Last modified: July 15, 2021
- When you visit or interact with our website at www.signaturely.com (“Site”);
- From our customers (“Customers”) who sign up for and use our products and services (“Services”) and
- When you otherwise communicate with us, such as through email or via social media platforms.
Who We Are
Signaturely is a California limited liability company with the following contact information:
440 N Barranca Ave Ste 1760
Covina, CA 91723
With respect to its collection and processing of personal information, Signaturely acts as either a:
- ‘Data controller’ when it collects personal information on its own behalf and for its own commercial and business purposes, such as from Site visitors or to register Customers, or
- ‘Data processor’ when it collects and processes personal information on behalf of its Customers in order to provide the Services.
How to Contact Us about Privacy
Attn: Privacy Team
440 N Barranca Ave Ste 1760
Covina, CA 91723
Individuals in the EEA or the U.K. may contact us as set forth in the section Additional Information for Individuals in the EEA and the U.K. below.
We are located in the United States, and the personal information that we collect is stored on servers hosted by us or our authorized third-party service providers located in the United States. This means that your personal information will be collected, processed, and stored in the United States, which may have data protection laws that are different from (and sometimes less protective than) the laws of your country or region, such as the EU’s General Data Protection Regulation (“GDPR”).
By sending us personal information, you agree and consent to the processing of your personal information on servers located in the United States, which may not offer an equivalent level of protection to that required in other regions (particularly the European Union or the U.K.).
Personal Information We Collect
Information Collected Directly from You
Communicating With Us
When you visit the Site, you may choose to fill out a web form, such as on our “Contact Us” page or when you chat with us. In this case, you are sharing your personal information with us directly. Information that we collect from you consists of:
- E-mail address
- Company name and website
- Other information you may provide in the message box
In addition, if you send us an email or otherwise contact us, we will collect the personal information that you provide to us at that time.
Using our Services
Creating an Account
When you become a Customer (including when you register for a free account), we will also collect personal information from you:
- E-mail address
- Username and password
- Company name and website
Information Collected Indirectly
When you visit the Site, we, or authorized third parties, collect some information, including Device and Usage Information described below, using automated means such as cookies, web beacons, SDKs and server logs. For more information on our use of these technologies and the data that they collect, please see our Cookie Statement.
We may also collect information from third parties, as explained below.
Device and Usage Information
When you visit, use or interact with the Site, even if you do not have an account, we, or authorized third parties (such as service providers or, as explained below, External Ad Partners), may collect information about your use of the Site via your device. Device and Usage Information that we, or these authorized third parties, collect consists of:
- Information About your Device: information about the devices and software you use to access the Site. This primarily incudes the internet browser or mobile device that you use, the website or source that linked or referred you to the Site, your IP address or device ID (or other persistent identifier that uniquely identifies your computer or mobile device on the Internet), the operating system of your computer or mobile device, device screen size, and other similar technical information.
- Usage Information: information about your interactions with the Site. This includes access dates and times, hardware and software information, device event information, crash data, and cookie data. This information allows us to understand the screens that you view, how you have used the Site (which may include administrative and support communications with us or whether you have clicked on third party links), and other actions on the Site. We, or our authorized third parties, automatically collect log data when you access and use the Site, even if you have not created an account or logged in. We use this information to administer and improve the Site, analyze trends, track visitors’ use of the Site, and gather broad demographic information for aggregate use.
- Location Data: we, or authorized third parties, collect your location data, including city, metro code, zip code, state, country, latitude and longitude, and area code through your IP address.
Information from Third Parties
We also collect and process personal information from third parties:
- We collect information from our partners and service providers, such as transaction information from providers of payment services or analytics providers.
- We collect data from our External Ad Partners (described here).
Information Collected and Processed on Behalf of Customers
We process and store certain personal information on behalf of our Customers. In those instances, we are a data processor (or service provider) and the Customer is the data controller. When a Customer uploads documents – which may contain personal information – in connection with its use of our Services (“Services Data”), we process and store such Services Data on the Customer’s behalf, and only in accordance with the Customer’s instructions. In addition, when using our Services, Customers may provide us with personal information about other individuals who are not registered with our Services (“Contacts”). For instance, a Customer may request an electronic signature from a Contact and provide us with personal information about the Contact, such as an email address and name (“Contact Information”). When you share Contact Information with us, we will store it on our systems. Please do not share any Contact Information unless you have permission to do so.
If you are a Contact or if your information is processed by Signaturely on behalf of a Customer (including as a Customer employee) in connection with the Services, please direct any questions about the processing of your personal information to the Customer. As explained further below, if you wish to exercise any individual rights under applicable privacy laws, please direct such requests to the Customer. To the extent that we receive any such requests or other queries when we act as a data processor, we will pass your request or query on to the relevant Customer.
Contact Information Exceptions
Please note that with respect to Contacts who visit our Site (including those who are directed to our landing page after completing a signature or a task from a Customer) or otherwise subscribe to marketing communications from us, we are a data controller.
Why We Collect Your Personal Information and How We Use It
We, or our authorized partners, collect and process personal information in order to:
- Provide the Site and Services, including to collect payments
- Ensure that the Site and Services are operational and optimized for user experience
- Improve the content and general administration of the Site and Services
- Enhance Customer experience, including to provide customer support
- Detect, prevent and investigate fraud, illegal activities, unauthorized access to or use of our Services, security breaches or any other wrongful behavior/behavior
- Deliver content and tailored advertising, and generally market and advertise Services
- Ensure compliance with mandatory retention requirements
- Provide you with notices regarding Services that you have purchased
- Provide you with notices regarding Services that you may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you
- Respond to your queries and requests, or otherwise communicate directly with you
- Perform system maintenance and upgrades, and enable new features
- Understand how you access and use the Site and Services in order to provide technical functionality and/or develop new products and services
- Conduct statistical analyses and analytics based on usage and activity on the Site
- Enforce our agreements with you if necessary
In some cases, we combine or aggregate the information for the purposes stated above.
Individuals located in the EEA and the U.K., please see Additional Information for Individuals in the EEA and the U.K. below for more information, including our legal bases for processing.
Note that Services Data is processed by Signaturely solely to provide the Services and in accordance with data processing agreements, except with respect to Contact Information when we act as a data controller as explained above.
Disclosure of Your Personal Information
We disclose your personal information under certain circumstances as further described below.
Third Parties and Service Providers
Signaturely shares personal information, including End User Information, with our third party agents, contractors, or service providers who are hired to perform services on our behalf or in order to assist with certain business purposes. These providers may operate or support certain functions of the Site and/or Services. Below is a list of categories of service providers that we may use to perform these functions (which are subject to change):
- Analytics services
- Customer support services
- Billing services and payment gateway providers
- Hosting and content delivery network services
- Communication tools
- Professional services (such as auditors, lawyers, consultants, accountants and insurers)
- Customer Relationship Management (CRM) solutions
Service providers process your personal information for the specific purpose of providing their services to us (and in accordance with our instructions). In some cases, service providers collect your personal information directly from you, such as via cookies.
External Ad Partners
Other Customers or Contacts
When you allow others to access, use, edit or sign Services Data (including contracts or other documents) via the Services, we share your personal information and that content with them. If you are a Contact, when a Customer wishes to provide access to the Services Data to another Customer or a Contact, we will share your personal information and your actions within the Services with the Customer. We will also share your personal information if you interact with another Customer.
As we continue to grow, we may purchase websites, applications, subsidiaries, or other businesses or business units. Alternatively, we may sell businesses or business units, merge with other entities, obtain financing, and/or sell assets or stock, in some cases, as part of a reorganization or liquidation in bankruptcy. In order to evaluate and/or as part of these transactions, we may transfer your personal information to a successor entity upon a merger, consolidation, or other corporate reorganization in which Signaturely participates, to investors and/or to a purchaser or acquirer of all or a portion of Signaturely’s assets, including bankruptcy.
Aggregated or Anonymized Information
We share anonymized, aggregated, automatically-collected, or otherwise non-personal information with third parties for various purposes, including (i) compliance with reporting obligations; (ii) business or marketing purposes; (iii) assistance for us and other parties in understanding our users’ interests, habits, and usage patterns for certain programs, content, services, advertisements, and/or functionality available through the Services. We do not share personal information about you in this case.
Legal Obligations and Security
If we are required to disclose personal information by law, such as pursuant to a subpoena, warrant, or other judicial or administrative order, we will use reasonable efforts to provide you with notice of this disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Our policy is to respond to requests that are properly issued by law enforcement within the United States or via mutual legal assistance mechanism (such as a treaty), and to object to requests that we do not believe were issued properly. However, if we receive information that provides us with a good faith belief that there is an exigent emergency involving the danger of death or serious physical injury to a person, we may provide information to law enforcement trying to prevent or mitigate the danger (if we have it), which will be determined on a case-by-case basis.
We do not knowingly collect any personal information directly from children under the age of 16. If we discover we have received any personal information from a child under the age of 16 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe that we have any personal information from or about anyone under the age of 16, please contact us at [email protected].
The Site uses third-party analytics tools that drop cookies and/or similar technologies to collect and store information about your device and use of the Site. We use analytics tools to calculate visitor, session and campaign data for analytics reports.
Marketing & Advertising
We market and advertise our company and Services in a variety of ways. We may gather information from or about you in the following different roles:
- Individuals who have no relationship with Signaturely, meaning that Signaturely has acquired data about them through a third party (“Leads”) or they have visited the Site, in some cases because our service providers suggest our Site and Services
- Individuals, entities or others who have contacted Signaturely or otherwise inquired about Signaturely’s Services
- Contacts who visit our Site, including after signing a document or otherwise completing a task requested by a Customer.
In some cases, you provide personal information directly to Signaturely as part of a marketing event that Signaturely hosts or co-hosts, such as when you attend an event, through email or when you schedule a demo. Occasionally, and in some cases only with your consent, we may send you future communications. We may also acquire personal information about you when you visit our Site or Social Media Accounts (see below).
Customers have the option to register for a free account and access some of our Services free of charge. If you register for a free account – for instance if you’d like to try it out first – we will send you marketing communications about upgrading to the paid Services. If you do not wish to receive marketing communications from us, click the ‘unsubscribe’ link contained in the corresponding emails, or contact us using the contact details provided above.
Our communications to you for marketing purposes will contain instructions on how you can opt-out from receiving future communications, and if you consent to our use of your personal information for marketing purposes, you may always withdraw your consent. You may also directly contact Signaturely about its marketing activities at [email protected].
Please note that with respect to advertising, our External Ad Partners share the information that they collect on our Site with many other companies within the advertising supply chain. Signaturely does not have a direct relationship with these other companies.
To learn more about advertising cookies are, how they are used, and how to opt-out, please review our Cookie Statement .
To adjust how ads are targeted to you based on your activity on or off of Facebook, visit Facebook’s help page available here. Facebook also provides a tool called Off-Facebook-Activity, which can be found in your Facebook settings.
Signaturely maintains an online presence on social media platforms (“Social Media Platforms”) such as Instagram, Twitter or Facebook, to provide information about our Services and communicate with users and/or visitors to those pages or accounts. When you interact or post to our account, we process your personal information. In some cases, the Social Media Platforms are service providers or processors. In other cases, such as with Facebook, we are jointly responsible for the processing, as explained in the section titled Signaturely as a ‘Joint Controller’ with Facebook .
How We Secure Personal Information
We use reasonably appropriate security measures designed to protect the security of personal information both online and offline. These measures vary based on the sensitivity of the information that we collect, process and store and the current state of technology. Please note, though, that no website or internet transmission is completely secure, so while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. You can read more about our security protocols by clicking here.
Do Not Track Signals
Certain internet web browsers allow a “do not track” (DNT) setting that relies on a technology known as a DNT header, which sends a signal to websites visited by the individual about the individual’s browser DNT setting. At this time, we do not currently respond to DNT signals, whether that signal is received on a computer or on a mobile device.
How you make choices about cookies and other tracking technologies depends on the type of cookie or tracking technology being used. For details on how to manage your preferences for cookies and tracking technologies within your web browser, please see our Cookie Statement.
Some visitors in some locations may be required opt-in to non-essential cookies, as explained in the Cookie Statement.
If you are receiving promotional emails from us, you can choose to stop receiving those by following the unsubscribe/opt-out instructions in those emails. You can also contact us at [email protected].
Accessing and Changing Your Information
To request access to, or to make changes to, data that we have collected from you via the Site or Services, please email us at [email protected].
Notice to Nevada Consumers
We do not sell your personal information within the scope of, and according to the defined meaning of a “sale” under, NRS 603A.
Additional Information for Individuals in the EEA and the U.K.
For purposes of this section, “personal information” has the same meaning as “personal data” as such term is defined in applicable data protection laws.
Categories of Recipients of Personal Information
The categories of recipients of personal information with whom we may share your personal information are listed in Disclosure of Your Personal Information above.
Purposes of Processing and Legal Bases
Signaturely as ‘Data Controller’
As a ‘data controller’, Signaturely processes your personal information for a number of different purposes. Some are essential for us to provide the Services or to fulfill our legal obligations, some help us run the Services efficiently and effectively, and some enable us to provide you with more relevant and personalized offers and information. In all cases, with respect to individuals in the EEA, we must have a reason and a lawful basis for processing your personal information. The most common legal grounds on which we rely are briefly explained below:
- Performance of a Contract: we may process your personal information in order to enter into, or perform a contract to which you are a party – for instance, when a Customer signs up for the Services.
- Legitimate Interests: we may process personal information where it is necessary for our legitimate business interests, but only to the extent that they are not outweighed by your own interests or fundamental rights and freedoms. When we rely on this legal basis, if required, we will carry out a legitimate interest assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws.
- Consent: We rely on consent where it is required, such as when we are asking you to confirm your marketing preferences. When we rely on consent, you will be asked to confirm that you give your permission to Signaturely to process your personal information. You have the right to withdraw your consent at any time if you no longer want to be part of the Signaturely processing activity where your consent was sought.
- Legal Obligation: Signaturely may have legal obligations to retain and/or disclose your personal information, or may cooperate in a legal or governmental investigation. It is essential that Signaturely complies with its legal, regulatory, and contractual requirements, so if you object to this processing, Signaturely will not be able to provide its Services to you.
The following breakdown illustrates in more detail our processing activities and how the above legal bases for processing apply (in brackets):
- Provide the Services, including to collect payment [Legal Basis: Performance of a Contract]
- Provide the Site [Legal Basis: Legitimate Interests]
- Ensure that the Site and Services are operational and optimized for user experience [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
- Improve the content and general administration of the Site and Services [Legal Basis: Legitimate Interests]
- Enhance user experience, including to provide you with customer support [Legal Basis: Legitimate Interests]
- Detect, prevent and investigate fraud, illegal activities, unauthorized access to or use of our Services, security breaches or any other wrongful behavior [Legal Basis: Legitimate Interests]
- Deliver content and tailored advertising, and generally market and advertise Services [Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
- Ensure compliance with mandatory retention requirements [Legal Basis: Compliance with a Legal Obligations]
- Provide you with notices regarding Services that you have purchased [Legal Basis: Performance of a Contract]
- Providing you information about Services that you may wish to purchase in the future including, in some cases, to send you direct marketing communications regarding other services that we may think are of interest to you [Legal Basis: Legitimate Interests]
- Respond to your queries and requests, or otherwise communicate directly with you [Legal Basis: Legitimate Interests or Performance of a Contract, depending on the specific use]
- Perform system maintenance and upgrades, and enable new features [Legal Basis: Legitimate Interests]
- Understand how you access and use the Site and Services in order to provide technical functionality and/or develop new products and services [Legal Basis: Legitimate Interests]
- Conduct statistical analyses and analytics based on usage and activity on the Site [Legal Basis: Legitimate Interests or Consent, depending on the specific circumstances]
- Enforce our agreements with you if necessary [Legal Basis: Legitimate Interests]
Signaturely as a ‘Joint Controller’ with Facebook
We have a presence on Facebook and use Facebook Pixel for re-targeting (both “Facebook Products”). With respect to our use of Facebook Products, we are jointly responsible with Facebook Ireland for the processing activities (“Joint Processing”) with respect to your personal information:
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbor
Dublin 2, Ireland
Information about the personal information that is collected from you by Facebook, as well as how and why it is processed by Facebook, can be found at https://www.facebook.com/about/privacy.
Signaturely and Facebook have entered into entered into an agreement in order to determine the respective responsibilities for compliance with our obligations in connection with the Joint Processing within the meaning of the GDPR. This joint controller agreement, which sets out the reciprocal obligations, is available here.
We process your personal data on our Facebook page in the following ways:
- When you interact with our Facebook page, your public profile information (including display name)
- When you interact with our Facebook page by uploading a post and entering your personal information or contacting us via Facebook Messenger and providing your personal data.
When you interact with our Facebook page, Facebook Insights uses your data to gather statistics on page usage. For more information on the processing of Insights data when interacting with our Facebook page, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data.
Note that if you contact us by email or via Facebook Messenger, the communication is unencrypted.
Signaturely’s legal basis for processing your personal information via Facebook is our legitimate interest in promoting our Services. This includes to:
- Evaluate analyses and statistics relating to user behavior on our Facebook page
- Optimize our Facebook page in terms of its user-friendliness and attractiveness, and to introduce user-friendly marketing measures
- Other communication and interactions initiated by Facebook users.
It cannot be excluded that some processing by Facebook Ireland Ltd. will also take place in the United States by Facebook Inc.
How Long Do We Keep Your Personal Information?
We use the following criteria to determine our retention periods: the amount, nature and sensitivity of your information, the reasons for which we collect and process your personal information, how long we have an ongoing relationship with you and provide you with access to our Services, and applicable legal requirements. We will retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to comply with applicable legal, tax, or accounting requirements), when we are unable to reasonably verify your identity, or as may otherwise be required under GDPR. Additionally, we cannot delete information when it is needed for the establishment, exercise, or defense of legal claims (also known as a “litigation hold”). In this case, the information must be retained as long as needed for exercising respective potential legal claims.
When we have no ongoing business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible. If you have questions about, or need further information concerning, our data retention periods, please email [email protected].
Staying in Control of Your Information: Your Rights
WITH RESPECT TO SERVICES DATA OR IF YOU ARE A CONTACT, YOU MUST EXERCISE YOUR DATA SUBJECT RIGHTS REQUESTS WITH THE CUSTOMER(S) (ACTING AS ‘DATA CONTROLLER’) ON BEHALF OF WHICH SIGNATURELY PROVIDES THE SERVICES AND COLLECTS SERVICES DATA, AS EXPLAINED HERE. IF WE RECEIVE SUCH REQUESTS, WE WILL SEND THOSE REQUESTS TO THE RELEVANT CUSTOMER, WHO WILL BE RESPONSIBLE FOR RESPONDING TO AND ADDRESSING RIGHTS REQUESTS, WITH OUR COOPERATION.
If the GDPR (or its equivalent in the U.K.) applies to you because you are in the EEA or the U.K., you have certain rights in relation to your personal information:
- The right to be informed – our obligation to inform you that we process your personal information (and that is what we are doing in this Privacy Notice)
- The right of access – your right to request a copy of the personal information we hold about you (also known as a ‘data subject access request’)
- The right to rectification – your right to request that we correct personal information about you if it is incomplete or inaccurate (though we generally recommend first making any changes in your Account Settings)
- The right to erasure (also known as the ‘right to be forgotten’) – under certain circumstances, you may ask us to delete the personal information we have about you (unless there is an overriding legal reason we need to keep it)
- The right to restrict processing – your right, under certain circumstances, to ask us to suspend our processing of your personal information
- The right to data portability – your right to ask us for a copy of your personal information in a common format (for example, a .csv file)
- The right to object – your right to object to us processing your personal information (for example, if you object to us processing your data for direct marketing)
- Rights in relation to automated decision-making and profiling – our obligation to be transparent about any profiling we do, or any automated decision-making.
- The right to withdraw your consent where you had previously given consent. To access our cookie banner, please click .
These rights are subject to certain rules around when you can exercise them. If are located in the EEA and wish to exercise any of the rights set out above, please contact us (see How to Contact Us about Privacy ).
You will not have to pay a fee to access your personal information (or to exercise any of the other rights) unless your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request under those circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Note that if we are unable to reasonably confirm your identity, we will not be able to honor certain requests.
We will respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated as required by law.
In addition, if you no longer wish to receive our marketing/promotional information, we remind you that you may withdraw your consent to direct marketing at any time directly from the unsubscribe link included in each electronic marketing message we send to you. If you do so, we will promptly update our databases, and will take all reasonable steps to meet your request at the earliest possible opportunity, but we may continue to contact you to the extent necessary for the purposes of providing our Services.
Finally, you have the right to make a complaint at any time to the supervisory authority for data protection issues in your country of residence. We would, however, appreciate the chance to address your concerns before you approach the supervisory authority, so please contact us directly first.
Representative in the European Union and in the U.K.
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Signaturely has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
- Using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- Writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to Article 27 of the UK GDPR, Signaturely has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR by:
- Using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
- Writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom.