GDPR Compliance

Signelio is committed to meeting and exceeding the requirements of the General Data Protection Regulation. We have implemented comprehensive data protection measures across our entire platform, from how we collect and store data to how we process electronic signatures and documents. Our compliance program is continuously monitored and updated to reflect evolving regulatory guidance and best practices.

We process personal data only when we have a valid legal basis under Article 6 of the GDPR. Depending on the context, we rely on the following grounds: • Consent — When you explicitly opt in to marketing communications or optional features. • Contract — When processing is necessary to provide our e-signature services to you. • Legitimate Interest — For fraud prevention, platform security, and service improvement, balanced against your rights. • Legal Obligation — When we are required to retain or disclose data to comply with applicable laws.

Signelio acts as both a data controller and a data processor, depending on the context. When you create an account and use our platform, we act as the data controller for your account information. When you upload documents for signature, we act as a data processor on your behalf, processing the document data strictly according to your instructions. This distinction is clearly outlined in our Data Processing Agreement (DPA), available upon request.

Under the GDPR, you have a number of important rights regarding your personal data. Signelio is committed to facilitating the exercise of these rights in a timely and transparent manner.

Signelio offers a comprehensive Data Processing Agreement (DPA) to all customers who require one. Our DPA outlines the terms under which we process personal data on your behalf, including the types of data processed, the duration of processing, and the technical and organizational security measures in place. You can request a copy of our DPA by contacting our legal team at support@sign-mobile.space.

When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place. Signelio relies on EU-approved Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions issued by the European Commission. We regularly assess the legal frameworks of recipient countries to ensure they provide an adequate level of data protection.

Signelio has appointed a Data Protection Officer (DPO) to oversee our compliance with the GDPR and serve as the point of contact for data subjects and supervisory authorities. If you have any questions or concerns about how we handle your personal data, you can reach our DPO at: Email: support@sign-mobile.space

In the event of a personal data breach, Signelio will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by Article 33 of the GDPR. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify affected individuals without undue delay. Our incident response plan includes containment, assessment, notification, and remediation procedures to minimize the impact of any breach.

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement. We encourage you to contact us first so we can address your concerns directly, but this right is available to you at any time.