GDPR Compliance
InsertSign (“we”, “us”, “our”) is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page explains how we handle, process, and safeguard personal data of individuals in the European Economic Area (EEA) and Switzerland.
At InsertSign, we take data protection and privacy seriously. We are committed to complying with the General Data Protection Regulation (GDPR) and giving our users transparency, control, and security over their personal data.
1. Our Role Under GDPR
- Data Controller: For visitors to our website, account sign-ups, billing, and communications, InsertSign acts as the Data Controller.
- Data Processor: For documents you upload, send, and sign through our platform, InsertSign acts as a Data Processor. You (the User) remain the Data Controller of your documents and signer data.
2. Data We Process
We process only the data necessary to provide our services:
- Account details (name, email, billing information).
- Documents and files uploaded by you.
- Document metadata (name, size, type, creation date).
- Document content (when you view or sign documents).
- Document access logs (when you view or sign documents).
- Signer information (name, email, IP address, signing actions).
- Technical data (device type, browser, logs, and security metadata).
We do not sell or share your personal data with third parties for advertising.
3. Legal Basis for Processing
We process personal data on the following legal grounds:
- Contract: To provide the e-signature service you request.
- Consent: Where you have given us explicit consent (e.g., marketing emails).
- Legal Obligation: To comply with legal, tax, and regulatory requirements.
- Legitimate Interest: To improve our services, ensure platform security, prevent fraud, or communicate important updates, provided these interests are not overridden by your rights and interests.
4. Your Rights Under GDPR
As an EU/EEA user, you have the following rights:
- Access: Request a copy of the data we hold about you.
- Rectification: Correct incomplete or inaccurate data.
- Erasure: Request deletion of your data, where legally permissible (RTBF).
- Restriction: Request to limit the processing of your data.
- Portability: Request your data in a machine-readable format.
- Objection: Object to the processing of your data (based on legitimate interests or direct marketing).
- Withdraw Consent: Withdraw consent for processing at any time where processing is based on consent.
You can exercise these rights by contacting us at: privacy@insertsign.com
5. Data Storage & Transfers
We store your data securely in our cloud infrastructure.
- Documents and personal data are encrypted using AES-256 at rest and TLS 1.2+ in transit.
- Data is stored in secure data centers with industry-standard safeguards.
- For EU users, data may be transferred outside the EEA (e.g., to the United States) under GDPR-approved mechanisms such as Standard Contractual Clauses (SCCs).
6. Subprocessors
We use trusted third-party providers (e.g., cloud hosting, email delivery) to operate InsertSign. Each subprocessor is bound by GDPR-compliant agreements to protect your data. An up-to-date list is maintained below:
| Entity | Purpose | Location | Client Data |
|---|---|---|---|
| Google Cloud Platform | Application, database and file storage | United States | Yes |
| File backups, analytics | United States | Yes | |
| Postmark | Emails | United States | Yes |
| Twilio | SMS | United States | Yes |
| Typesense | Search engine | United States | Yes |
| Zapier | Workflow and data sync | United States | |
| Make | Workflow and data sync | United States | |
| Stripe | Billing | United States |
A current list is also available upon request at privacy@insertsign.com.
7. Data Retention
- Account data is retained while your account is active.
- Documents and signatures are retained until deleted by you or in line with your account settings.
- Audit logs are retained to ensure legal validity of signatures, unless deletion is requested and permissible under law.
8. Security
- All documents and signatures are encrypted with AES-256.
- All network communications are protected with TLS 1.2+.
- Access is controlled through strict authentication, authorization, and logging practices.
- Regular audits and monitoring ensure compliance and security.
This information may be visible to other users or the general public depending on your settings and usage. Please ensure that you are comfortable sharing this information before uploading.
9. International Data Transfers
We are based in the United States and use third-party service providers (subprocessors) that are also located in the United States. When personal data is transferred from the EEA/Switzerland to the United States, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Other valid transfer mechanisms permitted under GDPR.
We also conduct Transfer Impact Assessments (TIAs) to ensure that appropriate safeguards are in place.
10. Contact Us
If you have questions about GDPR, data processing, or your rights, please contact:
InsertSign – Data Protection Officer
Email: privacy@insertsign.com
Email: help@insertsign.com
Address: 2400 W Wyatt Earp Blvd, Dodge City, Kansas (67801)
Registered in Wyoming, USA
If you are not satisfied with how we handle your request, you may also lodge a complaint with your local Data Protection Authority (DPA).
11. Updates
We may update this GDPR page from time to time to reflect changes in regulations or our business practices. Updates will be posted here with a revised “Last Updated” date.
Last Updated July 25, 2025
Effective as of July 15, 2025