📌 English translation for convenience. The legally binding version of this Privacy Policy is the French version available at signersynthese.fr/confidentialite.html.

Privacy Policy (GDPR)

Last updated: 30 April 2026 — Compliant with EU Regulation 2016/679 (GDPR)

1. Data controller

The data controller is Securit Expert SAS, registered office 12 passage d'Enfer, 75014 Paris, France. Contact: [email protected].

2. Data collected

For the purposes of providing the qualified electronic signature service, we collect:

Identity: first name, last name, photo of identity document, selfie
Contact: email address, mobile phone number
Optional: company name (for invoicing)
Document: PDF summary uploaded for signature
Payment: handled by Stripe Payments Europe Ltd; we do not store card details
Technical: IP address, browser, session timestamp (Cloudflare logs)

3. Legal basis

Performance of a contract (GDPR Art. 6.1.b): identity, contact, document, payment
Legal obligation (GDPR Art. 6.1.c): retention of signature evidence for 10 years (Civil Code Art. 1366)
Legitimate interest (GDPR Art. 6.1.f): security logs, fraud prevention

4. Recipients

Your data is shared with the following sub-processors strictly for the performance of the service:

Cryptolog International (Universign) — qualified electronic signature, PVID identity verification
Stripe Payments Europe Ltd — payment processing
Railway Corp. — application hosting (Amsterdam, EU)
Cloudflare, Inc. — CDN and DDoS protection
SendGrid (Twilio Inc.) — transactional email delivery

Your data is NEVER sold or transferred to third parties for marketing purposes.

5. Retention periods

Identity documents (photos): deleted by Universign after 30 days
Uploaded PDF: deleted from our servers after 30 days
Signed PDF (with cryptographic signature): retained 10 years (legal evidence)
Account/order data: 5 years after last activity (commercial obligations)
Server logs: 12 months

6. Data transfers

All processing takes place within the European Union (Amsterdam). Cloudflare may process technical data outside the EU under Standard Contractual Clauses validated by the European Commission.

7. Your rights

Under the GDPR, you have the following rights:

Right of access: obtain a copy of your data
Right to rectification: correct inaccurate data
Right to erasure ("right to be forgotten"): under conditions defined by law
Right to restriction of processing
Right to data portability
Right to object
Right to lodge a complaint with the CNIL (French data protection authority): www.cnil.fr

To exercise your rights, write to [email protected] with proof of identity. We respond within 30 days maximum.

8. Cookies

We use a minimal set of essential cookies:

Session: maintains your signature journey state (essential, no consent required)
Cloudflare: security and DDoS protection (essential)
Cloudflare Web Analytics: anonymous traffic analytics, no personal data, no cross-site tracking
preferredLang: stores your language preference (FR/EN), 1 year

We do NOT use Google Analytics, Facebook Pixel, or any advertising cookie.

9. Security

End-to-end SSL/TLS encryption (256-bit, TLS 1.2+)
Strict security headers (HSTS, CSP, X-Frame-Options)
EU hosting with strict access controls
Regular security audits
Automatic deletion of identity documents after the legal retention period

10. Data Protection Officer

For any GDPR question: [email protected]