When it comes to digital document workflows, data security and transparency are two topics I see clients and colleagues ask about time and time again. Many rely on electronic signature tools for business-critical agreements, and naturally, they want to know exactly who touches their data along the way. That brings me to the new update from Docusign, its Subprocessor List for 2025.
This update is more than a routine change: it can affect compliance, especially if your business operates in regulated industries or across borders. I’ll explain what’s changed, how you can respond, and how you can keep your workflow both flexible and secure (especially if you’re curious about alternatives like CloudSign.ie).
What is a subprocessor, and why does it matter?
Simply put, a subprocessor is any third-party vendor that handles data on behalf of a main processor, such as an e-signature provider. When you use a tool like Docusign or CloudSign.ie, some features, like support bots or web automation, may rely on outside companies to work properly. Under GDPR and Irish data protection law, you have a right to know who these vendors are and what they do, so you can safeguard your client information and remain within the legal framework.
It’s not just a privacy issue; it’s also compliance with frameworks like the eIDAS regulation, which lays the ground rules for trust services and digital signatures throughout the EU.
What’s new in Docusign’s subprocessor list for 2025?
After reviewing Docusign’s official 2025 subprocessor update, here’s what stands out:
- Addition: Bitonic Technology Labs, Inc. is now a subprocessor. This company will operate across several key regions: United States, European Union, Middle East, Africa, Asia-Pacific (APAC), and India. Bitonic will help Docusign with agentic automation, Docusign’s main website, developer and support portals, customer support telephony, as well as product and technical support for eSignature. This means data from many geographic areas will pass through Bitonic systems as part of Docusign’s process in 2025.
- Removal: Coveo Software Corp. has been removed from subprocessor duties in the United Kingdom, Canada, and Australia. In the past, Coveo provided customer support bots and other in-product support functions within eSignature. Now, these regions will no longer have data directed through Coveo for these tasks.
These are not the only vendors Docusign works with, but they are the changes specifically flagged for 2025. I found it notable that the removal of Coveo from some regions was mentioned as explicitly as the addition of Bitonic. That tells me they expect their customers to care about not just new subprocessors, but also which ones are being phased out.
Why should businesses care about this change?
With every change to a subprocessor list, your business is given a chance to assess risk. Here’s what you should pay attention to:
- Data protection requirements differ by region. If your documents pass through multiple subprocessors, including those in the U.S. or India, your data could be subject to different privacy rules (especially relevant for GDPR and local regulations).
- Transparency is not just for peace of mind: it’s a compliance requirement under contracts and laws in Ireland and the EU.
- Changes to subprocessors may affect performance, support, and even the security of your digital workflows.
Every subprocessor change is a new checkpoint for your compliance and trust.
In my own experience consulting for firms switching from paper-based processes, knowing exactly who has access to data is the foundation of trust in digital contract management. That’s partly why CloudSign.ie has built its platform to maximize transparency, security, and user control, especially for businesses with cross-border operations.
How to object to a new subprocessor
Docusign provides a defined way to object, which is a basic requirement under GDPR for processors and controllers. If you find the new subprocessor, or even the removal of an old one, potentially risky, you can raise an official objection. Here’s what the process looks like:
- Email privacy@docusign.com and use “Subprocessor Objection” as the subject line.
- In the email body, state:
- Your name and your company’s name
- The Docusign service your business uses
- The subprocessor you wish to object to (Bitonic Technology Labs, Inc. or, for historical reasons, Coveo Software Corp.)
- Your reason for the objection (for example, “Concerns about data transfer outside the EU” or “Potential support delays”)
While Docusign’s documentation covers this process, in my research for CloudSign.ie users, I have seen how some platforms (including ours) make this easier and offer more timely support. It really stands out to clients when their objection gets personal attention, fast turnaround, and clear follow-up. Speed and transparency in handling subprocessor objections reinforce user control over data.
Other policy updates and compliance areas
The 2025 subprocessor update is not the only policy adjustment to be aware of. Docusign also reaffirms the following legal areas in its documentation:
- Terms of use
- Privacy notice
- Notice to California residents
- Cookie settings
- Intellectual property statements
- Modern slavery act compliance
What I tell clients: read these policies in full before signing long-term contracts. This applies to every e-signature provider, not just Docusign, and is equally valid for your company if you’re reviewing CloudSign.ie or another solution (and especially if you’re impacted by rules in Ireland or across the EU).
If you need more resources on disaster recovery plans for digital contract systems, you can find guides on our blog, such as the Docusign NA2 disaster recovery user guide or details about upcoming maintenance windows. These articles are often helpful when planning large contract migrations or handling multi-region compliance.
How CloudSign.ie handles subprocessors differently
I get this question a lot: what makes CloudSign.ie a better alternative for handling data and subprocessors? Here’s my perspective:
- Absolute transparency: Customers can easily access a real-time list of all technology partners involved in workflow automation, support, and eSignature functions.
- Data residency options: Our platform is designed for Irish and EU customers, with features to limit or exclude data transfers outside the EEA unless strictly required.
- Direct support: If you have an objection or request, we assign a dedicated manager to the issue, not just an auto-reply inbox.
- AI-driven contract management: Unlike many competitors, CloudSign.ie uses advanced artificial intelligence to flag risks, secure workflows, and recommend improvements, without requiring you to trust third parties hidden from view.
- Free forever plan: Individuals and small teams can sign documents without any monthly fee, all within the legal boundaries for digital transactions in Ireland.
While other providers might have bigger brands, I’ve seen first-hand how small details, like human support for subprocessor objections and a truly local compliance focus, set CloudSign.ie apart. You’re not just getting a platform; you’re getting an ally in the ongoing challenge of secure, fast, GDPR-compliant document management.
For anyone managing disaster recovery or multi-region workflows, we offer practical guides such as the EU disaster recovery test guide and other resources tuned for Irish decision makers.
Conclusion: Choose control, transparency, and compliance
To sum up, the 2025 Docusign subprocessor update introduces Bitonic Technology Labs, Inc. to the mix, shifts support roles in key regions, and gives customers a clear if sometimes slow process to object. If your business values control, local compliance, and clear lines of communication, alternatives like CloudSign.ie can offer an experience that’s simpler, more transparent, and better tailored for Irish and EU organizations.
If you’re looking for an e-signature solution that makes subprocessor transparency, GDPR compliance, and fast personal support the standard, test CloudSign.ie for yourself and experience digital document management the way it should be.
Frequently asked questions
What is a Docusign subprocessor?
A Docusign subprocessor is a third-party company that Docusign engages to help process and support customer data as part of its digital document services, such as eSignature, website functions, or support tools. These subprocessors may handle your information for automation, technical support, customer service, or related features.
How to object to a new subprocessor?
You can object by sending an email to privacy@docusign.com with the subject line “Subprocessor Objection.” Be sure to include your name, company, the Docusign service in question, the subprocessor’s name, and your reason for objecting, such as privacy, performance, or regulatory concerns.
Where can I find the 2025 list?
The 2025 Docusign subprocessor list is published on Docusign’s official website and is provided to customers as part of their regular compliance communications. You can also request it through the Docusign support portal or via your contract manager. For further context or disaster recovery plans, check related resources, including the disaster recovery guide.
What’s new in the 2025 subprocessor list?
Bitonic Technology Labs, Inc. has been added as a new subprocessor for website, automation, and support functions in many regions, while Coveo Software Corp. has been removed for support bot duties in the UK, Canada, and Australia.
How often is the subprocessor list updated?
Docusign generally updates its subprocessor list annually or when major vendor changes occur. Customers are notified ahead of significant changes, and updates are reflected on the official Docusign website and compliance pages.