HTML-to-PDF API with SOC2, GDPR & HIPAA Compliance

DocRaptor's HTML-to-PDF API processes many confidential documents, from financial reports to legal paperwork. We take security and privacy very seriously, both for our US-based customers and many international users. Strict adherence to compliance standards and third-party security audits provide independent verification of our commitment to keeping your PDF documents secure.

Enterprise-Level Security & Privacy

A few of the procedures and policies we use to keep your documents secure

Data Encryption
All DocRaptor data, including user information and documents, is encrypted in-transit and at-rest with TLS and AES 256-bit encryption.
Automatic Document Deletion
The Document Retention setting can be configured to immediately and permanently erase all documents from our servers upon retrieval.
Regular Testing & Scanning
DocRaptor undergoes continual vulnerability scanning and annual third-party, application-layer penetration tests.
Secure Development Lifecycle
In addition to manual code reviews and automated security checks, we conduct regular security policy reviews and developer training.

Compliance Standards

DocRaptor fully meets these US and International security and privacy standards

DocRaptor is SOC2 Type I compliant. We have been audited by an independent firm that confirmed that DocRaptor meets the requirements set forth in TSP section 100, 2017 Trust Services Criteria for Security. A copy of our SOC2 report can be requested by following these instructions.
With hundreds of European customers, DocRaptor is fully GDPR compliant. All personal information is handled in compliance with the latest EU laws. A Data Processing Agreement can be requested by following these instructions.
Data Privacy Framework
DocRaptor is a registered participant in the EU-U.S. Data Privacy Framework, including the UK Extension and the Swiss-U.S. DPF. The Data Privacy Framework is the successor to the Privacy Shield Framework. Our Privacy Policy is updated with the latest Framework details as needed.
HIPAA compliance is available on all paid DocRaptor plans at no additional charge. Account settings must be updated and a Business Associate Agreement (BAA) executed for HIPAA compliance to be enabled.


DocRaptor uses Amazon Web Services (AWS) to host our infrastructure. Among their many industry-leading security practices, AWS data centers have biometric screening, intrusion detection, video monitoring, third-party audits, and 24/7 security operations centers.

Virtual access to our AWS infrastructure is restricted to required personnel and is available only through secure, multi-factor authentication.

Disclosure Policy

In addition to our third-party penetration testing, DocRaptor supports the work of security researchers to identify weaknesses in any technology.

Our Vulnerability Disclosure Policy outlines our guidelines for reporting potential vulnerabilities to our security team, and what aspects of our service are included and excluded for authorized research.

Ready to get started? Try DocRaptor for free with unlimited test documents.