Privacy policy

Last modified on: 18th of March 2024

Here at MySignature, we are committed to being fully transparent with you in regard with our privacy practices. For this reason, we developed this Privacy Policy to inform you about how we may process your personal data.

We tried to write this Privacy Policy in clear and plain language for your better understanding of the complicated legal stuff. By doing so we hope you will get all needed details to be assured your personal data is safe with us.

In this document, we will explain you the following issues:

  • what data we process, how we process it and for which purposes;
  • who have access to each type of your data;
  • for how long we retain your data;
  • what are your rights in respect of the processing of your data under GDPR and CCPA;
  • what are the last changes to this Privacy Policy (if applicable).

Our contact details are provided at the bottom of this document so you may always contact us and ask for clarifications or request the exercise of your rights.

I. What is personal data?

Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives an opportunity to a person that collects and processes such information to identify you as an individual. It can be your name, address, your location data, or information related to your physical, physiological, genetic, mental, economic, cultural or social identity. Personal data also includes such technical information as a Media Access Control address (MAC-addresses), International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), the Identity for Advertisers (IDFA), Internet Protocol address (IP-address), browser and system information.

Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.

Other terms used in this Privacy Policy have the same meaning as in our Terms of Use, European General Data Protection Regulation (or GDPR) and California Consumer Privacy Act.

II. What data we collect, how and for what purposes

Data you voluntary provide us

1) Account data

Scope:

When registering an account on our Website, you will need to provide us with your email address, first and last name, and email client. You will also need to create a password. Without these data we will not be able to provide you with our main Services, so we will call it ‘necessary data’.

When you sign up through a third-party social media account such as Google, Facebook or LinkedIn account, you give us consent to extract from such an account your first and last name, your email address and your profile picture.

While registering an account or filling your account information afterwards, at your own choice you may submit to your profile data about your industry, company name and your position in company, mobile phone. We will use this data to enhance your experience as it is detailed below, but it is not strictly required for the Services provision. We will call these data ‘additional account information’.

Lawful basis:

Necessary data enable us to provide you with the Services as it is detailed in our Terms of Use. Thus, the basis of contract performance serves as a lawful basis for processing in this case. Sometimes, we may process these necessary data on the basis of our legitimate interest, e.g. for direct marketing purposes or for analytics, to know our client better, as with the company size and industry.

As regards the additional account information, we may process it only if you voluntarily provide us with it. Where applicable, we will treat this clear and affirmative action as a request to provide you with some additional services (e.g. to customize your account) meaning the contractual basis will apply to such processing. In some cases, we will ask you for a consent to process your data for the specified purposes, for instance, for direct marketing purposes or to run analytics so to improve our Services. In other cases, we will process the relevant data on the basis of our legitimate interest.

Processing and purposes:

We process personal data that is required for the account registration to provide you with our main Services, including creating and maintaining your account, ensuring that everything works smoothly within your preferred email client, communicating with you at your request and identifying you when you want to publish information in our blog or forum.

At your own discretion you may supplement your account information. We will process such data only to let you customize your account at your own choice.

Sometimes we may process your email and name on the basis of our legitimate interest to send you newsletters and other communication. We may do so to provide you with some useful information, notify you on any updates regarding our Website or Services and inform you about our or our partners’ offers. In no case we will overwhelm you with hundreds of letters, but, at any time, you can choose to stop receiving our emails. If you want to cease this type of communication, simply use the “Unsubscribe” button which is present in each of our emails.

Company size and industry tell us more about our customers, their needs and interests. With the help of this information, we can improve and customize our Services to enhance your user experience. We may use such data to run analytics and/or for marketing purposes.

Retention period:

We will store all your account data as long as you keep your account active. We will also store your account data within 30 days after the account deletion to be able to reach you in case of any dispute.

2) Data from email signatures

Scope:

When creating email signatures, you may share with us your company name, department name, your position as well as your mobile phone, your photos, links to your social media accounts and other data at your own choice.

Lawful basis:

We will use this data only to provide you with our main Services as it is described in our Terms of Use. Thus, the contract performance serves as a lawful basis for this type of processing. Only in some cases we may process such data on the basis of our legitimate interest for marketing purposes.

Processing and purposes:

We will process such data only to let you create email signatures and further embed them into your (or your colleagues’) emails.

In some cases, we may use your email signatures for our marketing purposes as it is detailed in our Terms of Use. For instance, we may post email signatures created by you as examples for other users. In such cases we will blur or otherwise hide your personal data so not to infringe your rights.

Retention period:

We will store these data as long as you keep your account active and 30 days after its deletion unless you erase these data from the account earlier on your own.

3) Data from email

Scope:

Upon installing and logging-in to our Extension, while writing and sending an email you may share with us the access to the content of the email via your email client. The Extension then provides you with email-specific data, such as confirmation of receipt, confirmation of opening, time marks of first and last openings, time marks of clicks on the links in the email.

By clicking the links in emails composed with the active Extension, the email recipient will also provide data about his/her browser, operating system and IP-address.

Lawful basis:

In this case we provide you with technical means to collect and process data of your email recipients. Therefore, we act as a data processor, while you are a data controller regarding the collected data. We will use this data only to provide you with our Services under your instructions as it is described in our Terms of Use and in accordance with your instructions (enabled in Extension and Website account preferences). Thus, the contract performance serves as a lawful basis for this type of processing, where the contract is binding on us as a data processor.

Processing and purposes:

We will process such data only to let you know when your email recipients open your emails and how many times they have opened links in emails.

We guarantee that no one on MySignature reads your emails. We don’t send emails on your behalf or share their content or browsing data with third parties. We don’t process the email recipient`s personal data for purposes other than the provision of the Service requested by the User. We don’t store any of your emails or its content. We don’t transfer or store such data to unauthorized third parties. The list of authorized third parties is specified below in this Privacy Policy.

Note that under GDPR and CCPA you are responsible for the processing of the personal data of the email recipients. MySignature assists you in fulfilling your obligation under the GDPR, including Articles 32 to 36. As per your instruction, we will delete or return all personal data of the email recipients to you upon suspension of the Service provision, unless the applicable laws require otherwise. At your request we will provide you with the relevant information regarding data processing activities conducted on your behalf.

Retention period:

We will store these data as long as you keep your account active and 30 days after its deletion unless you erase these data from the account earlier on your own. For erasing these data please contact us via Contact Us page on our Website.

4) MyPage data

Scope:

You may use MyPage service to create your personal page with external links, you may share with us the data and links that you want to display for page viewers. As well as in email signature creation, you may share with us your company name, department name, your position, as well as your mobile phone, your photos, external links and other data at your own choice.

Lawful basis:

We will use this data only to provide you with our services as it is described in our Terms of Use and the service description on the Website, and to display the relevant shared information on your personal page. Thus, the contract performance serves as a lawful basis for this type of processing.

Processing and purposes:

Shared data will be processed to create your personal page for displaying the specifically provided data to page viewers. You may control what data will be displayed on your page and in what format. Still, you are obliged to comply with our Community Standards and guarantee that you don`t provide us data for illegal and unethical activities.

Retention period:

We will store these data as long as you keep your account active and 30 days after its deletion unless you erase these data from the account earlier on your own. For erasing these data or personal page please contact us via Contact Us page on our Website.

Automatic collection

We may collect some of your personal data automatically with the help of cookies and other similar technologies. We invite you to check our Cookies Policy for further details.

Other processing

Please note that sometimes we may process your data for the period longer than indicated in the sections above. Such processing could be carried only for statistical purposes and subject to the appropriate safeguards in accordance with applicable data protection laws.

What are statistical purposes? Statistical purposes mean any collection and processing of personal data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical results do not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands and improve our Services.

In most cases, we will anonymize your data before starting processing it for statistical purposes. As a result, such data will no longer be considered personal and its use will be not governed by data protection laws.

Additionally, we may process your data:

  • for the compliance with our legal obligations;
  • to protect your vital interests or vital interests of another natural person;
  • for the purposes of the legitimate interests pursued by MySignature or by a third party (e.g. to prevent or investigate possible wrongdoing in connection with the Website or to protect ourselves, our subcontractors, partners and affiliates against damages of any kind).

If we decide to change the purposes of processing specified above, we will inform you on such changes prior to the use of your personal data within the newly set purposes. Where applicable, you will have to provide your consent for the amended purposes (unless additional purpose of processing is compatible with those listed above).

Please note that we do not sell your data or make any decision based solely on automated processing that may produce legal effects or similar significant effects.

If you are located outside Ukraine and choose to provide information to us, please note that we transfer the data, including Personal Data, to Ukraine and process it there.

III. Access to personal data

You probably understand that our Website doesn’t work autonomously. In order to provide high-quality Services, we hire people, enter into agreements with independent contractors as well as cooperate with other service providers, companies and organizations. For those reasons, some of your personal data can be shared with the mentioned persons.

In all cases, we adhere to all the requirements of applicable data protection laws and do our best to ensure the security of data processing at all stages.

1) Our employees and contractors

Among our employees, there are only Customer Support, Sales and Marketing departments, as well as Development team who can access your data from our databases. They are exactly those persons who are responsible for achieving the declared purposes of data processing and that is why they need to have access to your data.

When we lack the internal capacity to deal with some tasks, we may engage both companies and individual entrepreneurs to help us to provide you with the Services. When we transfer data to the country not recognized by the European Commission as ensuring an adequate level of data protection, we will secure such transmission by including standard contractual clauses compliant with the EU data protection laws into our data processing agreements or by implementing other safeguards.

2) Third party services

Apart from our employees and sub-contractors, we engage the following third-party service providers:

DigitalOcean LLC (the USA) provides us with the cloud computing services, which allows us to store your data securely.

Intercom (the USA) provides us with the services of Customer Messaging Platform and enables the feature of online chat on our Website.

SendGrid (the USA) is our email marketing service that helps us to deliver newsletters and other emails to our users. SendGrid is Privacy Shield certified.

Pipedrive (the Republic of Estonia) is providing us with the Customer Relationship Management (CRM) services through the Pipedrive sales software.

Google Analytics (the USA) and Hotjar (Malta) are well-known online business analytics service providers that help us to understand how our users interact with our Website. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

Google Ads (the USA), Facebook Ads (the USA),are our external online advertisement services, which help us to promote our Services to customers. Google LLC, LinkedIn Corporation and Facebook Inc are certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. With Quora Inc. we have entered into the EU standard contractual clauses to safeguard your data.

Paddle (the USA) became our choice in sales. They run our billing processes, resolve relevant payment inquiries and help us to make refunds. Please take into account that it is not MySignature but only Paddle who collects your payment information. You can find more details about Paddle’s privacy commitments here.

If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites. However, we want to reassure you that due to their residency of headquarters or affiliates companies (USA and European Union) they all are subject to the best worldwide standards of data protection. We care about your data security and choose only reliable partners.

How we protect your data

We use Hypertext Transfer Protocol Secure (HTTPS) for keeping your data secured and your communication with the Website encrypted.

We store your data with DigitalOcean LLC and process it with the help of MySQL +PostgreSQL relational database management system.

In regard to protection from unauthorized access to personal data we have implemented firewall, VPN, passwords hashing and two-factor authentication.

For emergency cases we also regularly backup data to be able to restore it when it is needed. We require all our employees and subcontractors to enter into non-disclosure agreements and data processing agreements (if applicable).

We also will inform users and the respective agencies of personal data breaches should there be high risks of violation of your rights as data subjects. We would also do our best to minimize any such risks.

Your rights under GDPR

If you are an EU resident, you have the following rights regarding your personal data MySignature collects and processes:

1) Right to access to your personal data and right to data portability

This means that you can ask MySignature what personal data of yours is processed. You may ask us if we process your personal data or not. You may also ask for the clarifications on the information described in this Privacy Policy, i.e. purpose of collecting and processing, categories of data processed, period of processing, the list of third parties which have access to information, and information on protection measures we implemented. We may also provide you with your personal data in a structured, commonly used and machine-readable format to enable you to transmit that data to another party or service provider.

2) Right to rectify your personal data

You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.

3) Right to be forgotten

You can request us to erase personal data from our records and records of our third-party services if its processing is no longer necessary to achieve purposes for which it was collected. You may also request so if there are no legal grounds for the processing. In most cases, we will erase it unless otherwise required by legislation.

4) Right to restrict the processing of your personal data

In some cases, prescribed by law you will also be able to restrict the processing of your data. For example, if you contest the accuracy of your personal data being processed or if we are not interested in our processing of your personal data any longer, but you want us to do this for other reasons, for example, to bring some claim against somebody – then, instead of the erasure of information, its processing will be just restricted.

5) Right to withdraw your consent

You can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise set by law.

6) Right to object to the processing

In some cases, prescribed by the applicable laws you can object to processing of your personal data. You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.

If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing.

7) Right to complain

If you have doubts as to our reply or reaction, or absence of such, you have the right to lodge a complaint with a supervisory authority, empowered to resolve such complaints in your country.

VI. How to exercise your rights as to your personal data under GDPR?

Any requests to exercise your rights can be directed to MySignature via the contact details provided below. These requests are free of charge.

Please note that we may ask you to verify your identity before responding to such requests.

MySignature will provide information on action taken on your request related to your rights specified above within one month of receipt of the request for the longest. That period may be extended to two months if MySignature is overwhelmed by the number of requests or the request at issue is complicated and requires a lot of action. We will inform you of any such extension within one month of receipt of the request, together with the reasons of such delay.

Note to MySignature-processed email recipients. In order to stop processing of your personal data by MySignature products, including the Website and the Extension, you must first contact the relevant MySignature’s Services user. In the event that you contact us to exercise any right that assists you in matters of data protection, we may not be able to assist you with an immediate effect – we will inform the relevant MySignature user and redirect your request for further actions.

VII. Your rights under the CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • to request us to disclose to you the following information:
    1. the categories and specific pieces of personal data we have collected about you;
    2. the categories of sources from which the personal data is collected;
    3. the business or commercial purpose for collecting or selling personal data;
    4. the categories of third parties with whom we share personal data;
    5. the categories of personal data that we disclosed about you for a business purpose.
  • to request us to delete any your personal data;
  • to not be discriminated against when exercising any of the rights under the CCPA.

As regards the deletion request, we will normally exercise your right to be forgotten but we may retain the data if it is needed to:

(1) complete the transaction, fulfill the terms of a written warranty, provide services requested by you, or otherwise perform a contract with you;

(2) detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity;

(3) debug to identify and repair errors that impair existing intended functionality of the Website;

(4) exercise free speech, ensure the right of another consumer to exercise that consumer’s right of free speech, or exercise another right provided for by law;

(5) engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the data deletion is likely to render impossible or seriously impair the achievement of such research, and if you provided informed consent for such processing;

(6) to enable solely internal uses that are reasonably aligned with your expectations based on your relationship with MySignature;

(7) comply with a legal obligation.

VIII. How to exercise your rights as to your personal data under the CCPA?

Please keep in mind that if you request us to provide the above-mentioned information about processing of personal data, we are obliged to provide such information only for 12 months preceding the date of your request.

Ordinarily, we will ask you to prove your personality and your California residency when you submit your request.

To exercise your rights, just send us a request at our email address specified in Contact Details below. We will respond to you within 45 days after establishing your personality. Where it is reasonably necessary, we may extend the time for response to additional 45 days. In such cases, we will notify you of the extension.

Note to MySignature-processed email recipients. In order to stop processing of your personal data by MySignature products, including the Website and the Extension, you must first contact the relevant MySignature’s Services user. In the event that you contact us to exercise any right that assists you in matters of data protection, we may not be able to assist you with an immediate effect – we will inform the relevant MySignature user and redirect your request for further actions.

IX. Your age

The privacy of children is one of our concerns. Here at MySignature we can provide services only in case you are aged 16 or older. If you are under 16, you will need to get your parent’s/guardian’s permission before submission of any personal data to us. If you are underage, and there is no data as to your parent’s/guardian’s permission to use our Website, please do not provide us with your consent for data processing.

X. Changes to this Privacy Policy

We may amend or update this Privacy Policy from time to time, updating ‘Last modified’ date at the top of this Privacy Policy and adding the details to the ‘Key changes’ section. We will notify you in advance about upcoming changes. Your further use of the Website will confirm your acceptance of the new version of this Privacy Policy. When it is required by law, we will also ask for your consent to such updates. Should you disagree with this document you will need to stop using the Website.

XI. Contact information

If you have any questions, do not hesitate to contact us:
Contact email: [email protected]