a backup in Paris, France.

We offer regional data storage for all at-rest documents as well as the signatures themselves. These files are stored in the local AWS data centre through Amazon S3.

Sign Final Signed PDFs come digitally signed and timestamped All PDFs are signed with an ATL certificate to maximize their authenticity All ATL certificates are stored and managed according to Adobe’s HSM requirements Sign is compliant with several government regulations, including:

• SOC 2 Type 2
• ISO 27001
• HIPAA
• The U.S. eSign act of 2000
• The Uniform Electronic Transaction Act (EUTA) of 1999
• The new eIDAS regulation for the EU of 2016
• GDPR (General Data Protection Regulation)
• Privacy Shield

Lastly, Dropbox and Dropbox Sign wants to ensure that we operate by a strict set of guidelines in order to keep data safe, including:

• Information Security Policy
• Acceptable Use Policy
• Code of Conduct
• Background checks for all employees
• Endpoint encryption for all company-owned/issues devices
• Release Management Procedure
• Change Management Procedure
• Release Notes
• Access Provisioning, Termination, and User Access Review
• Incident Response Plan
• Business Continuity and Disaster Recovery Plan
• Penetration Testing Program
• Bug Bounty Program
• Breach Notification Policy
• Security & Risk Management Committee

Dropbox Integrations with Google and Microsoft

Google Docs & Google Drive

You can get the Dropbox Sign for Google Docs add-on from the add-on store. Now, you can prepare and send signature requests directly from Google Docs.

Microsoft Word

Our Dropbox Sign for Word integration supports signing and requesting signatures as well as access to your Dropbox Sign account information.

The Dropbox Sign for Word add-in allows a user to open any Word file (40MB or under) and use the file as the basis for signing or requesting signatures.

Dropbox Sign for Word features include signing a document, requesting signatures from multiple signers, and including cc’d recipients. Additional Dropbox Sign features are not currently supported.

Microsoft Dynamics

Additionally you can use the Dropbox Sign and Microsoft Dynamics integration to prepare and send documents for eSignature directly from Microsoft Dynamics 365. You can generate an eSignature capture form, add the recipient’s information, and send the form to signers.

Microsoft OneDrive

When you sync Dropbox Sign to OneDrive, it will add a Dropbox Sign folder to your OneDrive account. All copies of sent and received documents will be stored here for your convenience, so you do not have to go back to the website to access them.

Once you activate the Dropbox Sign OneDrive integration, you will be able to upload directly from OneDrive when signed into Dropbox Sign.

Microsoft Azure AD

The integration with Azure AD provides single sign-on and just-in-time provisioning.

Microsoft SharePoint

You can also integrate Dropbox Sign and Microsoft Sharepoint (We will be covering this integration later in this course).

Out-of-the-box integrations

Using Dropbox Sign API you can connect with any application, even self-developed ones.

However Sign offers ready out of the box integrations, ready to be installed in the most popular tools like Hubspot, Salesforce and Sharepoint.

The Dropbox Sign for Hubspot, Salesforce and SharePoint integrations allows businesses to initiate, automate, and complete these critical business transactions natively within those apps

Admins or signature requestors never have to leave these apps when making templates, reporting, or sending contracts.

If the application supports it, with the ready out of the box integrations you can do:

• Native template creation
• Native reporting
• Configurability
• Pre-fill documents with data loaded in those tools
• Re-write existing data in those tools
• Document storage and auditability