NomaSignNomaSign

NomaSign Privacy Policy

1. Introduction

NomaSign ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital signing platform and related services (the "Service").

We comply with applicable data protection laws, including the Protection of Personal Information Act (POPIA) of South Africa and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, and login credentials when you register
  • Payment Information: Billing address and payment details processed through our payment provider
  • Documents: Documents you upload for signing (stored in your connected cloud storage)
  • Communications: Information you provide when contacting support or providing feedback

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, and actions taken within the Service
  • Device Information: Browser type, operating system, device type, and screen resolution
  • Log Data: IP addresses, access times, and referring URLs
  • Signing Data: Timestamps, IP addresses, device fingerprints, and browser information captured during document signing for audit purposes

2.3 Information from Third Parties

When you connect cloud storage services (Microsoft OneDrive, Google Drive), we receive limited information necessary to facilitate file access. We do not access files beyond those you specifically share with the Service.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process transactions and send related information
  • Send signing requests and notifications on your behalf
  • Create and maintain audit trails for signed documents
  • Respond to your comments, questions, and support requests
  • Send technical notices, updates, and security alerts
  • Monitor and analyze usage trends to improve user experience
  • Detect, prevent, and address fraud and security issues
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal data based on:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Improving our Service, preventing fraud, and ensuring security
  • Legal Obligation: Compliance with applicable laws and regulations
  • Consent: Where you have given explicit consent (e.g., marketing communications)

5. Document Storage and Security

Your documents are stored in your own cloud storage (Microsoft OneDrive or Google Drive), not on NomaSign servers. This means:

  • You maintain custody and control of your documents
  • Documents are protected by your cloud provider's security measures
  • NomaSign accesses documents only when necessary to provide the Service
  • We do not retain copies of your documents after signing is complete

We implement industry-standard security measures including encryption in transit (TLS) and secure authentication protocols to protect your account and data.

6. Cookies and Tracking

We use cookies and similar technologies to operate and improve the Service. These include:

6.1 Essential Cookies

Required for the Service to function. These include authentication cookies that keep you logged in and security cookies that protect against fraud. These cookies do not require consent.

6.2 Analytics Cookies

We use Google Analytics to understand how visitors interact with our website. These cookies are only set after you provide consent through our cookie banner. You can withdraw consent at any time by clearing your browser cookies.

Cookie NamePurposeDuration
nomasign_sessionAuthentication (Essential)Session
nomasign_cookie_consentCookie preferences1 year
_ga, _gidGoogle AnalyticsUp to 2 years

7. Data Sharing

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: Third parties that help us operate the Service (payment processors, email services, cloud hosting)
  • Signing Recipients: When you send a document for signing, recipients see your name and email
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

8. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, subject to legal retention requirements
  • Portability: Receive your data in a structured, commonly used format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request restriction of processing in certain circumstances
  • Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at Contact support. We will respond within 30 days.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Data: Retained until you close your account, then deleted within 90 days
  • Documents: Stored in your cloud storage; we do not retain copies
  • Audit Trails: Retained for 3 years to support legal validity of signatures
  • Log Data: Server access logs, error logs, and security events can be retained for up to 12 months for security monitoring and troubleshooting

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant authorities, to protect your information during such transfers.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after such notification constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your rights, contact us:

  • Email: Contact support

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa) or your local data protection authority.