1. Who is responsible
Evenseal is the controller for personal data processed through Evenseal. For documents you send, you are the controller of the content and your signers’ data, and we act as your processor. For privacy questions, contact privacy@evenseal.com.
2. What we collect and why
| Data | Purpose | Lawful basis |
|---|---|---|
| Sender account (email, name) | Create and operate your account | Contract |
| Signer identity (name, email, IP, user agent) | Capture and evidence electronic signatures | Legitimate interest / legal record |
| Documents (original and sealed) | Provide the signing service | Contract |
| Billing identity (name, country, tax ID) | Process payment and taxes (via Paddle) | Contract / legal obligation |
| Error and usage telemetry | Keep the service reliable; measure aggregate usage | Legitimate interest |
3. Subprocessors and international transfers
We use a small set of vendors to run Evenseal (hosting, database, file storage, email, billing, error monitoring, and cookieless analytics). They are listed, with their regions and data-processing agreements, on our subprocessors page. Some are located outside your country; where required, transfers rely on the vendors’ standard contractual clauses or equivalent safeguards.
4. Retention and the legal-record split
Account information is kept for the life of your account. Completed documents and their audit chains are retained as a legal record. This distinction matters for deletion: when you ask us to delete your account, we tombstone your account profile (email and name), but the signer identity embedded in already-sealed documents and audit certificates is part of the legal record and is retained — the sealed files and hash chain are never rewritten, because doing so would forge the record.
5. Your rights
Subject to applicable law, you may request access to, correction of, deletion of, or a portable copy of your personal data, and you may object to or restrict certain processing. To exercise a right, email privacy@evenseal.com; we aim to respond quickly, typically within statutory time limits. Corrections to a document already sent are made by re-sending a corrected version, not by editing the sealed record.
6. Cookies
We use only strictly necessary cookies and privacy-friendly, cookieless analytics. See our Cookie Notice for details.
7. Security
We protect data in transit and at rest, hash signer access tokens, serve documents through short-lived links, and centralize access control. Read more on our security page.
8. Children
Evenseal is not intended for anyone under 18, and we do not knowingly collect their data.
9. Changes
We will update this policy as our processing changes; the “last updated” date above reflects the current version.
10. Contact and complaints
Reach us at privacy@evenseal.com. If you are in the EU/UK and believe we have not handled your data properly, you may also complain to your local data-protection supervisory authority.