Back to Login

Privacy Policy

Data Protection & POPIA Compliance

Last Updated: December 6, 2025
POPIA Compliance Notice: This Privacy Policy has been designed to comply with the Protection of Personal Information Act, 2013 (POPIA) of South Africa and other applicable data protection laws.

1. Introduction

Signaturely ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our multi-tenant digital signature system.

This policy should be read in conjunction with our End User License Agreement (EULA) and Terms of Service.

2. Information Officer Details

In accordance with Section 56 of POPIA, our Information Officer is responsible for ensuring compliance with POPIA:

Email: admin@signaturely.com
Company: Technoflexzone

3. Personal Information We Collect

Under POPIA, "personal information" means information relating to an identifiable, living person. We collect the following types of personal information:

Information Type Examples Purpose
Identity Information Name, surname, ID number, signature User identification and document signing
Contact Information Email address, phone number, physical address Communication and service delivery
Account Information Username, password (encrypted), agent codes Account management and authentication
Technical Information IP address, browser type, device information System security and performance
Usage Information Login times, documents accessed, signatures created Audit trails and system optimization

4. How We Collect Personal Information

We collect personal information through:

  • Direct Collection: Information you provide during registration, login, or document signing
  • Automatic Collection: Technical data collected through your use of our system
  • Third-Party Sources: Information received from authorized administrators or agents

5. Purpose of Processing (Legal Basis)

In accordance with Section 11 of POPIA, we process your personal information for the following purposes:

5.1 Primary Purposes

  • Providing digital signature services
  • User authentication and access control
  • Document management and storage
  • Audit trail maintenance for legal compliance
  • System security and fraud prevention

5.2 Secondary Purposes

  • Service improvement and optimization
  • Customer support and communication
  • Legal compliance and regulatory reporting
  • Business analytics (anonymized data only)

6. Data Subject Rights Under POPIA

As a data subject under POPIA, you have the following rights:

6.1 Right of Access (Section 23)

You have the right to request confirmation of whether we hold your personal information and to access such information.

6.2 Right to Correction (Section 24)

You may request correction or deletion of your personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained.

6.3 Right to Object (Section 11(3))

You may object to the processing of your personal information on reasonable grounds relating to your particular situation.

6.4 Right to Lodge Complaints

You have the right to lodge a complaint with the Information Regulator if you believe we have violated POPIA.

To exercise your rights, contact our Information Officer at: privacy@signaturely.com

7. Data Security Measures

In accordance with Section 19 of POPIA, we implement appropriate technical and organizational measures to secure your personal information:

7.1 Technical Safeguards

  • SSL/TLS encryption for data transmission
  • AES-256 encryption for data storage
  • Multi-factor authentication where applicable
  • Regular security audits and penetration testing
  • Automated backup and disaster recovery systems

7.2 Organizational Safeguards

  • Access controls and role-based permissions
  • Employee training on data protection
  • Confidentiality agreements with all personnel
  • Regular review of security policies and procedures
  • Incident response and breach notification procedures

8. Data Sharing and Disclosure

We limit the sharing of your personal information to the following circumstances:

8.1 Authorized Sharing

  • Within Your Organization: Authorized users within your company/tenant
  • Service Providers: Third-party providers who assist in service delivery (under strict data processing agreements)
  • Legal Requirements: When required by law, court order, or regulatory authority

8.2 We Do NOT Share Your Information With

  • Marketing companies or advertisers
  • Unauthorized third parties
  • Other tenants or organizations using our system
  • Social media platforms

9. Cross-Border Data Transfers

In compliance with Chapter 9 of POPIA:

  • We primarily store and process data within South Africa
  • Any cross-border transfers will only occur to countries with adequate levels of protection
  • Where adequate protection doesn't exist, we will obtain your explicit consent
  • We will implement appropriate safeguards such as standard contractual clauses

10. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this policy:

Data Type Retention Period Reason
Account Information Duration of account + 7 years Legal compliance and audit requirements
Signed Documents 7-30 years (depending on document type) Legal evidence and regulatory requirements
Audit Logs 7 years Security and compliance auditing
Technical Logs 2 years System security and performance

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure system security
  • Analyze system performance (anonymized data)

You can manage cookie settings through your browser, but this may affect system functionality.

12. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

13. Data Breach Notification

In accordance with Section 22 of POPIA, in the event of a data breach that poses a risk of harm to data subjects:

  • We will notify the Information Regulator within 72 hours
  • Affected data subjects will be notified without undue delay
  • We will provide details of the breach and steps being taken to address it

14. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our system
  • Sending email notifications to registered users
  • Requiring acknowledgment of changes upon next login

15. Contact Information

For Privacy-Related Inquiries:

Email: admin@signaturely.com
Company: Technoflexzone

Information Regulator (South Africa):

Website: www.justice.gov.za/inforegulator/
Email: inforegulator@justice.gov.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

Your privacy is important to us. By using our system, you consent to the collection and use of your personal information as described in this Privacy Policy and in accordance with POPIA and other applicable laws.