Privacy Policy
Version Date: June 27, 2024
At MyeSign International, privacy is a priority. The purpose of this document is to set out how MyeSign International, Inc. and its affiliates (“us,” “our,” or “we”) collect, use, store, or otherwise process personal information about customers and other individuals (collectively "you") who access or use our websites, including myesign.com and iloveesign.com, our mobile applications, our web client or professional client, and/or any of our other websites, products, or services that link to this Privacy Notice (the “Services”). By using our Services, you understand that we will collect and use your personal information as described in this Privacy Notice.
In some cases, we may process your personal information pursuant to an agreement with a third-party organization. In those cases, the terms of that agreement may govern how we process your personal information. If you believe a third-party organization has asked us to process your personal information on their behalf, please consult with them in the first instance as they will be responsible for how we process your information. This Privacy Notice (“Notice”) does not apply to any third-party websites and apps that you may use, including those to which we link in our Services. You should review the terms and policies for third-party websites and apps before clicking on any links.
MyeSign International’s core product and Services help users create, complete, and show the validity of digital or electronic transactions, such as electronically signing a contract for mobile phone services or placing a digital signature on a loan application. As part of our Services, users want us to collect and record information that helps the parties prove the validity of the transactions, such as the names of the persons who are involved in the transactions and the devices those persons use.
We recommend that you read this Notice in full to ensure you are fully informed about the manner in which we collect, use, store, or otherwise process your personal information as well as your privacy rights.
Collection of Personal Information
You have choices about whether you visit our websites, install our apps, or provide personal information to us. However, if you do not provide us with certain personal information, you may not be able to use some parts of our Services. For example, if you do not adopt an electronic signature, then you will not be able to sign certain electronic documents on our Service. For choices and rights, you may have, please see Sections 5 and 8 of this Notice.
Personal Information We Collect from You. You provide us with personal information about yourself when you:
- Register or log in to your account.
- Start, sign, or review an electronic document.
- Create or edit your user profile.
- Contact customer support.
- Comment on our blogs or in community forums.
- Participate in surveys, sponsored events, sweepstakes, or when you sign up for newsletters.
You also provide us with personal information about others when you use parts of our Services, such as when you:
- Start or participate in an electronic transaction, such as an envelope within MyeSign International Signature.
- Add others as a member to an existing account.
- Leave comments.
- Refer friends.
Your main choice for this type of personal information is simply not providing it, such as by not creating a profile or not leaving a comment in a blog. For other choices you may have, please see Section 5 of this Privacy Notice.
Examples of the categories of personal information you may provide are:
- Identifiers and contact information. This includes your name, email address, mailing address, phone number, or electronic signature.
- Commercial information. This includes billing and payment information (e.g., credit card number, expiration date, visual cryptogram), products or services purchased.
- Geolocation. This includes physical location
Personal Information We Collect Automatically. We may automatically collect personal information from you and your devices when you use our Services, including when you visit our websites or apps without logging in. For choices you may have on what information we automatically collect, please see Section 5 of this Privacy Notice.
The categories of personal information we may automatically collect includes:
Device, Usage Information, and Transactional Data. We collect personal information about how you use our Services and the devices (e.g., computers, mobile phones, tablets) you use to access our Services. This may include, but is not limited to, the following:
- IP address.
- Precise geolocation information that you allow our apps to access (usually from your mobile device).
- Unique device identifiers and device attributes, such as operating system and browser type.
- Usage data, such as web log data, referring and exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date(s) and time(s) you used our Services, the frequency of your use of our Services, error logs, and other related information.
- Transactional data, such as names and email addresses of parties to a transaction, subject line, history of actions that individuals take in connection with a transaction (e.g., review, sign, enable features) and personal information about those individuals or their devices, such as name, email address, IP address, and authentication methods.
Cookies and Related Technologies. We use cookies, which are text files containing small amounts of information that are downloaded on your device, or related technologies, such as web beacons, local shared objects and tracking pixels, to collect and/or store information. For additional information about cookies and related technologies, including details of how to opt out, please read our Cookies Notice.
Information We Collect from Other Sources. Subject to applicable law, we may collect personal information about you from others, such as:
- Third-Party Sources. Examples of third-party sources include marketers, partners, researchers, affiliates (like companies under common ownership or control of MyeSign International), service providers, and others where they are legally allowed to share your personal information with us. For example, if you register for our Services on another website, the website may provide your personal information to us.
- Other Customers. Other customers may give us your personal information. For example, if a customer wants you to sign an electronic document in our Services, he or she will give us your email address and name.
- Combining Personal Information from Different Sources. We may combine the personal information we receive from other sources with personal information we collect from you (or your device) and use it as described in this Notice.
Personal Information We Collect & Process on Behalf of Customers. When our business customers use certain Services, we generally process, and store limited personal information on their behalf as a data processor. For example, in the context of MyeSign International eSignature, when a customer uploads contracts or other documents for review or signature, we act as a data processor and process the documents on the customer's behalf and in accordance with their instructions. In those instances, the customer is the data controller and is responsible for most aspects of the processing of the personal information. If you have any questions or concerns about how personal information is processed in these cases, including how to exercise your rights as a data subject, you should contact the customer (either your employer or the individual or entity requesting your signature). If we receive any rights requests concerning instances where we act as data processor, we will forward your query on to the relevant customer.
Use of Personal Information
Use of Personal Information Regarding Cloud Drives:
MyeSign International (MESI) and all of our MESI Products, including MyeSign, offer integration with Google Drive and Dropbox to allow users to upload files from their cloud drives to use for packets and packet templates. Additionally, MESI allows users to sync contacts between their Google account and their account with MESI Products.
MyeSign International and all of our MESI products, including MyeSign, strictly adheres to the Google API Services User Data Policy. To add files directly from your google Drive, MyeSign needs permission to access and download files you select to use to create a packet. Likewise, to sync contacts directly from your Google Account, MyeSign needs permission to access and download contacts you select to add to your account.
Important: The permission to access Google Contacts or Google Drive is a READ-ONLY request. We are asking for the ability to upload contacts from your google contacts to our system and/or the ability to upload files from your drive to our system. These requests are ALWAYS transmitted across the secure HTTP protocol (HTTPS) and stored in database and cloud storage in the Google Cloud Platform ecosystem.
Collection and Use of Google Contacts: Our web application allows you to upload your Google Contacts into our system for use with our platform's various features. When you select the "Upload Contacts" action, we collect and store the contact data you provide us. However, we never query your Google contact book without your explicit initiation of the action.
One of the primary reasons we allow users to upload contacts into our system is so they can use the People dashboard to create packets for their contacts. We may also use your contact data to provide you with other services, such as allowing you to share information with your contacts, or to provide you with customized content and features. We may also use your contact data to communicate with you about our products and services, or to send you marketing materials, but only if you have opted in to receive such communications.
Please note that we do not sell or rent your contact data to third parties. However, we may disclose your contact data to third-party service providers who assist us in providing our services, such as hosting and maintenance providers, or to comply with legal obligations, such as responding to a court order or subpoena.
General Use of Personal Information
In general, and subject to applicable law, including consent (as required), we may use your personal information to provide, fix, and improve our Services, develop new Services, and market our companies and their products and Services. Examples of how we use the personal information we process include, but are not limited to, the following:
- Provide you with and collect payment for the products and Services and products you request.
- Create your account and manage your relationship with us (e.g., communicating with you, providing you with requested information).
- Send you records of our relationship, including for purchases or other events.
- Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you.
- Record details about transactions involving electronic documents (e.g., who initiated, viewed, or signed the documents; signers’ IP addresses; timestamps).
- Run sweepstakes, contests, and refer-a-friend programs.
- Choose and deliver content and tailored advertising and support the marketing and advertising of our Services.
- Create and review data about our users and how they use our Services.
- Test changes in our Services and develop new features and products.
- Fix problems you may have with our Services, including answering support questions, customer education and training, and resolving disputes.
- Manage the Services platform, including support systems and security.
- Prevent, investigate, and respond to fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior.
- Comply with legal obligations.
- Meet legal retention periods.
- Establish, exercise, or defend our rights in legal claims.
Other Uses. We may combine the personal information we collect (“aggregate”) or remove pieces of personal information (“de-identify”) to limit or prevent identification of any particular user or device to help with goals like research and marketing. Once such information has been aggregated and anonymized so that it is no longer considered personal information under applicable data protection law, this Notice does not apply.
Lawful Basis for Processing Your Personal Information. If European data protection law applies and where MyeSign International acts as a data controller, our lawful basis for collecting and using the personal information described in this Notice will depend on the type of personal information concerned and the specific context in which we collect or use it.
We normally collect or use personal information only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may have a legal obligation to collect or retain personal information or may need the personal information to protect your vital interests or those of another person. For example, when we:
- Use personal information to create and manage an account, we do so in order to provide you with relevant Services and perform our contract with you.
- Gather and record data associated with use of a digital certificate or digital signature, we do so to comply with regulations.
- Use names and email addresses for email marketing purposes, we do so with your consent (which you can withdraw at any time) or, where permitted under applicable law, on the basis of our legitimate interests.
- Gather usage data and analyze it to improve our Services or ensure the security of our websites, we do so based on our legitimate interest in safeguarding and improving our Services.
If you have questions about or need further information concerning the lawful basis on which we collect and use your personal information, please contact us using the contact details provided in Section 11 of this Notice. Note that in situations where MyeSign International acts as a processor, it is our customer who determines the appropriate legal basis associated with processing activities, and queries about the applicable lawful basis should be directed to them.
Personal Information Sharing
Subject to applicable law, including consent (as required), we may share personal information as follows:
We share personal information as follows:
- Service Providers. We share your personal information with service providers we use to support our Services. These companies provide services like intelligent search technology, intelligent analytics, advertising, authentication systems, bill collection, fraud detection, and customer support. We have contracts with our service providers that address the safeguarding and proper use of your personal information.Affiliates. We may share your personal information with other companies under common ownership or control with MyeSign International. These companies use your personal information as described in this Notice.Marketing Partners. We may share your personal information with sponsors of events, webinars, or sweepstakes for which you register, or other parties with whom we may engage in joint marketing activities.Public or Government Authorities. We may share your personal information to comply with our legal obligations, regulations, or contracts, or to respond to a court order, administrative, or judicial process, such as a subpoena, government audit, or search warrant where we are legally compelled to do so. We also may share your information when there are threats to the physical safety of any person, violations of MyeSign International policies or other agreements, or to protect the legal rights of third parties, including our employees, users, or the public.Corporate Transactions. Your personal information may be disclosed or transferred to relevant third parties in the event of, or as part of the due diligence for, any proposed or actual reorganization, sale, merger, consolidation, joint venture, assignment, transfer, or other disposition of all or part of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding). If a corporate transaction occurs, we will provide notification of any changes to the control of your information, as well as choices you may have.Consent. We may share your personal information in other ways if you have asked us to do so or have given consent. For example, with your consent, we post user testimonials that may identify you.
Your personal information may also be shared as described below:
- Other MyeSign International users. When you allow others to access, use, or edit content in your account, we share that content with them. For example, if you send an envelope to others for review or signature, we make the contents of the envelope available to them.
- Third Parties. When you make a payment to another user within our Services, we share your payment method details with the third-party payment processor selected by you.
- Public Information.
- User-Generated Content. When you comment on our blogs or in our community forums, this information may also be read, collected, and used by others.
- Profile Information. When you create a MyeSign International profile, other MyeSign International users can view your profile information. If you would like to make this information private, please visit your account settings.
- Your Employer or Organization. When you create an account or user role with an email address assigned to you as an employee, contractor or member of an organization (e.g., yourname@youremployer.com or yourname@nonprofit.org), that organization (if it is a MyeSign International customer with certain features) can find your account and take certain actions that may affect your account.
Retention of Personal Information
We keep your personal information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain personal information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws as set out in our data retention policy and information handling standards. Generally, this means we retain your personal information to comply with any retention or statutory limitations or for purposes of performing a contract with you. Where there are technical limitations that prevent deletion or anonymization, we safeguard personal information and limit active use of it.
Your Choices
This section describes many of the actions you can take to change or limit the collection, use, storage, or other processing of your personal information.
- Profile. You are not required to fill out a profile. If you do, you can access and review this personal information. If any personal information is inaccurate or incomplete, you can make changes in your account settings.
- Marketing Messages. You can opt out of email marketing messages we send you by clicking on the “unsubscribe” link in the email message. Please note that we may send you one message to confirm you want to opt out. If you are a registered user of our Services, or if you have engaged in transactions with us, we may continue to send transactional or relationship messages (e.g., signing notifications or account notifications) after you opt out of marketing messages.
- Cookies and Other Related Technology. You can decline cookies through your browser settings or via the MyeSign International Cookie Preference Center and other methods detailed in our Cookie Notice. However, if you decline cookies, you may not be able to use some parts of our Services. Please note we do not recognize or respond to browser initiated Do Not Track signals.
- Device and Usage Information. If you do not want us to see your device location, you can turn off location sharing on your device, change your device privacy settings, or decline to share location on your browser.
- Closing Your Account. If you wish to close your account, please log in to your account and edit your plan.
- Complaints. We are committed to resolving valid complaints about your privacy and our collection, use, storage, or other processing of your personal information. For questions or complaints regarding our data use practices or this Notice, please contact us via support@myesign.com.
Children's Privacy
Our Services are not designed for and are not marketed to people under the age of 18 or such other age designated by applicable law (“minors”). We do not knowingly collect or ask for personal information from minors. We do not knowingly allow minors to use our Services. If you are a minor, please do not use our Services or send us your personal information. We delete personal information that we learn is collected from a minor without verified parental consent. Please contact us via support@myesign.com if you believe we might have personal information from or about a minor that should be removed from our system.
Information for California Residents
In addition to the other information and rights described in this Privacy Notice, California residents are also entitled to certain additional information and have certain additional rights under the California Consumer Privacy Act (“CCPA”) with respect to their personal information. If you are a resident of California (a “Consumer” as defined by the CCPA), this section of the Privacy Notice applies to you. If you are not a Consumer, this section does not apply to you, and you should not rely on it.
A. Information We Collect and How We Use It
Below is a summary of our collection and use of “personal information” (as defined by the CCPA) about Consumers in connection with our Services. For additional details, please consult the other sections of this Privacy Notice.
Categories of Personal Information we may collect and use for our commercial and business purposes:
- Contact and account registration information. When you register for an account or contact us you may provide your name, email address, physical address, phone number, account username and password, electronic signature, and other related information.
- Financial or payment information. We collect information about payment methods that you provide, billing information, and information about the products or services you purchase.
- Transaction information. When you use the Services to conduct a transaction, we may collect names and email addresses of parties to a transaction, subject line, history of actions that individuals take on a transaction (e.g., review, sign, enable features) and personal information about those individuals or their devices, such as name, email address, IP address, and authentication methods.
- Customer service information. We collect information about your customer service communications with us, including, for example, questions and other messages you address to us directly through online forms, by email, over the phone, or by post.
- Information about your web browser, mobile device, or internet connection. When you access our Services online, we may automatically collect IP address, device identifiers and device attributes, including cookie IDs, mobile advertising IDs, and other similar unique identifiers, data about how you interact with the Services online (usage data), location information (e.g., city, state, country, and ZIP code associated with your IP address or derived through Wi-Fi triangulation) and, with your permission in accordance with your mobile device settings, precise geolocation information from GPS-based functionality on your mobile device.
Commercial and Business purposes for which we use the personal information we collect:
- Provide you with and collect payment for the products and Services you request.
- Create your account and manage your relationship with us (e.g., communicating with you, providing you with requested information).
- Send you records of our relationship, including for purchases or other events.
- Market features, products, or special events using email or phone or send you marketing communications about third party products and services we think may be of interest to you.
- Record details about transactions involving electronic documents, (e.g., who initiated, viewed, or signed the documents; signers’ IP addresses; timestamps).
- Run sweepstakes, contests, and refer-a-friend programs.
- Choose and deliver content and tailored advertising and support the marketing and advertising of our Services.
- Create and review data about our users and how they use our Services.
- Test changes in our Services and develop new features and products.
- Fix problems you may have with our Services, including answering support questions and resolving disputes.
- Manage the Services platform including support systems and security.
- Prevent, investigate and respond to: fraud, unauthorized access to or use of our Services, breaches of terms and policies, or other wrongful behavior.
- Comply with legal obligations.
- Meet legal retention periods.
- Establish, exercise, or defend our rights in legal claims.
B. The Right to Opt Out of Sales of Personal Information
Consumers have the right to opt out of “sales” of their personal information under the CCPA. According to the CCPA, and subject to certain exceptions, a business “sells” personal information when it sells, rents, releases, discloses, disseminates, makes available, transfers, or otherwise communicates orally, in writing, or by electronic or other means, a consumer’s personal information to another business or a third party for monetary or other valuable consideration.
As explained further in Section 3 of this Privacy Notice, we share personal information with other companies.
Consumers may submit requests to opt out of such sharing using the following methods:
- Adjust your cookie settings and select the option to opt out of respective cookie activities.
- Click the link to “unsubscribe” at the bottom of any MyeSign International marketing communication.
C. The Right to Access
Consumers have the right to request certain details about the personal information we have collected about them (generally, within the past 12 months). This includes the right to request:
- The specific pieces of personal information and the categories of personal information that we have collected about them.
- What categories of personal information we sold or disclosed for business purposes and the categories of third parties to whom we sold or disclosed that information for a business purpose.
- The categories of sources from which we collected personal information.
D. The Right to Deletion
Consumers have the right to request that we delete the personal information we have collected from them. In certain circumstances, however, the CCPA allows us to retain information for particular purposes (for example, if we need to retain the information to meet our legal obligations, and for certain other limited reasons set forth by the CCPA).
E. How to Exercise Access and Deletion Rights
Consumers may submit requests for access to or deletion of their personal information using any of the following methods:
- You may contact us at support@myesign.com
For security purposes, we will attempt to verify your identity prior to fulfilling your request. If you have an account with us, we may verify your identity through your login to your account. If you do not have an account with us, we may need to respond to your request or otherwise contact you to request additional information from you to verify your identity (including, but not limited to your name, email address, or telephone number).
If we are able to verify your identity, we will respond to your request to the extent we are able to and as required by law. If we cannot verify your identity, we may request additional information from you or we may deny your request. If we are unable to fulfill your request(s) in their entirety, we will provide further information to you about the reasons that we could not comply with your request.
Certain personal information may be exempt from such requests under applicable law. In addition, we need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
F. The Right to Nondiscrimination
Consumers have the right not to be discriminated against for exercising their CCPA rights. We will not deny, charge different prices for, or provide a different level of quality of goods or services with respect to Consumers who choose to exercise their CCPA rights.
G. Authorized Agents
Consumers may designate an agent to make CCPA requests on their behalf. For Consumers who do so, we will take steps to verify both the identity of the consumer seeking to exercise their rights as described above, and to verify that the consumer’s agent has been authorized by them to make a request on their behalf by requesting a signed written authorization or a copy of a power of attorney.
H. “Shine the Light”
California residents may ask for a list of third parties that have received your personal information for direct marketing purposes during the previous calendar year. This list also contains the types of personal information shared. We provide this list at no cost. If you are a California resident and would like to request this information, please contact us via support@myesign.com.
Your Privacy Rights
You may have certain rights related to your personal information, subject to local data protection laws, as described in more detail below. To exercise any of these rights, please contact us via support@myesign.com
- You also can request the following information: how we collect and use your personal information and why; the categories of personal information involved; the categories of recipients of your personal information; how we received your personal information and its source; our business purpose for using your personal information; and how long we use or store your personal information or the manner in which we determine relevant retention periods.
- You have a right to correct inaccurate personal information about you, and you should notify us immediately if you believe the personal information, we hold about you is inaccurate, incomplete, or out-of-date.
- In certain situations, you can ask that we erase or stop using your personal information, object to or restrict the use of your personal information or export your personal information to another controller.
- Where we rely on your consent to process your personal information, you have the right to decline consent and/or, if provided, to withdraw consent at any time. This will not affect the lawfulness of processing prior to the withdrawal of your consent. At any time, you can request that we stop using your personal information for direct marketing purposes. See Section 5 (Your Choices) of this Notice for more information on your choices.
- If you are unsatisfied with our response to your complaint, you have a right to raise questions or complaints with your local data protection authority at any time.
If you make a request to exercise the rights referenced above, we will require you to provide certain information for identity verification purposes. If you have an account with us, we may verify you through your login of your account. If you do not have an account with us, we may require you to provide additional information from which we can confirm your identity. You may authorize an agent to make a request to us on your behalf and we will verify the identity of your agent or authorized legal representative by either seeking confirmation from you or documents that establish the agent’s authorization to act on your behalf.
Certain personal information may be exempt from such requests under applicable law. We need certain types of personal information so that we can provide the product and Services to you. If you ask us to delete it, you may no longer be able to access or use our product and Services.
If you wish to exercise these rights, please contact us via support@myesign.com.
Transfers to the U.S. and Third Countries. Subject to applicable law, we may transfer your personal information outside of your jurisdiction, including for further processing. MyeSign International has adopted Binding Corporate Rules to facilitate the transfer of personal information from the European Economic Area and/or United Kingdom ("EEA") to MyeSign International outside of the EEA. Transfers outside the MyeSign International group are only made to organizations that agree to adhere to the standards in our Binding Corporate Rules or use another valid alternative under data protection law.
How We Protect Your Personal Information
We have implemented appropriate technical, physical, and organizational measures to protect your personal information from misuse or accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, acquisition, or access as well as all other forms of unlawful processing. To achieve this, we have developed and implemented an Information Security Management System and other sub-policies and guidelines relating to the protection of your personal information. For example, our staff is permitted to access customer personal information only to the extent necessary to fulfill the applicable business purpose(s) and to perform their job, subject to confidentiality obligations.
Changes to This Privacy Notice
We may amend this Notice to reflect changes in the law, our companies, our Services, our data processing practices, or advances in technology. Our use of the personal information we collect is subject to the Privacy Notice in effect at the time such personal information is used. Depending on the type of change, we may notify you through email.