Welcome to Ironclad's Security Portal. Our commitment to data privacy and security is embedded in every part of our business. Use this Security Portal to learn about our security posture and request access to our security documentation.
Documents
We follow industry best practices for endpoint security. We are happy to provide more details about our endpoint security practices upon request.
Ironclad is investigating a security notification by one of our subprocessors, Dropbox.
Dropbox features that were impacted were HelloSign/Dropbox Sign, which has resulted in the exposure of emails, usernames, phone numbers and hashed passwords for customers using their own HelloSign/Dropbox Sign accounts.
Ironclad’s Legacy Signature solution leveraged HelloSign/Dropbox Sign, but the customer impact is limited to the exposure of signature request recipient data (e.g., names and emails). At this time, Dropbox has said that it has no reason to believe the signed documents themselves were exposed.
Safeguarding the security and privacy of our customer's data is our top priority, and we are working diligently to assess the extent of the impact.
Ironclad has already completed the immediate recommended actions posted by Dropbox to address any further concerns as of 5:45 pm PST on May 1st, 2024. We are also working on individual comms to our Legacy Signature customers.
Ironclad’s new Signature solution, as well as our Docusign integration, or any other signature provider is NOT impacted by this incident.
Ironclad will continue to monitor the situation and provide updates on our security portal as we progress through our investigation and learn more from HelloSign/Dropbox Sign.
Ironclad’s Security Team
Ironclad is not impacted by the Xz version 5.6.0 and 5.6.1 (CVE-2024-3094) vulnerability
VulnerabilitiesCopy linkIronclad is aware of the recent vulnerability affecting xz version 5.6.0 and 5.6.1 (CVE-2024-3094). We can confirm that our applications and infrastructure is not using the affected version and is not impacted. We are continuously monitoring the updates related to this vulnerability, and will share more details if needed here on our security portal.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.