SpryeSign
Sign in

GDPR Compliance

Last updated: January 1, 2026

EU/EEA Residents

This page describes how SpryeSign processes personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, and the rights available to EU and EEA residents.

Data Controller

SpryeSign, Inc. acts as the data controller for personal data collected through accounts and the signing process. For users signing documents on behalf of third parties, SpryeSign also acts as a data processor on behalf of the account holder.

Contact our Data Protection Officer at dpo@spryesign.com.

Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the SpryeSign service you have signed up for
  • Legal obligation: Maintaining e-signature audit trails as required by eIDAS and applicable laws
  • Legitimate interests: Security monitoring, fraud prevention, and service improvement
  • Consent: Marketing communications (where opted in)

Your Rights Under GDPR

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your data for direct marketing or legitimate interests.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email privacy@spryesign.com. We will respond within 30 days.

Data Transfers

Your data is stored and processed within the EU/EEA where possible. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

Retention Periods

We retain personal data only as long as necessary for the purposes described in our Privacy Policy. Completed signing audit trails are retained for up to 7 years to satisfy eIDAS legal requirements.

Automated Decision-Making

SpryeSign does not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your data in accordance with GDPR.

Contact

Data Protection Officer: dpo@spryesign.com
General privacy enquiries: privacy@spryesign.com