Privacy Policy

Last updated: April 1, 2026

1. Data Controller

The data controller is zipzipdoc. Contact: privacy@zipzipdoc.com.

2. Data We Collect

We process the following categories of personal data:

• Registration data: name, email address, password (hashed)
• Document data: uploaded documents, signatures, document metadata
• Technical data: IP address, browser type, device information
• Payment data: processed through Stripe (we do not store card numbers)

3. Purpose of Processing

We process personal data to provide the electronic signing service, manage accounts, process payments, communicate with Users, and fulfill legal obligations.

4. Legal Basis

Processing is based on contract performance (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR), and legal obligations (Art. 6(1)(c) GDPR).

5. Data Retention

We retain personal data for the duration of the account and 30 days after its deletion. Documents and signatures are retained for the period required by applicable laws (minimum 10 years for signed documents).

6. Your Rights

You have the right to access, rectify, erase, restrict processing, data portability, and object to processing. To exercise your rights, contact us at privacy@zipzipdoc.com.

7. Security

We use encryption in transit (TLS) and at rest, regular security audits, and strict access controls to protect your data.