Is Signority Inc. subject to data protection legislation and regulation?
Yes. Signority Inc. is subject to the federal Personal Information Protection and Electronic Documents Act (PIPEDA). We are currently not subject to the European Union (EU) General Data Protection Regulation (GDPR); however, we use some of the related best practices, such as the use of Data Processing Agreements (DPA), for the protection of data.
Is Signority Inc. compliant with PIPEDA?
Yes. Signority is fully compliant with all privacy legislation governed federally under PIPEDA including data residency requirements.
Is the Signority eSignature Platform compliant with PIPEDA?
The Signority eSignature Platform supports customers in being PIPEDA compliant if the customer takes the proper care and precautions in managing its data and information. So while Signority can not provide a PIPEDA compliance certificate, since there exists no-no legislative technology certification program, our Platform supports the requirements identified within PIPEDA.
Is Signority Inc. compliant with provincial healthcare legislation?
Yes. Signority supports its customers to achieve compliance with provincial healthcare privacy legislation such as Ontario’s Personal Health Information Protection Act (PHIPA).
Does the Signority eSignature Platform require the transmission of sensitive business or personal information outside of Canada on a routine basis to function?
No. However, a user may send an eSign invitation to recipients outside of Canada.
How does Signority comply with applicable privacy related data protection legislation?
The purposes for which Signority collects personal information will be identified at or before the time the information is collected. The collection of personal information will be limited to that which is strictly necessary for those identified purposes. Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. The knowledge and consent of individuals are required for the collection, use, disclosure, and deletion of personal information, except when inappropriate. We will minimize the long-term collection and storage of information to that which is strictly necessary for the purpose(s) for which the information was initially collected.
Does Signority share customer data with sub processors? Where are these located?
Yes. Signority uses subprocessors when customers require optional services such as email, texting, notary, and payment services. We will only share limited, high-level customer information with our subprocessors with a prior written agreement.
SendGrid (www.sendgrid.com), used for optional email services, is based in the United States (USA).
Twilio (www.twilio.com), used for optional texting (SMS) services, is based in the United States (USA).
GlobalSign DSS (www.globalsign.com), used for optional digital signatures, is based in the United States (USA).
Stripe (www.stripe.com), used for payment gateway services, is based in the United States (USA). No customer payment data is captured by Signority, but rather is provided securely to Stripe for payment authorization. Both Signority and Stripe are PCI DSS compliant.
Does Signority Inc. use customer data for marketing or other purposes?
No. We will not share customer data with advertising services, nor will we data-mine it for marketing research or advertising.