[Drisc0]

As someone who has worked on a similar product, I would imagine they only store a token given to them by their payment gateway. The actual CC information is held by the PCI compliant payment gateway, while Docusign can use the token to charge a card without storing compromising information.

[tyingq]

Would be good if that were spelled out though. From the outside, you click a link and see a pre-filled PDF, as both the end user and the person that sent the form. There's no obvious magic that it's auto-detecting cc like data and storing it differently than the other fields in the pdf.