gxp Sign

Privacy Policy

Last updated: December 2024

1. Introduction

Compliant Signatures, Inc. ("gxpSign," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform at gxpsign.app (the "Service").

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Name, email address, password, organization name, and billing information when you create an account.
  • Document Information: PDF documents you upload for signing, including document content and metadata.
  • Signature Data: Electronic signatures, signature images, timestamps, and signing-related information.
  • Communication Data: Information you provide when contacting our support team or communicating with us.

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Log Data: IP address, browser type, operating system, referring URLs, pages visited, and access times.
  • Device Information: Device type, unique device identifiers, and mobile network information.
  • Usage Data: Features used, actions taken, and interaction patterns within the Service.
  • Audit Trail Data: Detailed logs of signature-related activities for compliance purposes.

2.3 Information from Third Parties

We may receive information from third-party services you connect to gxpSign, such as identity verification services or single sign-on providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Maintain the Service: To operate our e-signature platform, process documents, and facilitate signature workflows.
  • Authentication and Security: To verify user identity, prevent fraud, and maintain the security of your account and documents.
  • Compliance and Audit Trails: To maintain comprehensive audit logs required for GxP compliance, FDA 21 CFR Part 11, and other regulatory requirements.
  • Communication: To send transaction notifications, signature requests, service updates, and respond to your inquiries.
  • Improvement and Analytics: To analyze usage patterns, improve our Service, and develop new features.
  • Billing and Payments: To process subscription payments and manage your account.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. Data Security

We implement robust security measures designed to protect your information, particularly given the sensitive nature of e-signature services in regulated industries:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: Role-based access controls and multi-factor authentication options.
  • Audit Logging: Comprehensive, tamper-evident audit trails for all signature-related activities.
  • Infrastructure Security: Hosted on secure cloud infrastructure with regular security assessments.
  • Data Isolation: Multi-tenant architecture with strict data isolation between organizations.

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory requirements (including GxP record retention requirements)
  • Resolve disputes and enforce agreements
  • Maintain audit trails for compliance purposes

For users in regulated industries, we maintain signature records and audit trails for the retention periods required by applicable regulations, which may extend beyond your use of the Service.

You may request deletion of your account and personal information, subject to our legal and regulatory retention obligations.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request a copy of your data in a machine-readable format.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise these rights, please contact us at [email protected]. We will respond to your request within the timeframe required by applicable law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Essential Cookies: Maintain session state, authentication, and security.
  • Functional Cookies: Remember your preferences and settings.
  • Analytics Cookies: Understand how you use our Service to improve it.

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of our Service.

8. Third-Party Services

We may share your information with the following types of third-party services:

  • Cloud Infrastructure Providers: For hosting and data storage.
  • Payment Processors: To process subscription payments securely.
  • Email Service Providers: To send transactional emails and notifications.
  • Analytics Providers: To analyze and improve our Service.
  • Trusted Timestamp Authorities: To provide RFC 3161 compliant timestamps for signatures.

We require all third-party service providers to protect your information and use it only for the purposes for which it was disclosed.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with adequate security provisions
  • Compliance with applicable data transfer frameworks

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on this page with a new "Last updated" date
  • Sending an email notification to registered users for significant changes
  • Displaying a prominent notice within the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

Compliant Signatures, Inc.

Email: [email protected]

Website: gxpsign.app