Skip to content Skip to main navigation Skip to footer

Privacy and Security

Opero Signature is strictly a Salesforce app. Opero Signature must pass Salesforce security review in order to be published on the AppExchange and continue to pass security review for each new version published and ongoing reviews by Salesforce security team.

Opero Signature allows you to send a Google Doc to your customers for e-Signature. The actual Google Document that you send for signature is your own Google Document that is owned and managed by your own Google User, on your Google Drive. The process of sending a document for eSignature from Salesforce all happens within Salesforce and all the data is stored within Salesforce.

Opero does not have any access to your Salesforce org data or your Google Drive. However when you configure Opero Signature you grant access to our web service. When you send a document for signature, a record id of the eSign Doc is saved in a secure database on our web service along with your org id. When a customer clicks the link to sign your document, using the oauth connection granted, our web service gets the eSign Doc record information to serve the document for signature. When your customer signs the document, our web service updates the eSign Doc record in your Salesforce org with the signature information as well as generates the final PDF of the signed document and attaches it to the eSign Doc record. No additional data is stored on Opero’s web service other than the date/time stamp of the document, the unique eSign Doc ID, and the org id. We do not store any other data on our external web service, and all the signature data and documents are stored within your Salesforce org.

Opero’s web service is hosted and managed by Microsoft Azure, a leading cloud computing app managed server. All data is transmitted from your Salesforce org to our web service securely using HTTPS.

The connection authorized by the Salesforce user on the eSign Configuration tab within Salesforce creates the oauth token used to update your Salesforce org. This authorization can be revoked anytime on the same page within Salesforce. The user used for the integration with our web service can be configured to have the limited permissions required to process the eSign Doc reading and updates.