Privacy Policy

Last Updated: May 24, 2024

Araneum Technologies GmbH ("we," "us," or "our") operates the sygn.ink application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy in compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:

Araneum Technologies GmbH (CHE-460.196.966)
Alte Steinhauserstrasse 19
6330 Cham, Switzerland
Email: info@araneum.ch

2. Information We Collect

We may collect and process the following types of personal data:

a. Data you provide to us directly:

• Account Information: When you register for an account, we collect your email address, first and last name (optional), and a hashed version of your password.
• Document Data: We process the documents (e.g., PDFs) you upload for signing, including their content and associated metadata.
• Signature Data: We collect information related to the e-signing process, including the email addresses of signers, signature placements (coordinates, page number), timestamps, and IP addresses.
• Communications: If you contact us directly, we may receive additional information about you such as your name, email address, the contents of the message, and any other information you may choose to provide.

b. Data we collect automatically:

• Log and Usage Data: We collect information related to your access to and use of the Service, such as your IP address, browser type, operating system, and actions taken within the application.
• Cookies: We use essential cookies (e.g., for session management) to operate our Service. We do not use non-essential tracking or advertising cookies.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under the GDPR:

• Performance of a Contract (Art. 6(1)(b) GDPR): We process your data to provide, maintain, and manage the Service you have requested, including creating your account, processing documents, facilitating signatures, and sending notifications.
• Legitimate Interests (Art. 6(1)(f) GDPR): We process data for our legitimate interests, such as ensuring the security of our Service, preventing fraud, analyzing and improving the Service, and enforcing our Terms of Service.
• Legal Obligation (Art. 6(1)(c) GDPR): We may process data to comply with legal and regulatory obligations.

4. How We Use Your Information

We use the information we collect for various purposes, including to:

• Provide, operate, and maintain our Service.
• Create and manage your account and send you service-related communications.
• Process documents and facilitate the e-signature workflow between you and other signers.
• Generate and maintain a secure audit trail for each signed document.
• Respond to your comments, questions, and requests, and provide customer service.
• Monitor and analyze usage and trends to improve the Service.
• Protect the security and integrity of our Service, our users, and the public.

5. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following limited circumstances:

• With Service Providers: We share information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting (Amazon Web Services) and email delivery (Amazon SES). These providers are contractually obligated to protect your data and use it only for the services we have requested.
• For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights or property, or protect the personal safety of users or the public.
• Between Users of the Service: Information such as your name (if provided) and email address is shared with other participants (owner and signers) of a document you are involved with to facilitate the signing process.

6. International Data Transfers

Our company is based in Switzerland, a country which has an "adequacy decision" from the European Commission, meaning it is considered to provide a level of data protection comparable to that of the EU. Our service providers, such as Amazon Web Services (AWS), may process data in various locations, including the European Union and the United States. When we transfer your data outside the EU/EEA or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) and adequacy decisions, to ensure your data is protected.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with the Service. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Documents and their associated audit trails are retained until the owner's account is deleted, or until the owner deletes the document from their account.

8. Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following data protection rights:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure ("right to be forgotten"): You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To exercise any of these rights, please contact us at info@araneum.ch. You also have the right to lodge a complaint with a supervisory authority.

9. Data Security

We implement a variety of security measures, including encryption and access controls, to maintain the safety of your personal information. However, no electronic transmission or storage is 100% secure, and we cannot guarantee its absolute security.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at: info@araneum.ch