Privacy Policy

Last updated: January 24, 2026

This Privacy Policy explains how XSIGI (the “Service”, “we”, “us”) collects, uses, retains, and protects your information. It reflects our privacy‑by‑design approach: we seek to minimize data, process only what’s necessary, and retain only what’s required to provide cryptographic verification and comply with law.

1) What We Collect

  • Account data: Basic identifiers (e.g., name, email), authentication artifacts (e.g., WebAuthn public keys, passkey handles), and preferences.
  • Operational data: Audit entries (timestamps, user ID, event type, IP where applicable), rate‑limiting identifiers, and device/browser metadata necessary for security.
  • Cryptographic evidence: Document hashes, signature hashes, public key IDs, and related metadata to enable later verification. We do not permanently store your documents.
  • Payment/billing data (if applicable): Processed by our payment provider; we store minimal references needed for accounting and fraud prevention.

2) How We Use Information

  • Provide, secure, and improve the Service.
  • Facilitate cryptographic signing, verification, and auditability.
  • Prevent fraud and abuse, enforce Terms, and comply with legal obligations.
  • Communicate with you about the Service, features, and updates (where permitted).

3) Data Minimization and Storage

  • Secure document storage: Documents stored in XSIGI are encrypted at rest and protected with access controls. You retain control over your stored documents.
  • Immutable evidence: We retain minimal non‑content records (hashes, key IDs, timestamps, audit entries) required for future verification and compliance.
  • Backups and logs: Limited operational logs and backups may persist up to ~90 days for reliability and security, then are pruned.

4) Retention

  • Evidence records are typically retained for 5–7 years, or longer where required by law, regulation, or legal hold.
  • Signature records are retained indefinitely. All signatures are cryptographically anchored to the blockchain, making deletion or modification technically impossible. This permanence ensures the long-term verifiability and legal validity of signed documents.
  • Account data is retained while your account is active. Upon deletion, we remove personal data subject to a 30‑day cooling‑off period. Signature records cannot be deleted as they are permanently anchored to the blockchain. Other evidence records necessary for verification may be retained to the extent permitted by law.
  • If a legal hold applies, relevant records may be preserved until the hold is lifted.

5) Permanent Signature Records

Signature records created through XSIGI are permanent and cannot be deleted.

  • Immutability by design: All signature records (including signature hashes, timestamps, and verification metadata) are permanently stored and cannot be removed, modified, or suppressed by any party.
  • No search or discovery: Signature records are not indexed or searchable. There is no directory, search function, or browsing capability. Records can only be accessed by presenting the exact signature hash or scanning the QR code generated at signing.
  • Hash-based access only: To verify a signature, one must possess the unique cryptographic hash or QR code. Without this information, the signature record cannot be located or accessed.
  • Deletion requests not honored: Due to the immutable nature of signature verification, requests to delete signature records under GDPR "right to erasure" or similar regulations cannot be fulfilled. This exception is necessary to maintain the integrity and legal validity of signed documents.
  • Public verification purpose: This permanent record exists solely to enable any party with the correct hash or QR code to verify the authenticity of a signature, without access to the underlying document content.

By signing documents through XSIGI, you consent to this permanent, tamper-proof record of your signature.

6) Security

  • Transport‑layer encryption (HTTPS) and secure headers (HSTS) to protect data in transit.
  • WebAuthn/passkey support and rate limiting to reduce account takeover and abuse.
  • Least‑privilege access, monitoring, and audit logs to detect and investigate anomalies.
  • Separation of content vs. non‑content data; we avoid storing documents beyond transient processing.

7) Your Rights

  • Access, correct, or delete your personal data subject to legal exceptions.
  • Object to or restrict certain processing where applicable.
  • Portability: request a copy of your data in a portable format where feasible.
  • Withdraw consent where processing is based on consent.

To exercise rights, use the tools in your account or contact us using the methods on our website.

Note: The right to erasure does not apply to permanent signature records as described in Section 5 above.

8) International Transfers

Where data is transferred across borders, we use appropriate safeguards (e.g., standard contractual clauses) as required by applicable law.

9) Children

The Service is not intended for children under the age of 16 (or the age required by your jurisdiction). We do not knowingly collect personal data from children without appropriate consent.

10) Third‑Party Services

We may use third‑party providers for infrastructure, analytics, payments, email, or fraud prevention. Those providers process data on our behalf under appropriate agreements and safeguards.

11) Changes

We may update this Privacy Policy periodically. If we make material changes, we will provide notice as required by law. Your continued use of the Service signifies acceptance of the updated policy.

12) Contact

If you have questions or requests regarding this Privacy Policy or our data practices, please contact us via the contact details on our website.

See also our Terms & Conditions for contractual terms governing use of the Service.

我們重視您的隱私

我們使用必要的 Cookie 以確保網站正常運作。經您同意,我們也會使用可選 Cookie 來提升您的體驗。您可隨時在 中變更選擇。

偵測到 Global Privacy Control 訊號。我們已將您的拒絕設定套用於非必要 Cookie。

隱私權政策