Legal

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, how we use it, and the choices you have.

Last updated: March 7, 2026

1. Information We Collect

Account information: When you register, we collect your name, email address, and password (stored as a salted hash — we never store plaintext passwords). If you sign in with Google, we receive your name, email, and profile photo from Google.

Documents: Documents you upload are stored in encrypted cloud storage. We do not read, analyze, or mine the content of your documents.

Signing data: When a signer completes a signature, we record the signer's name, email (if provided), IP address, timestamp, and the signature image. This forms the audit trail required for legal validity.

Usage data: We collect standard server logs including IP addresses, browser type, and pages visited to maintain and improve the Service.

2. How We Use Your Information

We use your information to:

  • Provide and operate the e-signature Service
  • Send signing invitations and status notifications
  • Maintain audit trails for document legal validity
  • Authenticate your identity and secure your account
  • Respond to support requests
  • Improve the reliability and performance of the Service

We do not sell your personal information, use your documents for advertising, or share your data with third parties for marketing purposes.

3. Data Storage & Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Documents are stored in Cloudflare R2 with server-side encryption. Signing tokens are time-limited and single-use.

Database access is restricted to the application layer. We do not provide direct database access to any employee for production data.

4. Data Retention

Your account data is retained as long as your account is active. Documents and their associated signatures are retained until you delete them or close your account.

Upon account deletion, we remove your personal data and documents within 30 days. Audit trail records may be retained longer where required by law.

5. Third-Party Services

We use the following third-party services to operate eSign-Dusinye:

  • Cloudflare R2 — Encrypted document and signature image storage
  • Resend — Transactional email delivery (signing invitations, notifications)
  • Google OAuth — Optional social login (only if you choose to sign in with Google)

Each provider processes only the minimum data necessary to perform their function.

6. Your Rights

You have the right to:

  • Access and download your personal data and documents
  • Correct inaccurate account information
  • Delete your account and associated data
  • Export your signing records (CSV export)
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us at privacy@esign-dusinye.com.

7. Cookies

eSign-Dusinye uses essential cookies for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. Your theme preference is stored in localStorage.

8. Children's Privacy

eSign-Dusinye is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

10. Contact

For privacy-related questions or requests, contact us at privacy@esign-dusinye.com.