71 results found
-
Critical security feature: Clearly show email of the person who prepared the contract to prevent fishing attack
We use PandaDoc to sign documents with contractors, vendors, etc. Typically someone from the team prepares the contract and then the management (often me) gets an email with a request to sign, sign it and that's it.
The problem is, that there is no way for management to verify, who actually created the contract. There is just the name of that person but no email! This creates a simple attack vector - anyone with PandaDoc can now change their name to match someone from another company, create an arbitrary contract, send it to some person from that company and have…
2 votes -
2 votes
-
2 votes
-
Webhooks Security
Concern of security of Webhooks in the dashboards (users have access into the dashboard and can adjust/delete Webhooks; also no audit capabilities)
Need to get this behind a security role/wall1 vote -
Customize password submission screen for password-protected documents/folders
It would be very helpful to be able to add our own customized text or image to the password submission screen. There is a lot of available screen real estate (see the attached image from https://support.pandadoc.com/hc/en-us/articles/1500002610481--Editor-2-0-Protect-documents-with-two-factor-authentication). There is already a small paragraph of PandaDoc-specific text ("by clicking Submit and using PandaDoc's services..." "...as detailed more fully in PandaDoc's Privacy Notice [linked]."). But since the recipient will enter the password to access OUR documents, it's critical that we can add a bit of our own text as well. This could be something like "by clicking Submit, you agree to confidentiality…
2 votes -
Disable local password for certain email domains
I would like to enforce Google login for my company's users. Please provide settings where I can specify my company's email domain and specify that local passwords not be permitted for users with this email domain.
This is a simpler configuration option than setting up Google as a SAML IdP.
1 vote -
Javascript sdk user authentication
A method that can authenticate the user to automatically log in with the help of API-key or access token.
2 votes -
Certificate that complies with EU applying Regulation (EU) 910/2014.
Ability to change the certificate so it's from qualified trust service provider according to EU applying Regulation (EU) 910/2014.
2 votes -
Password change notification.
Password change notification.
2 votes -
Template Editor SDK - Non-PD users
Ability to use Embed JS SDK using Pass-though authentication. Giving webapps the ability to allow for their users to create templates without being PandaDcc Users.
6 votes -
ISO 9001 compliant
ISO 9001.
2 votes -
1 vote
-
Data storage - AWS servers
don't wanna store data on Amazon servers.
3 votes -
AODA compliance
require AODA compliance
1 vote -
Data storage exclusively in Canada
Some customer's require storage to be localized exclusively within Canada
8 votes -
Data storage in Australia
Australian server/host location
12 votes -
CRA requires special compliance
CRA Canadian revenue association that requires special compliance
1 vote -
ACPR Compliant
ACPR (Autorité de Contrôle Prudentiel et de Résolution (ACPR) is the independent administrative authority responsible for monitoring the conduct of financial institutions in France. Apparently in this case it determined that PD security solution is not strong enough
2 votes -
general compliance standards
PandaDoc signature certificate isn't sufficient for my client's compliance standards.
3 votes -
signatures compliant in Thailand.
signatures compliant in Thailand.
2 votes
- Don't see your idea?