GDPR Compliance

1. Our role

For the directory and signature data you manage, Instant Signer acts as a data processor and you are the data controller. For account and billing information we collect directly, we act as a data controller.

2. Data Processing Agreement

We offer a Data Processing Agreement (DPA) that incorporates the Standard Contractual Clauses for international transfers. You can review it on our DPA page or request a signed copy.

3. Lawful processing

We process personal data only on documented instructions from you, for the purpose of providing the Services, and on the legal bases described in our Privacy Policy.

4. Data subject rights

We provide tools and support to help you respond to data subject requests, including access, rectification, erasure, restriction, portability, and objection. Requests relating to data we control can be sent to privacy@instantsigner.com.

5. Security measures

We apply appropriate technical and organizational measures, including encryption, access controls, and audit logging, as outlined on our Security page.

6. Sub-processors

We use a limited set of vetted sub-processors, listed on our Sub-processors page, and impose data protection obligations on each by contract.

7. International transfers

Where data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses and supplementary measures, and we offer regional data residency options where available.

8. Data breach notification

In the event of a personal data breach affecting your data, we will notify you without undue delay and provide the information you need to meet your own notification obligations.

9. Contact

For GDPR inquiries, email privacy@instantsigner.com.