Preamble

This Privacy Policy governs the collection, processing, and use of personal data in connection with the SignNTrack application provided by Innopulse Consulting GmbH, Gotthardstrasse 30, 6300 Zug, Switzerland. By using our services, you agree to the provisions of this Privacy Policy. The processing of personal data is subject to the General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DSG). This Privacy Policy applies to all digital services offered by SignNTrack, including web applications, mobile apps, integrations, and related platforms.

1. Definitions

Personal Data : Any information relating to an identified or identifiable natural person.
Processing : Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
Controller : The entity responsible for determining the purposes and means of processing personal data.
Processor : A natural or legal person processing data on behalf of the controller.
User : Any natural or legal person using SignNTrack’s services.
Content : All documents, text, files, and information uploaded or generated by users.
Data Subject : The individual whose personal data is being processed.
Third Country : Any country outside Switzerland and the European Economic Area (EEA) without an adequacy decision from the European Commission.

2. Person Responsible

Innopulse Consulting GmbH
Management: Leutrim Miftaraj
Gotthardstrasse 30, 6300 Zug, Switzerland
E-mail: info@signntrack.com
Phone: +41 79 508 28 06
Commercial register number: CH-170.4.021.748-3
UID/VAT: CHE-219.727.921

3. Types of Data Processed

Inventory data: name, address, company details.
Contact details: email address, phone number.
Contractual data: subscription type, billing details, invoices.
Content data: uploaded contracts, signed documents, comments, user-generated files.
Usage data: access logs, login times, visited pages, device events.
Meta and communication data: IP address, browser type, device identifiers.
Support data: inquiries, ticket history, attached files.
Marketing data: newsletter subscriptions, campaign interactions, consents.
Contact form data: first name and last name (mandatory), email (mandatory), phone (optional), message (mandatory). Google reCAPTCHA is used to prevent spam.

4. Processing of Special Categories of Data

SignNTrack does not intentionally process sensitive personal data under Art. 9(1) GDPR. If users upload such data in contracts or documents, processing is performed only to provide the service and remains the user’s responsibility.

5. Purpose of Processing

Provision and operation of the SignNTrack platform.
Registration, authentication, and account management.
Execution of electronic signatures and document workflows.
Billing, payment processing, and subscription management.
Customer support and communication.
IT security, misuse detection, and fraud prevention.
Service optimization and analytics (e.g. Google Analytics).
Marketing activities based on user consent.
Integration of third-party services (payment providers, calendars, cloud storage, maps).

6. Legal Bases

Consent (Art. 6(1)(a) GDPR) for newsletters, marketing, and optional integrations.
Contract performance (Art. 6(1)(b) GDPR) for account use, document signing, and billing.
Legal obligations (Art. 6(1)(c) GDPR) for retention duties and compliance.
Legitimate interests (Art. 6(1)(f) GDPR) for IT security, fraud prevention, analysis, and service improvements.

7. Security Measures

TLS/SSL encryption for all data transmissions.
AES encryption for stored sensitive data (e.g. passwords, signatures) via AWS Servers in Virginia USA
Access controls and multi-factor authentication for staff.
Regular penetration tests and vulnerability management.
Incident response procedures for breaches.

8. Processors and Third Parties

Data is processed by carefully selected service providers, including hosting companies, payment processors, analytics tools, and support systems. All processors are contractually bound by confidentiality and data protection obligations in line with Art. 28 GDPR.

9. Transfers to Third Countries

Data may be processed outside Switzerland and the EU, e.g. by authorized development partners (Pakistan, Kosovo). Transfers are based on Standard Contractual Clauses (SCCs), user consent, or contractual necessity.

10. Retention Periods

Contracts and invoices: 10 years (Swiss Code of Obligations).
Support tickets: 2 years.
Contact form requests: 1 year.
Marketing consents: until revoked.
Account data: until deletion, subject to statutory retention.
Log data: up to 12 months for security purposes.

11. Rights of Users

Right of access (Art. 15 GDPR).
Right to rectification (Art. 16 GDPR).
Right to erasure (Art. 17 GDPR).
Right to restriction (Art. 18 GDPR).
Right to data portability (Art. 20 GDPR).
Right to object (Art. 21 GDPR).
Right to withdraw consent at any time.
Right to lodge a complaint with the Federal Data Protection and Information Commissioner (EDÖB) or an EU supervisory authority, such as the Irish Data Protection Commission.

12. Data Subject Requests

Requests may be submitted by email to info@signntrack.com. We may request identity verification. Responses are provided within 30 days, as required by Art. 12 GDPR.

13. Data Protection Officer

Leutrim Miftaraj
Gotthardstrasse 30, 6300 Zug, Switzerland
E-mail: info@signntrack.com

14. Children’s Data

SignNTrack is not intended for children under 16. We do not knowingly collect data from minors. If such data is identified, it will be deleted immediately.

15. Automated Decision-Making

No automated decision-making or profiling under Art. 22 GDPR is performed in connection with SignNTrack.

16. Cookies and Tracking

Cookies and tracking technologies are used for session handling, analytics, and personalization. Preferences can be managed through Complianz Cookiebot. Details are available in our Cookie Policy.

17. Third-Party Services and Integrations

Payments: Stripe.
Maps: Google Maps.
Social media: Facebook, Instagram, LinkedIn, Twitter/X, Medium.

18. Cooperation with Authorities

Data may be disclosed to competent authorities when required by law or to protect our legal interests.

19. Business Transfers

In case of mergers, acquisitions, or restructuring, personal data may be transferred to third parties, provided that the same level of protection is maintained.

20. Electronic Signatures and Data Processing

SignNTrack processes personal data to enable electronic signatures.
Simple Electronic Signature (EES): storage of document, signer’s name, email address, IP address, signature image (if used), and timestamp.
Advanced Electronic Signature (AES) (planned): includes EES data plus identity verification data (e.g. SMS code, ID verification).
Qualified Electronic Signature (QES) (planned): highest security level, in compliance with the eIDAS Regulation and the Swiss ZertES law. Requires identity documents, digital certificates, and data from accredited trust service providers.
The legal basis for signature processing is Art. 6(1)(b) GDPR (contract performance). Signature data is stored for evidentiary purposes for as long as legally required or until deletion by the user.

21. Changes and Updates

We may update this Privacy Policy to reflect legal changes or service modifications. Significant changes will be communicated to users. The current version is always available at https://www.signntrack.com/privacy.

22. Applicable Law and Jurisdiction

This Privacy Policy is governed by Swiss law. The place of jurisdiction is Zug, Switzerland. For EU consumers, mandatory national consumer protection rules may apply.

23. Contact and Questions

For privacy-related inquiries:
E-mail: info@signntrack.com
Phone: +41 79 508 28 06

24. Useful Links

General Data Protection Regulation (GDPR)
Swiss Data Protection Act (DSG)
Federal Data Protection and Information Commissioner (EDÖB)
European Data Protection Supervisor (EDPS)
Irish Data Protection Commission (DPC)

Zug, 01.09.2025 – Innopulse Consulting