Privacy Policy

Last updated: May 2026

1. Information We Collect

When you use SignZA, we collect the following categories of personal information:

  • Account information: your full name and email address, collected at registration.
  • Uploaded documents: PDF files you upload for signature purposes.
  • Signing metadata: the IP address and browser user agent of each signer at the time of signing, used to create an audit trail.
  • Payment information: billing details processed and held by Paystack; SignZA does not store full card numbers.
  • Usage data: pages visited, features used, and actions taken within the platform, collected to improve the Service.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

  • To provide, operate, and maintain the SignZA e-signature service.
  • To authenticate users and manage account access securely.
  • To send transactional emails, including document signing invitations, completion notifications, and account-related communications via Resend.
  • To process payments and manage billing through Paystack.
  • To detect, prevent, and investigate fraudulent activity and security incidents.
  • To comply with our legal obligations, including maintaining signed document audit trails.

We do not use your personal information for marketing purposes without your explicit consent, and we do not use automated decision-making or profiling that produces legal or similarly significant effects.

3. Data Storage

All account data, document metadata, and audit trail information is stored on Supabase infrastructure hosted in the EU region (Frankfurt, Germany), which is compliant with applicable data protection standards. Uploaded PDF documents are stored in Supabase Storage, also in the EU region, with encryption at rest. We apply appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share your data only with the following trusted service providers, and only to the extent necessary to deliver the Service:

  • Supabase — database, authentication, and file storage infrastructure.
  • Resend — transactional email delivery (signing invitations, notifications).
  • Paystack — payment processing and subscription billing.

We may also disclose your information if required to do so by law, or in response to a valid request from a public authority (e.g., a court or government agency).

5. Data Retention

We retain your account data and personal information for as long as your account is active. Upon account deletion, your personal data is retained for a further 90 days before permanent erasure, to allow for error recovery and to fulfil any outstanding legal obligations. Signed PDF documents and their associated audit trails are retained for a period of 7 years from the date of signing to comply with South African legal record-keeping requirements, including obligations under the ECT Act and applicable commercial law. You may request early deletion of your data subject to these retention requirements.

6. Your Rights (POPIA)

Under the Protection of Personal Information Act 4 of 2013 (POPIA), you have the following rights regarding your personal information:

  • Right of access: you may request a copy of the personal information we hold about you.
  • Right to correction: you may request that we correct any inaccurate or incomplete personal information.
  • Right to deletion: you may request that we delete your personal information, subject to our legal retention obligations.
  • Right to object: you may object to the processing of your personal information in certain circumstances.

To exercise any of these rights, please email us at support@signza.app. We will respond to your request within a reasonable time and in accordance with applicable law.

7. Cookies

SignZA uses a single session cookie solely for the purpose of maintaining your authenticated session while you are logged in. This cookie is essential to the functioning of the Service and cannot be disabled without also disabling your ability to use your account. We do not use tracking cookies, advertising cookies, or any third-party analytics cookies. We do not use any third-party tracking scripts or analytics platforms. Your browsing activity on SignZA is not monitored or shared with advertising networks.

8. Contact

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal information, please contact our Information Officer:

Grey Matter Consulting (Pty) Ltd
Registration No. 2020/255888/07
Email: support@signza.app