DocSign
Legal

Privacy Policy

This Privacy Policy describes how we process personal data when you use DocSign and our website. It is designed to support transparency obligations under the GDPR and similar laws.

Last updated:

1. Introduction

This Privacy Policy explains how DocSign("we", "us") processes personal data when you visit https://docsign.app, use the DocSign service (the "Service"), or otherwise interact with us (for example, support or sales enquiries).

We act as a controller for personal data we collect for our own purposes (e.g. account, billing, marketing where permitted). For document content and signer details you upload as part of your workflows, you may be a controller and we typically process such data on your instructions as a processor— your organisation's agreements and policies also apply.

For information about cookies and similar technologies, see our Cookie Policy.

2. Contact details

Entity: DocSign
Address: Europe
Registration: Further corporate identifiers are available on request at privacy@docsign.app.
Website: https://docsign.app
Privacy enquiries: privacy@docsign.app
General support: support@docsign.app

Data protection contact: DocSign does not currently appoint a standalone Data Protection Officer. Use privacy@docsign.app for all data-protection enquiries; this page will be updated if a DPO is appointed.

3. Data we collect

Depending on how you use the Service, we may process:

  • Account & profile: name, email, organisation, role, password hash, preferences, and security settings.
  • Billing: billing contact, payment references, transaction history (payment card data is handled by our payment provider where applicable).
  • Service usage & technical logs: IP address, device/browser type, timestamps, pages viewed, diagnostics, and audit logs related to signing events you initiate.
  • Customer Content: documents, fields, recipient names/emails, signature images, audit trail metadata, and messages you send through the Service.
  • Communications: content of emails, chat, or forms you send to us (e.g. contact or support).
  • Marketing: where permitted, newsletter subscriptions and engagement metrics.

4. Purposes and legal bases (GDPR Art. 6)

We process personal data on the following bases, as applicable:

  • Contract (Art. 6(1)(b)): to provide the Service, authenticate users, and perform our agreement with you.
  • Legitimate interests (Art. 6(1)(f)): to secure the Service, prevent abuse, improve features, analyse aggregated usage, and communicate necessary service messages — balanced against your rights.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, or regulatory requests.
  • Consent (Art. 6(1)(a)): for optional cookies, marketing communications, or other processing we expressly ask you to consent to — you may withdraw consent at any time.

5. Recipients and processors

We use trusted subprocessors (e.g. cloud hosting, email delivery, error monitoring, analytics if enabled) who process data on our instructions and under written agreements where required by law. A current list can be provided on request to privacy@docsign.app.

We may disclose information if required by law, court order, or to protect rights, safety, and integrity of users and the public.

6. International transfers

If personal data is transferred outside the EEA, United Kingdom, or Switzerland, we implement appropriate safeguards recognised under GDPR — for example EU Standard Contractual Clauses, adequacy decisions, or supplementary measures as required by case law and regulatory guidance. You may request further information via privacy@docsign.app.

7. Retention

We retain personal data only as long as necessary for the purposes above, including legal, tax, and dispute resolution needs. Retention periods depend on the category of data (e.g. billing records may be kept longer than transient logs). Customer Content may be deleted or exported according to your plan settings and our data lifecycle policies; specifics can be clarified in your order form or support documentation.

8. Security

We implement technical and organisational measures appropriate to the risk, such as encryption in transit, access controls, logging, and staff training. No method of transmission or storage is completely secure; we encourage strong passwords and device security on your side.

9. Your rights

If GDPR (or similar laws) applies, you may have the right to access, rectify, erase, restrict processing, data portability, object to certain processing, and withdraw consent where processing is consent-based. You may also lodge a complaint with a supervisory authority. In the EEA, you may typically contact the authority in your habitual residence, place of work, or the place of the alleged infringement. A directory of European data protection authorities is published by the European Data Protection Board.

To exercise rights, contact privacy@docsign.app. We may need to verify your identity before responding.

10. Automated decision-making

We do not use solely automated decision-making, including profiling, that produces legal or similarly significant effects on you as part of the Service. If this changes, we will update this Policy and provide information as required by law.

11. Children

The Service is not directed at children under the age where they can lawfully consent to data processing in their country. We do not knowingly collect personal data from children for marketing purposes.

12. Changes

We may update this Privacy Policy from time to time. We will post the revised version on this page and adjust the "Last updated" date. Where changes are material, we will provide additional notice as required by law.