Skip to main content
Skip table of contents

Document Security

Keeping your documents safe and their authenticity and integrity intact is our utmost priority.

In this chapter, you will learn how we can help you protect them from unauthorized access, tampering, and any other possible threats.

Internal

Access Rights

Availability: Business and Enterprise

Private - Any document you upload without specifying its destination will be private and only visible to you.

Your Folders are all private as well. If you upload a document into a folder, it will be private unless all you explicitly share it with an internal user or an external recipient. Entire folders cannot be shared.

1 Share.png

Share a document

Shared- Any document uploaded into Shared Folders can be private (visible only to you) or public (visible to the entire organization) based on the settings of its destination folder. This setting can then be changed on a document level. You can also choose whether other users will be able to edit a shared document or folder or only read it. This setting can be changed at any time.

Shared Folders are available in Circularo Business and Enterprise.

PDF Protection

When downloading a document that is not in a PDF format already, you have the option to either download it in its original format, or as a PDF file with restrictions.

3 Download non-pd.png

Download non-PDF document

Protect the content of your PDF document by selecting any of the restrictions below.

4 PDF Protection.png

PDF protection

  • Restrict Assembly - Restrict extracting, deleting, copying, replacing, and changing the order of pages in a PDF document.

  • Restrict Extraction - Restrict copying content of the PDF document.

  • Restrict Accessibility - Restrict screen readers to access the PDF content to enable accessibility.

  • Restrict Form Filling - Restrict the input of form fields and signatures even when the “Allow Annotations” option is disabled.

  • Restrict Modifications - Restrict modifying the PDF content.

  • Restrict Annotations - Restrict adding or modifying text annotations and fill-in interactive form fields.

  • Restrict Printing - It will not be possible to print out the PDF

All restrictions are enabled by default.

Electronic certificates

All documents that have been digitally signed or sealed in Circularo are protected by internationally recognized AATL-compliant, HSM-based electronic certificates issued by the Trusted EU based Certification Authority I.CA. Only Adobe Approved Trust List (AATL) certificates are automatically recognized and validated by Adobe and other commercial PDF viewers.

AATL certificates must meet very strict regulations to protect the Digital Identity of the owner of the certificate.

Verifying that your document has not been compromised and has been signed with an AATL-compliant certificate can be done easily via Adobe.

All digitally signed documents have certified time stamps issued by I.CA which provide a reliable way to assign current time data to existing data and documents.

I.CA is member of:

  • Microsoft Root Program

  • Adobe Approved Trust list Member CA/Browser forum

  • Apple Root Certificate Program

  • eIDAS Trusted Lists Member

Seal

Documents can be secured with an electronic certificate without adding any signatures. This can be done via the Seal security element (in the Context menu of a document) which, as the name suggests, acts as a virtual seal that makes the document verifiable online and shows if the document has been altered since being sealed. Any modification to a sealed document results in the seal breaking.

Users can seal documents at any point of their processing journey to protect their integrity. Sealed documents can be signed later or can remain unsigned. Signed documents cannot be sealed.

Document Verification

Each signed PDF document contains a unique DocID with a verification link in its Certificate of Fulfillment. Clicking it will automatically transfer you to our verification page. You can also check the validity of signatures in PDF readers such as Adobe or others.

screely-1724414675587.png

Verified document

We have a dedicated verification page, where you can upload a PDF file, and our system will check the validity of any signatures and whether the document has been modified.

Links for verification vary based on their locations. Documents can only be verified on the same domain on which they were created, so only documents signed in Circularo can be verified on our verification page.

Verification page-20240726-071812.png

Verification page

 If you only have a document ID, without the whole PDF file, our page has the option of checking that as well.

Please note, that when you use document ID for verification, our system can only check whether a document with that ID exists in our system and its status. To check whether the contents of your document have been modified against the version logged in our system, upload the whole PDF.

DocID verification.png

Document ID verification

External

Keep the integrity of your documents under control when collaborating with external recipients. Find out more about sharing with external recipients.

Sharing documents with external recipients

Circularo offers various different options for protecting documents you’re sharing with external recipients from getting into the wrong hands. There are multiple ways to verify recipient's identity.

If you have an external recipient saved in your contacts, you can see which documents you are sharing with them under their contact.

Document protection for sharing with external recipients

  • Password protected: The system offers the option to specify a password to access the document directly with external recipients. This password can then be shared with the external recipients in question outside of Circularo.

  • SMS protected: Adds an additional security layer to sharing via email by adding the recipient’s phone number. When they later try to access the shared document, the system will send them a text message containing the verification code.

  • Mail protection: A new Email OTP feature. When set to Yes, external recipients will not be able to open the document without verifying their email address and entering the verification code sent to their email.

  • 3rd party application authorization: Choose a third-party app such as Google, Microsoft, or LinkedIn, and ask the recipient to verify their identity through their account with OAuth.

Protections can be set when sending documents to external recipients for signing as well as when sharing documents with external recipients for viewing.

Public link security options

Sharing documents through channels other than email can be done via the creation and sharing of public links. You have the option to ban further access to such documents at any time.

To cancel a public link, either find the document you know has a public link, or

  • Go to Shared tab

  • Click on Public links

Public linkd.png

Public links

  • Right click on the desired document

  • Click on Share

  • On the bottom of the dialogue window, next to “Anyone with the link can view this document” click on X

Cancel link.png

Cancel public link

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close