1. Information We Collect
Account Information: Name, email address, company name, billing address when you register or purchase our services.
Usage Data: API call counts, signing statistics, error logs, IP addresses, and timestamps for service monitoring and billing.
Technical Data: Hardware ID (for license binding), operating system version, software version.
Payment Data: Processed through third-party payment processors. We do not store credit card numbers.
2. Information We Do NOT Collect
- Contents of your signed documents (PDFs, executables)
- Private keys or PINs (processed in memory only, never stored)
- Certificate private key material
3. How We Use Your Information
- To provide, maintain, and improve our services
- To process transactions and send billing notifications
- To communicate service updates, security alerts, and support
- To enforce our Terms of Service and prevent abuse
- To comply with legal obligations
4. Data Storage and Security
Your account data is stored on secure servers in Singapore. We implement industry-standard security measures including:
- TLS encryption for all data in transit
- Encrypted storage for sensitive configuration data
- Access-controlled facilities for hardware token storage
- Regular security audits and monitoring
- DPAPI encryption for stored PINs and credentials
5. Hardware Token Storage
For cloud signing customers who send USB tokens to our facility:
- Tokens are stored in a physically secure, access-controlled environment
- Only authorized personnel can access the token storage area
- Tokens are returned within 30 days upon contract termination and written request
- We maintain an inventory log of all tokens in our custody
6. Data Sharing
We do not sell, trade, or rent your personal information. We may share data with:
- Service providers: Payment processors, hosting providers (under strict confidentiality agreements)
- Legal requirements: When required by law, court order, or regulatory authority
- Business transfers: In connection with a merger, acquisition, or sale of assets
7. Data Retention
We retain account data for the duration of your account plus 12 months. Signing logs are retained for 90 days. You may request deletion of your data at any time by contacting us.
8. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Withdraw consent for marketing communications
9. Cookies
Our website uses essential cookies for session management and security. We do not use tracking or advertising cookies.
10. Children's Privacy
Our services are not intended for individuals under 18 years of age.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email or platform notification.
12. Contact
For privacy inquiries, contact our Data Protection Officer at privacy@onesign.sg.