DocuSign eSignature Integration

Overview

Street Feast Finder uses DocuSign eSignature to power legally binding digital contracts between food truck vendors and event organizers. When a booking is accepted on our platform, the contract is automatically generated and sent for electronic signature through DocuSign's secure, industry-standard signing platform.

How It Works

1. Booking accepted. When a vendor accepts a booking request, our system automatically generates a PDF contract with all booking details — dates, location, services, and agreed terms.
2. Contract sent for signing. The contract is securely transmitted to DocuSign and sent to both the vendor and the event organizer for electronic signature.
3. Embedded signing experience. Both parties sign the contract directly within the Street Feast Finder platform — no separate DocuSign account, no email attachments, no downloads required.
4. Real-time status. As each party signs, the platform receives instant updates via DocuSign's secure webhook system. Both parties can see the signing status in real time.
5. Completed contract. Once both signatures are collected, DocuSign applies its tamper-evident seal and a Certificate of Completion. The signed PDF is stored securely and remains available to both parties.

Authentication & Security

Our integration with DocuSign uses enterprise-grade security:

• OAuth 2.0 JWT Grant authentication — the application authenticates using a cryptographically signed JSON Web Token, not a password or static API key.
• RSA-2048 private key — all authentication assertions are signed with a 2048-bit RSA key stored in Azure Key Vault, never in application code or logs.
• Webhook signature verification — every status update from DocuSign is validated using HMAC-SHA256 to prevent forged or tampered notifications.
• No DocuSign credentials in your browser — all API communication happens between our servers and DocuSign. Your signing session is conducted through a secure, time-limited embedded URL.
• TLS encryption — all data in transit between Street Feast Finder, DocuSign, and your browser is encrypted using TLS 1.2+.

What Data Is Shared With DocuSign

To create and manage signing envelopes, we share the following information with DocuSign:

• Signer names and email addresses (as provided in your Street Feast Finder profile)
• Contract document content (the PDF generated from your booking details)
• Envelope status events (sent, viewed, signed, completed, declined)

DocuSign processes this data according to their Privacy Policy and maintains SOC 2 Type II, ISO 27001, and PCI DSS compliance certifications.

Data Retention

Signed contracts are retained in DocuSign for the duration of the envelope retention period and in Street Feast Finder for the life of the associated booking record. You can download a copy of any signed contract at any time through your booking dashboard. DocuSign's tamper-evident seal and Certificate of Completion provide a verifiable audit trail for every signed document.

DocuSign API Compliance

Our integration complies with DocuSign's API Rules and Limits, including:

• Polling frequency caps — we check envelope status no more than once per 15 minutes per envelope
• Token caching with graceful refresh — access tokens are reused and refreshed before expiry
• Webhook acknowledgment — all webhook calls return immediate 200 OK responses before processing
• Rate limit respect — the integration backs off and retries when rate limits are encountered

Support

If you encounter any issues with contract signing, please contact Street Feast Finder support directly at support@streetfeastfinder.com. Our team provides first-line support for all signing-related issues. Please do not contact DocuSign Support directly — we handle all troubleshooting and will escalate to DocuSign on your behalf if necessary.

Contact

Questions about our DocuSign integration? Reach out at legal@streetfeastfinder.com