Document Security
Keeping your documents safe and their authenticity and integrity intact is our utmost priority.
In this chapter, you will learn how we can help you protect them from unauthorized access, tampering, and any other possible threats.
Internal
Access Rights
Availability: Business and Enterprise
Private - Any document you upload without specifying its destination will be private and only visible to you.
Your Folders are all private as well. If you upload a document into a folder, it will be private unless all you explicitly share it with an internal user or an external recipient. Entire folders cannot be shared.
Public - Any document uploaded into Shared Folders can be private (visible only to you) or public (visible to the entire organization) based on the settings of its destination folder. This setting can then be changed on a document level.
Make public option and Shared Folders are available in Circularo Business and Enterprise.
PDF Protection
When downloading a document that is not in a PDF format already, you have the option to either download it in its original format, or as a PDF file with restrictions.
Protect the content of your PDF document by selecting any of the restrictions below.
Restrict Assembly - Restrict extracting, deleting, copying, replacing, and changing the order of pages in a PDF document.
Restrict Extraction - Restrict copying content of the PDF document.
Restrict Accessibility - Restrict screen readers to access the PDF content to enable accessibility.
Restrict Form Filling - Restrict the input of form fields and signatures even when the “Allow Annotations” option is disabled.
Restrict Modifications - Restrict modifying the PDF content.
Restrict Annotations - Restrict adding or modifying text annotations and fill-in interactive form fields.
Restrict Printing - It will not be possible to print out the PDF
All restrictions are enabled by default.
Electronic certificates
All documents that have been digitally signed or sealed in Circularo are protected by internationally recognized AATL-compliant, HSM-based electronic certificates issued by the Trusted EU based Certification Authority I.CA. Only Adobe Approved Trust List (AATL) certificates are automatically recognized and validated by Adobe and other commercial PDF viewers.
AATL certificates must meet very strict regulations to protect the Digital Identity of the owner of the certificate.
Verifying that your document has not been compromised and has been signed with an AATL-compliant certificate can be done easily via Adobe.
All digitally signed documents have certified time stamps issued by I.CA which provide a reliable way to assign current time data to existing data and documents.
I.CA is member of:
Microsoft Root Program
Adobe Approved Trust list Member CA/Browser forum
Apple Root Certificate Program
eIDAS Trusted Lists Member
Seal
Documents can be secured with an electronic certificate without adding any signatures. This can be done via the Seal security element (in the Context menu of a document) which, as the name suggests, acts as a virtual seal that makes the document verifiable online and shows if the document has been altered since being sealed. Any modification to a sealed document results in the seal breaking.
Users can seal documents at any point of their processing journey to protect their integrity. Sealed documents can be signed later or can remain unsigned. Signed documents cannot be sealed.
Document Verification
Each signed PDF document contains a unique DocID with a verification link in its Certificate of Fulfillment. Clicking it will automatically transfer you to our verification page. You can also check the validity of signatures in PDF readers such as Adobe or others.
We have a dedicated verification page, where you can upload a PDF file, and our system will check the validity of any signatures and whether the document has been modified.
Links for verification vary based on their locations. Documents can only be verified on the same domain on which they were created, so only documents signed in Circularo can be verified on our verification page.
If you only have a document ID, without the whole PDF file, our page has the option of checking that as well.
Please note, that when you use document ID for verification, our system can only check whether a document with that ID exists in our system and its status. To check whether the contents of your document have been modified against the version logged in our system, upload the whole PDF.
External
Keep the integrity of your documents under control when collaborating with external recipients. Read more about sharing documents with external recipients here.
Sharing documents with external recipients
Circularo offers various different options for protecting documents you’re sharing with external recipients from getting into the wrong hands. There are multiple ways to verify recipient's identity.
If you have an external recipient saved in your contacts, you can see which documents you are sharing with them under their contact.
Document protection for sharing with external recipients
Password protected: The system offers the option to specify a password to access the document directly with external recipients. This password can then be shared with the external recipients in question outside of Circularo.
SMS protected: Adds an additional security layer to sharing via email by adding the recipient’s phone number. When they later try to access the shared document, the system will send them a text message containing the verification code.
Mail protection: A new Email OTP feature. When set to Yes, external recipients will not be able to open the document without verifying their email address and entering the verification code sent to their email.
3rd party application authorization: Choose a third-party app such as Google, Microsoft, or LinkedIn, and ask the recipient to verify their identity through their account with OAuth.
Protections can be set when sending documents to external recipients for signing as well as when sharing documents with external recipients for viewing.
Public link security options
Sharing documents through channels other than email can be done via the creation and sharing of public links. You have the option to ban further access to such documents at any time.
To remove a public link from your document
Go to the Shared section
Click on Public links
3. Right click on a document
4. Click on Share
5. Next to “Anyone with the link can view this document” click, on the X to remove the public link