Our electronic signature solution at Signdoc.io is fully committed to GDPR compliance. All document data and associated user information is handled securely through AWS (Amazon Web Services) infrastructure, with encryption applied both in transit and at rest.
The GDPR/CCPA apply to individuals. Signdoc.io does not share private personal data without lawful basis.
Signdoc.io facilitates secure digital document signing and management for B2B users. Any contact details shown within documents are those input by users or signers and not sourced externally. Users remain in control of their own data.
We may collect limited behavioral metadata (such as login timestamps, IP addresses, and feature usage) solely for the purposes of product improvement, security auditing, and compliance. This data is not used for marketing or profiling.
IP addresses may be collected to help protect your account and to identify potential misuse or fraudulent access. This is standard practice in accordance with security policies.
No marketing or sales-related tracking is conducted by Signdoc.io. We do not track end-user website activity or employ any third-party advertising cookies.
If you are using Signdoc.io and want to maintain full compliance with GDPR, we recommend:
-
Stating your usage of Signdoc.io in your company’s privacy policy where you list external service providers handling personal data.
-
Ensuring proper consent is obtained from your own users before requesting document signatures.
Should you choose to delete your Signdoc.io account or remove access to documents, all associated user and document data will be permanently deleted in accordance with GDPR guidelines.
What Is Personal Data?
Understanding whether you are processing personal data is critical to understanding whether the GDPR applies to your activities.
Personal data is information that relates to an identified or identifiable individual.
This includes names, email addresses, phone numbers, IP addresses, and document content if it relates to an individual.
Even pseudonymized data (where identifiers are masked) is considered personal data under GDPR unless fully anonymized.
Accurate or inaccurate, if data relates to an individual, it qualifies as personal data.
Information that is fully anonymous is not subject to GDPR.