This policy covers how Signable handles both personal and non personal information that Signable collects and receives. Signable will never release any information that can identify you as an individual. Any information collected, via means of submitted data or server logs, is safely and securely stored.
Data protection and GDPR
Signable is based in the UK, with infrastructure in the UK. Your personal data never gets transferred outside of the EU (European Economic Area). We fully comply with GDPR as below.
Signable is a data processor with our customers being a data controller. Signable will also act as a data controller but only for our direct customer’s data. When referencing signer data, Signable is acting as a data processor only. The end user, the person actually using Signable, is the data subject and has a direct relationship with the data controller.
Use of 3rd party processors
Signable is committed to notifying controllers when, or if, a change in 3rd party data processors are made. For example, if Signable was to use a different file storage provider (we currently use AWS S3), notification of this change would be made with the right to object. We maintain a strict control over the types of 3rd party processors that we use and we keep this to an absolute minimum, where required.
Right of data erasure
When a data controller deletes something from their Signable account, it will be deleted on our systems, as well as on any 3rd party systems that we use. If you wish to exercise your right to data erasure, please contact our support team with your request at help@signable.co.uk.
Right of data portability
Signable provides tools which allow a data controller to download a full export of their account, which can be used by the data controller to fulfil their obligations to the end user (or data subject).
Co-operation with Information Commissions Officer
Signable is fully registered with the ICO and is committed to complying with the ICO on any data security matter.
Notice of breach
Signable is committed to notifying its customers of any breach in data, within 72 hours of discovering it. This will be communicated via email, via the main email address on your account.
Third Party information
Signable will not sell any personal identifying information to any Third Party, but may provide non personal identifying data to Third Parties. Signable may contain links to websites outside of our control and as such cannot be held responsible for any data collection methods they employ or data distribution methods.
Collected information
Signable monitors and analyse its website logs, to ensure that the website is performing to the best of its ability and to ascertain demographic information. Data collected includes IP addresses, dates & times, URL’s visited and actions performed. This information is also used to uniquely identify document signers.
Cookies
Signable makes use of “session cookies” to log registered users into the Signable system and “persistent cookies” to retain data over a series of sessions (e.g. promotion tracking). Cookies set by Signable shall never contain personal identifying information. We also use Google Analytics cookies. To opt out of these cookies please visit Google’s Ad Settings.
For more information about our use of cookies on the Signable website, read our cookies policy.
Opting out of emails from Signable
At the bottom of every email that is sent to either you, as a Signable customer will be a link which you can click which will unsubscribe from all emails from Signable. Please be aware that if you choose to do this you won’t receive any emails from Signable. This includes billing notifications, request for signature emails and important information about your account.
Anonymous statistic tracking
We use Google Analytics across our system to help us monitor how Signable is being used. All information that is gathered is completely anonymous. We also use ‘Google Analytics Demographics and Interest Reporting’ to help improve Signable. If you wish to opt out of this please download and install the Google Analytics Opt-Out Tool.
Remarketing
We perform remarketing via Google Adwords and Google Analytics. You may see our adverts on other pages via Google’s Display Network after you have visited our site. When visiting our site, a cookie is stored which is then used across the Google Display Network. This cookie doesn’t contain any personal information. If you wish to opt out of Google’s use of cookies please visit Google’s Ads Settings.
Slack Privacy
We abide by the Slack App Directory Agreement and the Slack App Developer Policy as well as all other Slack guidelines and policies including the Privacy Policy, Security Review, Partner Terms, Terms of Service, the API Terms of Service.
The Signable user who authenticates the app with their Slack workspace will be invited to select an existing Slack channel where envelope notifications will be sent. This user can determine who has access to this Slack channel. To deactivate a Slack channel from the Signable integration, you can remove the channel via the Signable app integrations page.
When you interact with Slack, we receive various events. We specifically track and log events related to app authentication, uninstallation, or access revocation to maintain the integrity of our service and your account. The data contains no personally identifiable or business information; it only includes Slack-generated IDs, as specified in Slack’s documentation on payloads for app_uninstalled and tokens_revoked. Signable does not subscribe to any other event bots from Slack and, therefore, does not receive any other data.
Signable allows customers to set their own data retention policies for documents.
By default, customer data is retained for 7 years.
Google API Privacy
We use the Google API in the following way: Google Drive Integration – We adhere to Google API Services User Data Policy. We export completed envelopes into folders in Google Drive which are explicitly specified by the user. A copy of this document is processed through our system like any other document that is uploaded. We do not use data in Google Drive in any other way. We do not use or share this information in any other way.
Google Docs Add-On
We adhere to Google API Services User Data Policy. When a user adds the Signable App from within the Google Docs app we connect out to the Signable API to authenticate the user over HTTPS. Once authenticated we enable the user to perform actions within a panel from within Google Docs. This includes the ability to add ‘Signable Tags’ – which are custom tags that allow the user to add fields specific to Signable to the Google document, and also we enable the user to manage “Parties” (users and email addresses that will receive the document) from within Google Docs. The User can then Send this document. When this happens a copy of this document is then processed through our system like any other document that is uploaded. We do not use or share this information in any other way.