Reporting Security Events

If you see something, say something.

At HelloSign we take security incidents seriously and you are our most important information security asset.  Reporting potential incidents or concerns is the ultimate protection against cybercrime, including fraud.

HomeTrustSecurity
Reporting Security Events

Reporting an issue with privacy

At HelloSign we believe that you own your data, and we’re committed to keeping it private. Our privacy policy clearly describes how we handle and protect your information. On an annual basis our independent third-party auditors test our privacy related controls and provide their reports and opinions which we can then provide to you.


If you need to submit a request with respect to privacy-related concern please submit it to privacy@dropbox.com

View Privacy Policy

Reporting a potential security incident

If you need to report a potential security incident to HelloSign please submit a request.

Reporting SPAM

If you click a phishing email you’re gonna have a bad time

If you think that you’ve received a fraudulent email pretending to come from HelloSign, please submit a request.

Signs of fraudulent emails and websites:

1. Fake links

  • Avoid fake links by accessing your documents directly from https://www.hellosign.com or https://www.helloworks.com by logging in.
  • For emails always hover over the link using your cursor before you click on it.  The email status bar will show the intended destination. All links from HelloSign will redirect to hellosign.com, hellofax.com, or helloworks.com

2. Fake sender email address

  • Fake emails may include a forged email address in the "From" field. This field is easily altered. If you don’t recognize the sender of a HelloSign envelope, contact the sender to verify the authenticity of the email.

3. Attachments

  • HelloSign email requests to sign a document never contain attachments of any kind. DO NOT open or click on attachments within an email requesting your signature.
  • Only after all parties have signed will HelloSign provide a PDF in email.  We do NOT send any other type of attachments.

4. False sense of urgency

  • We do not have the concept of urgency in our platform. As such urgent requests are not valid.

5. Misspellings and bad grammar

  • Fake emails often contain misspellings, incorrect grammar, missing words, and gaps in logic.

6. Unsafe sites

  • We only provide access via https.

7. Pop-up boxes

  • We do not use pop-ups as a part of our email notifications.