Privacy Policy

Effective: 2025-08-08

Back to app

This Privacy Policy explains how NeoSign ("we", "our") collects, uses, discloses, and protects personal data when you use our services, in accordance with the EU General Data Protection Regulation (GDPR) and applicable privacy laws.

1. Roles and Scope

For personal data contained in documents processed through the Service, the Customer acts as Controllerand NeoSign acts as Processor (Art. 28 GDPR). For account, billing, platform security and service logs, NeoSign acts as Controller.

2. Data We Process

  • Account data: name, email, password hash, authentication factors (e.g., phone for 2FA).
  • Usage and technical data: IP address, user agent, device, events and audit trail, timestamps.
  • Documents and signatures you upload/receive, including metadata required to provide the Service.
  • Preferences and settings: notification choices, signature defaults, cookie preferences.

3. Sources

Data are provided by you, generated by your use of the Service, or received from integrated services you authorize.

4. Purposes and Legal Bases

  • Provide and operate the Service (contract necessity).
  • Security, fraud prevention, and integrity of signatures (legitimate interests; legal obligations).
  • Notifications and support communications (contract necessity/legitimate interests).
  • Analytics with prior consent for non‑essential cookies (consent).
  • Compliance with legal requests and record‑keeping (legal obligations).

5. Retention

Data are retained only for as long as necessary for the purposes above. Signed documents and audit trails are kept for a limited period as per our policies; backups have shorter retention windows. After expiry or termination, data are deleted or anonymized unless we must retain them to comply with law or to establish/defend legal claims.

6. Recipients and Sub‑processors

We may share data with service providers strictly necessary to deliver the Service (e.g., email/SMS providers, hosting, analytics with consent). These providers act under data processing agreements and security commitments.

7. International Transfers

Where data are transferred outside the EEA/UK, we rely on appropriate safeguards such as EU Standard Contractual Clauses (SCCs).

8. Security

We implement technical and organizational measures including encryption in transit, strict access controls, audit logs, and optional multi‑factor authentication.

9. Your Rights

You may request access, rectification, erasure, restriction, portability, or object to processing, and withdraw consent at any time. We will respond within applicable legal timelines.

10. Children

The Service is not intended for children under 16. We do not knowingly collect personal data from children.

11. Changes

We may update this Policy. We will post a new effective date and, for material changes, provide notice in the Service.

12. Contact

For privacy inquiries, contact: privacy@neova.io or legal@neosign.io