Privacy Policy
Last updated: May 2026 | Governing law: Republic of Ireland
1. Who We Are
SigSwift is the data controller responsible for personal data processed in connection with user accounts, billing, customer support, analytics, and platform administration.
Where users upload or process personal data relating to third parties through the platform, SigSwift may also act as a data processor on behalf of the relevant user or business customer.
SigSwift is operated by SigSwift (CRO number: [to be inserted]), registered at [address to be inserted], Ireland.
For all privacy or data protection queries, please contact: hello@sigswift.com
2. What Data We Collect
2.1 Account Data
- Full name and email address
- Password hashes (passwords are never stored in plain text)
2.2 Contract and Signing Data
- Contract content entered into templates
- Names and email addresses of signing parties
- IP addresses and browser information recorded during the signing process
- Timestamps relating to document access, signing, and consent
- Signature text and signing confirmations
- Document integrity and tamper-detection records
2.3 Payment Data
- Payment reference IDs from Stripe (we do not store full card details)
- Purchase amounts, VAT, and invoice information
2.4 Usage and Analytics Data
- Pages visited and time spent on the platform
- Referral source information
- Browser, operating system, and device information
- IP address and usage metrics collected through analytics cookies
2.5 Communications
- Emails or enquiries sent to SigSwift via the contact form or directly
- Newsletter subscription email address where voluntarily provided
3. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Creating and managing user accounts | Contract — Article 6(1)(b) GDPR |
| Generating and delivering contracts | Contract — Article 6(1)(b) GDPR |
| Facilitating the electronic signing ceremony | Contract — Article 6(1)(b) GDPR |
| Processing payments and issuing VAT invoices | Contract / Legal obligation — Article 6(1)(b)/(c) GDPR |
| Maintaining signing audit trails and integrity records | Legitimate interests — Article 6(1)(f) GDPR |
| Sending transactional emails and notifications | Contract — Article 6(1)(b) GDPR |
| Sending newsletter communications | Consent — Article 6(1)(a) GDPR |
| Improving platform performance via analytics | Consent — Article 6(1)(a) GDPR |
| Responding to support and contact enquiries | Legitimate interests — Article 6(1)(f) GDPR |
| Fraud prevention, abuse prevention, and security | Legitimate interests — Article 6(1)(f) GDPR |
4. Who We Share Data With
We do not sell personal data. We share data only where necessary with the following:
- Stripe — payment processing. See stripe.com/ie/privacy
- Email service providers — transactional and signing ceremony emails
- Analytics providers — anonymised usage and performance data
- Cloud hosting providers — hosting and infrastructure (AWS, EU region)
All third-party processors are contractually required to handle your data in compliance with GDPR.
5. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA), SigSwift relies on legally recognised safeguards including European Commission adequacy decisions and Standard Contractual Clauses (SCCs).
6. Data Retention
- Account data — retained during account activity and for up to 2 years after closure
- Contract and signing records — retained for up to 7 years in line with Irish commercial and tax record-keeping requirements
- Payment and VAT records — retained in accordance with Revenue obligations
- Analytics data — retained in accordance with analytics provider retention settings
- Newsletter subscriptions — retained until you unsubscribe
- Support enquiries — generally retained for up to 2 years
7. Your Rights
Under GDPR, you have the following rights:
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate data
- Right to erasure — to request deletion of your data, subject to legal retention obligations
- Right to restriction — to request that we restrict processing of your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you may withdraw at any time
To exercise any of these rights, contact us at hello@sigswift.com. We will respond within one month in accordance with GDPR.
You also have the right to lodge a complaint with the Irish Data Protection Commission at dataprotection.ie.
8. Security
SigSwift implements technical and organisational measures to protect your personal data, including:
- Encrypted HTTPS connections across the platform
- Password hashing — passwords are never stored in plain text
- Rate limiting and CSRF protection
- Session management and access controls
- Signed PDFs encrypted and locked against modification
- Signing audit logs and tamper-detection records
In the event of a data breach posing a risk to your rights, we will notify the Data Protection Commission within 72 hours and affected users without undue delay, as required by GDPR.
9. Cookies
SigSwift uses cookies for platform functionality, security, and analytics. Full details are set out in our Cookie Policy.
10. Children
SigSwift is not intended for children under the age of 18 and does not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be published on this page with an updated date. We will notify registered users of material changes by email.
12. Contact
For any privacy-related queries or to exercise your rights, please contact: hello@sigswift.com