This policy covers how Signable handles both personal and non personal information that Signable collects and receives. Signable will never release any information that can identify you as an individual. Any information collected, via means of submitted data or server logs, is safely and securely stored.
Data protection and GDPR
Signable is based in the UK, with infrastructure in the UK. Your personal data never gets transferred outside of the EU (European Economic Area). We fully comply with GDPR as below.
Signable is a data processor with our customers being a data controller. Signable will also act as a data controller but only for our direct customer’s data. When referencing signer data, Signable is acting as a data processor only. The end user, the person actually using Signable, is the data subject and has a direct relationship with the data controller.
As Signable is based in the UK and the data is stored in the UK, we do serve relevant data, which belongs to the account, to customers outside of the EU.
Use of 3rd party processors
Signable is committed to notifying controllers when, or if, a change in 3rd party data processors are made. For example, if Signable was to use a different file storage provider (we currently use AWS S3), notification of this change would be made with the right to object. We maintain a strict control over the types of 3rd party processors that we use and we keep this to an absolute minimum, where required.
Right of data erasure
When a data controller deletes something from their Signable account, it will be deleted on our systems, as well as on any 3rd party systems that we use.
Right of data portability
Signable provides tools which allow a data controller to download a full export of their account, which can be used by the data controller to fulfill their obligations to the end user (or data subject).
Co-operation with Information Commissions Officer
Signable is fully registered with the ICO and is committed to complying with the ICO on any data security matter.
Notice of breach
Signable is committed to notifying its customers of any breach in data, within 72 hours of discovering it. This will be communicated via email, via the main email address on your account.
Third Party information
Signable will not sell any personal identifying information to any Third Party, but may provide non personal identifying data to Third Parties. Signable may contain links to websites outside of our control and as such cannot be held responsible for any data collection methods they employ or data distribution methods.
Signable monitors and analyzes its website logs, to ensure that the website is performing to the best of its ability and to ascertain demographic information. Data collected includes IP addresses, dates & times, URL’s visited and actions performed. This information is also used to uniquely identify document signers.
Signable makes use of “session cookies” to log registered users into the Signable system and “persistent cookies” to retain data over a series of sessions (e.g. promotion tracking). Cookies set by Signable shall never contain personal identifying information. We also use Google Analytics cookies. To opt out of these cookies please visit Google’s Ad Settings.
Opting out of emails from Signable
At the bottom of every email that is sent to either you, as a Signable customer will be a link which you can click which will unsubscribe from all emails from Signable. Please be aware that if you choose to do this you won’t receive any emails from Signable. This includes billing notifications, request for signature emails and important information about your account.
Anonymous statistic tracking
We use Google Analytics across our system to help us monitor how Signable is being used. All information that is gathered is completely anonymous. We also use ‘Google Analytics Demographics and Interest Reporting’ to help improve Signable. If you wish to opt out of this please download and install the Google Analytics Opt-Out Tool.
Google API Privacy
We use the Google API in the following way: Google Drive Integration – We adhere to Google API Services User Data Policy. We export completed envelopes into folders in Google Drive which are explicitly specified by the user. A copy of this document is processed through our system like any other document that is uploaded. We do not use data in Google Drive in any other way. We do not use or share this information in any other way.
Google Docs Add-On
We adhere to Google API Services User Data Policy. When a user adds the Signable App from within the Google Docs app we connect out to the Signable API to authenticate the user over HTTPS. Once authenticated we enable the user to perform actions within a panel from within Google Docs. This includes the ability to add ‘Signable Tags’ – which are custom tags that allow the user to add fields specific to Signable to the Google document, and also we enable the user to manage “Parties” (users and email addresses that will receive the document) from within Google Docs. The User can then Send this document. When this happens a copy of this document is then processed through our system like any other document that is uploaded. We do not use or share this information in any other way.