Document Security

Keeping your documents safe and their authenticity and integrity intact is our utmost priority.

In this chapter, you will learn how we can help you protect them from unauthorized access, tampering, and any other possible threats.

Internal

Access Rights

Availability: Team and Enterprise

Private - Any document you upload without specifying its destination will be private and only visible to you. 

Your Folders are all private as well. If you upload a document into a folder, it will be private unless all you explicitly share it with an internal user or an external recipient. Entire folders cannot be shared.

Private document

Public - Any document uploaded into Team Files can be private (visible only to you) or public (visible to your Team members) based on the settings of its destination file. This setting can then be changed on a document level.

Public folder

“Make public” option and Team Files are available in Circularo Team and Enterprise. 

PDF Protection

When downloading a document that is not in a PDF format already, you have the option to either download it in its original format, or as a PDF file with restrictions.

Download a document

Protect the content of your PDF document by selecting any of the restrictions below.

PDF protections
  • Restrict Assembly - Restrict extracting, deleting, copying, replacing, and changing the order of pages in a PDF document.
  • Restrict Extraction - Restrict copying content of the PDF document.
  • Restrict Accessibility - Restrict screen readers to access the PDF content to enable accessibility. 
  • Restrict Form Filling - Restrict the input of form fields and signatures even when the “Allow Annotations” option is disabled.
  • Restrict Modifications - Restrict modifying the PDF content.
  • Restrict Annotations - Restrict adding or modifying text annotations and fill-in interactive form fields.
  • Restrict Printing - It will not be possible to print out the PDF

All restrictions are enabled by default.

Electronic certificates

All documents that have been digitally signed or sealed in Circularo are protected by internationally recognized AATL-compliant, HSM-based electronic certificates issued by the Trusted EU based Certification Authority I.CA. Only Adobe Approved Trust List (AATL) certificates are automatically recognized and validated by Adobe and other commercial PDF viewers.

AATL certificates must meet very strict regulations to protect the Digital Identity of the owner of the certificate.

Verifying that your document has not been compromised and has been signed with an AATL-compliant certificate can be done easily via Adobe.

All digitally signed documents have certified time stamps issued by I.CA which provide a reliable way to assign current time data to existing data and documents.

I.CA is member of:

  • Microsoft Root Program
  • Adobe Approved Trust list Member CA/Browser forum
  • Apple Root Certificate Program
  • eIDAS Trusted Lists  Member
verified document

Document Verification

Each signed PDF document contains a unique DocID with a verification link. ​Before clicking on the verification link, it is recommended to check the signature validity in the PDF document itself in Adobe Acrobat or another PDF reader.

document verification

For maximum security and trust, we recommend you upload the signed PDF document to a document verification page as well.

Links for verification vary based on their locations. Documents have to be verified on the same domain where they were created.

verification page

External

Keep the integrity of your documents under control when collaborating with external recipients. Read more about sharing documents with external recipients here.

Sharing documents with external recipients

Circularo offers various different options for protecting documents you’re sharing with external recipients from getting into the wrong hands. There are multiple ways to verify recipient's identity.

If you have an external recipient saved in your contacts, you can see which documents you are sharing with them under their contact

Document protection for sharing with external recipients

  • Password protected: The system offers the option to specify a password to access the document directly with external recipients. This password can then be shared with the external recipients in question outside of Circularo.
  • SMS protected: Adds an additional security layer to sharing via email by adding the recipient’s phone number. When they later try to access the shared document, the system will send them a text message containing the verification code.
  • Mail protection: A new Email OTP feature. When set to Yes, external recipients will not be able to open the document without verifying their email address and entering the verification code sent to their email.
  • 3rd party application authorization: Choose a third-party app such as Google, Microsoft, or LinkedIn, and ask the recipient to verify their identity through their account with OAuth.

Protections can be set when sending documents to external recipients for signing as well as when sharing documents with external recipients for viewing

Public link security options

Sharing documents through channels other than email can be done via the creation and sharing of public links. You have the option to ban further access to such documents at any time.

Remove a public link from your document

  1. Go to the Shared section
  2. Click on Public links
Public link

3. Right click on a document
4. Click on Share
5. Next to “Anyone with the link can view this document” click, on the X to remove the public link

remove a public link