Frequently Asked Questions

General Usage

What Procore tools are currently supported?

An official list of supported tools and features can be found here.

How large of files can be sent?

Dropbox Sign officially supports up to 40MB or 500 pages between the main file and all attachments. If you need to exceed this limit, we suggest adding the files to a external file share and providing a link as part of the request.

Are text tags supported in the main contract?

To add text tags (default signing locations) to your main contract, you must engage Procore's Custom Solutions Team. If you are interested, please reach out to Shake IT and they can help guide you through this process in an efficient manner.

Are text tags supported in attachments?

Yes, attachments can contain text-tags, which will automatically place the signing locations in your documents.

Can you provide an example text tag document?

The official example document is provided by Dropbox Sign here: https://developers.hellosign.com/docs/text-tags/walkthrough/#example-document

Information Security

What types of data do you store?

We store the bare-minimum needed for the integration to be operational, including:

Customer name (for identification purposes)
Greenhouse API Keys (to interact with Greenhouse)
Dropbox Sign API Keys (to interact with Dropbox Sign)
Dropbox Sign Refresh Tokens (for session management)
Configurations (for side-panel functionality)
Signature usage data (for billing purposes)

Do you review 3rd-party components for known defects and vulnerabilities?

Yes. We use Jenkins pipelines, integrated with SonarQube (1st-party) and OWasp (3rd-party), for vulnerability detection. These scans are triggered at various intervals: quarterly, with each major/minor release, and any time a new library is introduced.

Do you have controls in place to protect from Distributed Denial-of-Service (DDoS) attacks?

Yes. All external API's are fronted by a WAF, that has built in controls for rate-limiting, blacklisting, bot detection, etc.

What types of policies are in place to ensure interal security and process management?

We constantly maintain a variety of internal policies and procedures, including but not limited to:

Code Management Policy
Secure Coding Policy
Software Development Process
Interal Security Guidelines

All employees are required to review and sign-off on policies annually.

Do you conduct penetration testing?

Yes. We perform penetration testing on an annual basis using a certified 3rd-party.

Is all sensitive data encypted?

Yes. All sensitive data is encypted at rest using industry standard encryption techniques.

General Usage​

What Procore tools are currently supported?​

How large of files can be sent?​

Are text tags supported in the main contract?​

Are text tags supported in attachments?​

Can you provide an example text tag document?​

Information Security​

What types of data do you store?​

Do you review 3rd-party components for known defects and vulnerabilities?​

Do you have controls in place to protect from Distributed Denial-of-Service (DDoS) attacks?​

What types of policies are in place to ensure interal security and process management?​

Do you conduct penetration testing?​

Is all sensitive data encypted?​