Our Commitment to GDPR

At sygn.ink, we are fully committed to protecting the privacy and data rights of our users. The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that sets a high standard for how companies handle personal data. This page outlines our approach to GDPR compliance.

Your Data Rights Explained

GDPR provides you with several rights regarding your personal data. Here's what they mean and how you can exercise them with sygn.ink:

• Right to Access: You can request a copy of the personal data we hold about you.
• Right to Rectification: If you find that any data we hold is inaccurate or incomplete, you can request that we correct it. You can update your name in your profile settings at any time.
• Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data. This will involve deleting your account, your uploaded documents, and associated personal information, subject to our legal obligations to retain certain data.
• Right to Restrict Processing: You can ask us to temporarily stop processing your data under specific circumstances (e.g., while we verify its accuracy).
• Right to Data Portability: You can request a copy of your data in a machine-readable format to transfer it to another service provider.
• Right to Object: You can object to us processing your data for our legitimate interests.

To exercise any of these rights, please send a detailed request to our data protection contact at info@araneum.ch. We will respond to your request within one month.

Data Controller

sygn.ink is provided by Araneum Technologies GmbH, who is the controller of your personal data. Our details are:

Araneum Technologies GmbH (CHE-460.196.966)
Alte Steinhauserstrasse 19
6330 Cham, Switzerland
Email: info@araneum.ch

Data Processing and Sub-processors

We use trusted third-party services to help us provide our Service. These "sub-processors" are carefully vetted for their security and privacy practices. Our key sub-processors include:

• Amazon Web Services (AWS): For secure cloud hosting and infrastructure. Our primary hosting region is in the EU (Frankfurt, Germany).
• Amazon Simple Email Service (SES): For sending transactional emails, such as signing invitations and notifications.

For our business customers, we can provide a Data Processing Agreement (DPA) that outlines our mutual commitments under GDPR.

International Data Transfers

Our company is located in Switzerland, which is recognized by the European Commission as providing an adequate level of data protection. When data is processed by our sub-processors outside of Switzerland or the EU/EEA, we ensure it is protected by appropriate legal safeguards, such as Standard Contractual Clauses (SCCs).

Security by Design

We take data security seriously. We have built our platform with privacy and security in mind, implementing measures such as:

• Encryption of data in transit (TLS) and at rest.
• Cryptographic verification for all signatures.
• Secure password hashing.
• Strict access controls to our systems.

For more detailed information, please see our full Privacy Policy.