Data Processing Agreement

1. Scope of Processing

SignQuick processes personal data solely for the purpose of providing e-signature services as instructed by the data controller (customer). Processing includes document storage, signature capture, signer identification, and audit trail generation.

2. Nature of Processing

Personal data processed includes: signer names, email addresses, IP addresses, browser metadata, signature images, and document content. Processing activities include encryption, secure storage, transmission to authorized recipients, and audit logging.

3. Security Measures

SignQuick implements industry-leading security measures including AES-256-GCM end-to-end encryption, zero-knowledge architecture, TLS 1.3 for data in transit, role-based access controls, and continuous infrastructure monitoring. All encryption keys are derived client-side.

4. Sub-processors

SignQuick engages the following sub-processors for service delivery. Customers are notified of changes to sub-processors at least 30 days in advance. Each sub-processor is bound by contractual data protection obligations.

5. Data Subject Rights

SignQuick assists data controllers in fulfilling data subject requests including access, rectification, erasure, portability, and restriction of processing. Requests are processed within 72 hours of receipt.

6. Data Breach Notification

In the event of a personal data breach, SignQuick will notify the data controller without undue delay and no later than 48 hours after becoming aware of the breach. Notification includes the nature of the breach, affected data categories, and remedial measures taken.

Current Sub-processors