GDPR Compliance

SignBuddy is built with data protection at its core. This page explains how we comply with the EU General Data Protection Regulation (GDPR) and how you can exercise your rights.

Our role

When you use SignBuddy to send documents, you are typically the data controller for the personal data of your signers, and SignBuddy acts as a data processor on your behalf. For your own account data, SignBuddy is the controller.

Your rights under the GDPR

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — limit how we process your data.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.

Data export & deletion

You can request a full export of your account data or request account deletion directly from your account settings, or by contacting us. Note that signed documents and their audit trails may be retained where necessary to preserve their legal evidentiary value or to meet legal obligations.

Data processing & sub-processors

We process data within secure infrastructure and engage vetted sub-processors for hosting, email delivery, identity verification, and payments. A Data Processing Agreement (DPA) is available for business customers on request.

International transfers

Where data is transferred outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses to ensure your data remains protected.

Exercising your rights

To make a GDPR request or to request a DPA, contact our data protection team at privacy@signbuddy.eu. We will respond within the timeframes required by law.

This document is a general template and should be reviewed by qualified legal counsel before publication.