Privacy Policy

Back to Home

Effective date: [Insert Date], 2026

1. Introduction

Welcome to SignToSee, operating under the commercial brand of Penserini & Vankan VOF (hereinafter referred to as "SignToSee", "us", "we", or "our").

Our Privacy Policy governs your visit to https://www.signtosee.eu, and explains how we collect, safeguard, and disclose information that results from your use of our Service. SignToSee is an evidentiary access gate and clickwrap confidentiality acceptance system. Because our core function involves generating legal audit trails, we handle data with strict adherence to the European General Data Protection Regulation (GDPR).

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Definitions

SERVICE means the SignToSee platform and website.

CUSTOMER (DATA CONTROLLER): The business, freelancer, or entity that creates an account with us to protect their links. For the files and links protected by the Service, the Customer is the Data Controller.

SIGNER / RECIPIENT (DATA SUBJECT): The third-party individual who clicks a SignToSee link, signs the confidentiality agreement, and accesses the protected content.

SIGNTOSEE (DATA PROCESSOR / CONTROLLER): We act as a Data Processor when facilitating the signature and access gate on behalf of our Customers. We act as a Data Controller for our Customers' account and billing information.

AUDIT TRAIL: The immutable cryptographic log generated when a Signer accesses a protected link, containing timestamps, IP addresses, and user-agent data.

3. Information Collection and Use

We collect specific, minimized types of information to provide our Service, process billing, and generate a verifiable access and acceptance record for B2B confidentiality workflows.

4. Types of Data Collected

4.1 Customer Account Data (For Users Who Register)

To operate your account, we may ask you to provide personally identifiable information, including:

Email address

Company name (required)

Business Name and VAT Number (for B2B billing)

4.2 Audit Trail Data (For Signers / Recipients)

When a Signer accesses a protected link, we automatically collect data to generate the eIDAS-compliant Simple Electronic Signature (SES) audit log. This includes:

The Signer's submitted Email Address (if email verification is enabled)

IP Address

Browser type, version, and User-Agent

Exact timestamps of access and signature execution

Cryptographic hashes of the signature event

The Signer's IP address is logged exclusively for fraud prevention, security, and the generation of eIDAS-compliant evidentiary audit trails. We do not use signer IP addresses for marketing, profiling, or unrelated analytics. Signer IP records are retained for as long as the underlying legal contract remains valid, and longer only where required to establish, exercise, or defend legal claims.

4.3 Hosted File Data (Guardian Tier Only)

For Customers on the Guardian tier utilizing our 5GB dedicated file hosting, we store the uploaded encrypted files. We do not inspect, mine, or access the contents of these files unless required by law or a DMCA/copyright takedown request. Note: For Scout and Sentinel tiers, we operate as a zero-knowledge URL gateway and do not host or see the underlying destination files (e.g., your Figma or Notion workspaces).

4.4 Tracking and Cookies

We utilize minimal, privacy-first session cookies necessary to operate the Service (e.g., keeping you logged in). We do not use third-party advertising tracking cookies (such as Meta Pixel or Google Ads trackers) that sell your data to external brokers.

5. Use of Data

SignToSee uses the collected data for various purposes:

To provide and maintain our Service, including URL routing and decryption.

To generate and preserve evidentiary Audit Trails for our Customers.

To notify you about changes to our Service or infrastructure.

To provide customer support and technical maintenance.

To process payments via our Merchant of Record.

To detect, prevent, and address technical fraud or bot abuse.

6. Retention of Data & The Article 17(3)(e) Legal Exception

6.1 Customer Account Data: We retain Customer Personal Data only for as long as is necessary for the purposes set out in this policy, or to comply with European tax and accounting laws (typically 7 years for billing records).

6.2 Audit Trail Retention (Crucial): The fundamental purpose of SignToSee is to provide our Customers with a verifiable record that a specific individual accessed protected content and accepted confidentiality terms. Therefore, Audit Trail Data (IP addresses, timestamps, signature logs) is retained indefinitely to protect the Customer.

If a Signer requests the deletion of their personal data under the GDPR Right to Erasure (Article 17), SignToSee reserves the right to deny the deletion of the Audit Trail under the explicit exception provided in GDPR Article 17(3)(e): "for the establishment, exercise or defence of legal claims."

7. EU Data Sovereignty and Transfer of Data

SignToSee is built on the principle of European Data Sovereignty.

Your information, including Personal Data and Hosted Files, is processed and maintained on servers located entirely within the European Union (e.g., via Hetzner in Germany or Scaleway in France). We actively avoid hyperscalers subject to the US CLOUD Act (AWS, Google Cloud) for our core hosting to protect your intellectual property from foreign extraterritorial jurisdiction.

If we utilize third-party sub-processors located outside the EU, we ensure strict compliance with the GDPR via Standard Contractual Clauses (SCCs).

8. Disclosure of Data

We may disclose personal information under the following circumstances:

To the Customer: Audit Trail data belonging to a Signer is fully visible and exportable by the Customer who generated the protected link.

Law Enforcement: Under certain circumstances, we may be required to disclose data if required by Belgian or EU law, or in response to valid requests by public authorities.

Business Transaction: If SignToSee is involved in a merger or acquisition.

9. Security of Data

We utilize advanced cryptographic measures, SSL/TLS transit encryption, and secure database architecture to protect your data. However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure.

10. Your Data Protection Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

If you wish to be informed what Personal Data we hold about you, email us at support@signtosee.eu.

You have the right to:

Access, update, or delete the information we have on you (Subject to the Article 17(3)(e) exception outlined in Section 6.2).

Rectification of inaccurate information.

Object to or Restrict processing.

Data Portability.

Please note that we will ask you to verify your identity before responding to such requests. If you are a Signer/Recipient requesting deletion of an Audit Trail, we will direct your request to the Customer (the Data Controller), but we will advise them of their right to retain the log for legal defense.

11. Data Processors and Service Providers

We employ specialized third-party EU-compliant companies to facilitate our Service:

Hosting & Infrastructure: Hetzner (Germany) / Scaleway (France)

Email Automation: Brevo (France)

Analytics: Privacy-first analytics (e.g., Plausible or Ghost CMS logs) that do not use invasive tracking cookies.

12. Payments and Merchant of Record

We use third-party services for payment processing and B2B VAT compliance. We do not store or collect your payment card details on our servers. That information is provided directly to our third-party payment processors (e.g., Paddle or Stripe), whose use of your personal information is governed by their Privacy Policy and strict PCI-DSS standards.

13. Children's Privacy

Our Services are strictly for B2B professional use and are not intended for anyone under the age of 18. We do not knowingly collect personally identifiable information from children.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective date."

15. Contact Us / Company Information

If you have any questions about this Privacy Policy or your GDPR rights, please contact us:

Commercial Brand: SignToSee

Legal Entity: Penserini & Vankan VOF

Enterprise Number (KBO): BE 1036.515.175

Email: support@signtosee.eu