Privacy

1. Controller

The data controller for the personal data processed under this Policy is:

eSignBase Matthias Mess digitalbases OÜ Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia legal@esignbase.com

2. Information We Collect

We only collect data necessary to provide and maintain the Service.

A. Data You Provide to Us:

• Account Information: Email address, name, and password to create an account.
• Document and Signature Data: The documents you upload, the form data within them, email addresses of signatories, and the electronic signatures applied.
• Communication Data: Information you provide when contacting support.

B. Data Collected Automatically:

• Usage Data: Information about how you interact with the Service (e.g., log data, IP address, browser type, pages visited, and timestamps). This is essential for security, debugging, and analytics related to service performance.
• Device Information: Information about the device you use to access the Service.

3. How We Use Your Information (Our Legal Basis)

We use your information only for the following purposes under GDPR:

• To Perform Our Contract with You (Art. 6(1)(b) GDPR): To create your account, facilitate the signing process, send signature requests and completion emails, store signed documents, and provide customer support.
• For Our Legitimate Interests (Art. 6(1)(f) GDPR): To ensure the security of our Service, prevent fraud and abuse, debug and troubleshoot errors, and for essential administrative purposes (e.g., sending important service-related notices).
• To Comply with Legal Obligations (Art. 6(1)(c) GDPR): To comply with applicable laws, regulations, and lawful requests from public authorities.

We do not sell your data. We do not use your data or your documents for marketing, advertising, or training AI models.

4. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Account Data: Retained for the duration of your account lifecycle. You can delete your account at any time.
• Audit Trail & Signed Documents: Retained to provide a complete legal record of the transaction, in accordance with eIDAS and other e-signature laws, for a period of [e.g., 5, 10] years from the date of signing. This is a legal requirement for non-repudiation.

Upon termination of your account, we will initiate deletion of your data from our active systems, except for signed documents and audit logs which we are obligated by law to retain.

5. Your Data Subject Rights (GDPR Rights)

You have the following rights regarding your personal data:

• Right of Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: You can ask us to correct inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): You can request we delete your personal data, subject to our legal obligations to retain audit trails and signed documents.
• Right to Restriction of Processing: You can ask us to temporarily suspend the processing of your data.
• Right to Data Portability: You can request a machine-readable copy of your data to transfer to another service.
• Right to Object: You can object to processing based on legitimate interests.

To exercise any of these rights, please contact us at legal@esignbase.com. We will respond to your request within one month.

6. Data Sharing and Disclosure

We only share your data with third parties in the following limited circumstances:

• Subprocessors (Data Processors): We use trusted third-party providers to host our service, send emails and provide customer support. These providers are strictly bound by data processing agreements (DPAs) and cannot use your data for their own purposes.

• Legal Requirements: If required to do so by law or in response to valid legal requests by public authorities.

We do not share your data with advertisers.

7. International Data Transfers

Our Service is hosted in the European Union. If we ever need to transfer data outside the EU/EEA, we will ensure it is protected by appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs).

8. Security

We implement robust technical and organizational measures to protect your data, including encryption in transit (TLS/SSL) and at rest, strict access controls, and regular security assessments.

9. Changes to This Policy

We may update this policy to reflect changes in our practices. We will notify you of any material changes by email or by posting a prominent notice on our Service prior to the change becoming effective.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or your data, please contact us at:

legal@esignbase.com

You also have the right to lodge a complaint with your local data protection supervisory authority.