Trust is the key to our product
Everything we do is in order to maximise trust
We aim to hold the minimum amount of information required to allow us to provide our services
We never release, copy-to, or otherwise provide your information to any third party unless absolutely required to to provide our service to you, or by New Zealand law or that of another state with jurisdiction
Any person about which we hold information has the absolute right to ask us to amend, modify, or permanently erase their information. We will comply with their request as soon as possible
Personal information we hold
Prior to 8:00am 4 October 2020 UTC
We store email addresses for document creators, referred to as editors. Editors' email addresses are used to identify the editor and provide their information when requested by the app
We also store email addresses for signatories when a document Editor chooses Single Signature. Editors provide the signatory's email address along with any request for a signature. We use this email address to notify the signatory that a signature has been requested, and as a unique identifier to provide the correct information
Long term, we store these email addresses in an encrypted, unreadable format with the hash of the document that was signed. Being encrypted, they can not be read. When a document is verified, they are decrypted and presented along with the signature's time stamp as credence for the verification - you can see that the details match the document being verified
We temporarily store full names of signatories when a document Editor chooses Single Signature. Editors provide a full name along with any request for a signature. This name is appended to the signature that is eventually created
After 8:00AM 4 October 2020 UTC
No private information is held long-term under normal circumstances
Where information is required to be stored long-term, that information is placed in Forms and/or Sheets owned by the user.
Where "Email them for me" is chosen, we send an invitation email on behalf of the person requesting the signature. This is a core element of the product as it ensures that only the intended recipient can sign by virtue of their control of the destination email address.
The invitation email (sent to the signatory) and email confirmation of completed signing (sent to the person requesting the signature) are "trashed" immediately but remain in our system for 30 days. This is to allow us to alert the person requesting the signature that the invitation email was rejected or the recipient address does not exist or other similar matters (delivery troubleshooting).
Those emails are only used for those and materially similar purposes. After 30 days they are erased permanently.
Multiple Signatures (Classic) - signature image and metadata - sporadically
Multiple Signatures (Classic) may store signature images and associated metadata (possibly name and or email, or other details as generated by the signatory) temporarily when there's a problem adding them to their respective Sheets.
Any such records are deleted periodically by us. The owner of these records can use "Dashboard" functions to delete them also.
Update 27 July 2021: We want to clarify Single Signatures. "No private information is held under normal circumstances" has been updated to "No private information is held long-term under normal circumstances". The "Single Signatures" subheading and content has been added. Summary of changes: We temporarily hold signatory details in order to provide the core invitation delivery and troubleshooting service.
How long information is held for
Prior to 8:00am 4 October 2020 UTC
Editor email addresses
Human-readable Editors' email address are held until the editor requests that it is deleted. We also periodically delete inactive records without notice. If an Editor's record is deleted and they return, a new record is created for them
We keep this human-readable to allow quicker support and troubleshooting if required
Only the Director of Gigaccounting Ltd is able to see these addresses
Signatories' names and email addresses
Human-readable details are collected when provided by the Editor on requesting a signature using the Single Signature product
No signatory details are held for the Multiple Signatures product - we do however maintain a "bot" account which can read the Form's Response Sheet, including responses and signatory details. This is to enable us to re-verify any previous signature. The "bot" account is unmanned and only accessible by the Director of Gigaccounting Ltd. if absolutely required
As above, these are kept human-readable to allow quicker support and troubleshooting
When the Single Signature has been completed
we permanently delete the name
we store an encrypted (unreadable) copy of the email address against the hash of the signature
When an Editor cancels a signature request, both the name and email address are permanently deleted
In these cases, the deletions and encryption are done immediately by the program
After 8:00AM 4 October 2020 UTC
Where "Email them for me" is chosen, we send an invitation email on behalf of the person requesting the signature. This is "trashed" immediately but remains in our system for 30 days to allow for delivery troubleshooting and alerting.
Multiple Signatures (Classic) - signature image and metadata
Any stored information is deleted at times determined by us. Typically, we review the stored records every two months.
Update 27 July 2021: Clarifying Single Signatures. "Single Signatures" subheading and content added. Summary of changes: We temporarily hold signatory details in order to provide the core invitation delivery and troubleshooting service.
Where is information held
We store all data in Google products, so information is stored in Google servers internationally
We are absolutely confident in Google's data privacy policies
Any data is stored in an account that can be accessed only by the Director of Gigaccounting Ltd.
For signatures made with the Multiple Signatures products, we maintain access to data via a "bot" account. The data is owned by, and stored with the Form's Editor's Google products
Who has access
In normal circumstances, no person will view personal information
Where it is necessary for a manual change to be made, for instance if you ask us to delete your information, this will be done by the Director of Gigaccounting Ltd.
The Director will also be the person who liaises with you about the manual change
A legitimate legal authority who has jurisdiction over us or you may also demand information. We will comply to the extent we are required to
We use Stripe to process payments
When you purchase more signatures, we provide Stripe your email address. This is to ensure that when payment is made, the purchased signatures can be applied to your account. We don't provide any other personal details to Stripe
Similarly, Stripe don't provide us any personal information other than the email address we provided them. We never see anything to do with your credit card
Amend or delete
Any person about which we hold information has the absolute right to ask us to amend or delete their information, and we will comply with their requests as soon as possible
We use email addresses as true identities. You simply need to email us from the account about which the change is regarding