Privacy Policy

The following Pricy Policy last updated on March 16, 2020.

This Privacy Policy constitutes an agreement between the Service Provider and the Customer and is incorporated into and governed by the Terms of Service. Privacy Policy describes what information we collect and use about you and what information is shared with the third parties. Protecting the privacy and integrity of your personal data is our top priority.

Information we may collect about you

We collect different types of information in order to provide you with the Services in a reliable and secure manner.

  • Your account information — When you use the Services, we collect and associate with your User Account the information you provide us like your first and last names, email address, mobile phone number, personal code, address, credit card and/or other billing information. We are acting as a Data Controller for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).
  • Your uploaded data (Customer Data) — In order to provide the Services, we store, process and transmit your uploaded documents and information related to them. This data is processed solely in accordance with the directions provided by you (Customer or User). We are acting as a Data Processor for this information. All this information is stored and processed within the European Union/European Economic Area (EU/EEA).
  • Your usage information — We collect information related to how you use the Services. We may collect information like IP addresses, the type of browser, device, the operating system you use, the actions you take when using our Services. We use this information to improve our Services, develop new products, features, and functionality, and ensure the security of your account and your data. Should this purpose require us to process Customer Data, the data will only be used in anonymized or aggregated form. We may also use third-party tools to collect information regarding visitor behaviour and visitor demographics on our Services. For further details see Analytics section. We are acting as a Data Controller for this information.
  • Other information — We may receive information about you, incl. Your Personal Data, from third parties we are working closely with (like Qualified Trust Service Providers, other Service Providers integrated into our Services, business partners, subcontractors, payment service providers, credit rating agencies). We will treat this information as Personal Data in accordance with this Privacy Policy. We are acting as a Data Controller for this information.

Disclosure of your information

We do not share any personal information with third parties unless one of the following circumstances applies:

  • With your consent — We will only share your personal information when we have your consent.
  • With Account Administrators — In case your User Account is managed for you by an Account Administrator, this Account Administrator will have full access to your User Account. Account Administrator is able to access all your uploaded data (Customer Data), suspend or terminate your User Account access and obtain your usage information.
  • For external processing — We may provide the Personal Data to our trusted business partners to process it for us, based on our instructions and in compliance with this Privacy Policy.
  • Lawful requests — We may disclose the Personal Data when we have a good belief that access, use, preservation or disclosure of such information is necessary to:
    • satisfy any applicable law, regulation, legal process or enforceable governmental request;
    • satisfy applicable laws specially subject to financial entities that have additional obligations for audits;
    • enforce our Terms of Service, including investigations of potential violations;
    • protect against imminent harm to our rights, property or safety, or that of our users or public as required or permitted by law.
  • Business transfers — We may share and/or transfer your Personal Data if we become involved in any merger, acquisition, reorganization, sale of assets, bankruptcy.

Information Security

All our Services have been designed from the ground up to be secure.

We have implemented an Information Security Management System (ISMS) according to ISO/IEC 27001 which covers a variety of privacy and security policies, processes and procedures, including administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity and availability of your Personal and Customer Data.

Our ISMS is being audited every year and is certified by a accredited auditors with certification scope of "online e-signing and e-identification services and custom software development, delivery and provision".

Services are provided through 256-bit encryption TLS connection. All data is stored in data centres that comply with ISO 27001, ISO 27017, ISO 27018 and PCI DSS Level 1 standards. All Customer Data is encrypted using AES-256 encryption algorithm.

Retention Policy

Once you delete your User Account from the Services, the content (Customer Data) is deleted within 30 days of the date of closure. Your account information and billing information is retained for a period of 10 years in accordance with the Lithuanian accounting and taxation laws.

Data Processor

You’re acting as a Data Controller for your uploaded data (Customer Data) that contains Personal Data. We are not responsible for any Personal Data stored at the discretion of our Customers, including but not limited to Address Book entries, Invitations or Documents.

We are neither responsible for the manner in which our Customers collect, handle, disclose, distribute nor otherwise processes such data.

The terms for such data processing are defined in the Data Processing Agreement.


We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile.

We use Google Analytics and Amplitude Analytics to analyse the use of our website, Document Signing Portal and our mobile apps.

For further details, please see the ‘About Hotjar’ section on Hotjar’s support site.

For more information about Amplitude’s privacy practices, see Amplitude’s Privacy Notice.

For more information about Google Analytics, see Google’s Privacy Policy.

Use of Cookies

Cookies are a small piece of information saved in your browser storage. They are used to improve the customer experience in pages and help third-party services to work properly. We use cookies in all our Services. We only store anonymous identifiers and other preferences, so your personal data is not stored.
We use three types of cookies:

  • Essential cookies — essential in provision of Services. These cookies ensure that information and services are delivered securely and optimally.
  • Performance cookies — to monitor visitor behaviour and help us improve our information and services.
  • Functionality cookies — to help improve your experience by providing a more personalised service. Those cookies remember choices, for example, language, preferred login option etc.

Description of cookies

URL Name Purpose Expiration Type _utma, _utmb, _utmz For the collection of information on visits to the website. 2 years Performance cookies _ga, _gat, _gat_UA-2907053-48, _gid For the collection of information on visits to the website. Used by Google Analytics. 2 years
_gid, _gat - 1 day
Performance cookies gtm_auth, gtm_debug, gtm_preview, _dc_gtm_ A technical solution for managing the tracking codes detailed on this page. Used by Google Tag Manager. When browser session ends Functionality cookies accept_cookies For the recording of the client’s consent with this Privacy and Cookie Policy. 90 days Functionality cookies o365_banner For the collection of information on visits to the website. 30 days Functionality cookies sessionid Required to allow a user to stay logged in the Services. The cookie is deleted when you close your web browser Essential cookies user_preferences User preferred options like language, country and last used eID. 12 months Functionality cookies _hjClosedSurveyInvites Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown. 12 months Performance cookies _hjDonePolls Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in. 12 months Performance cookies _hjMinimizedPolls Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site. 12 months Performance cookies _hjDoneTestersWidgets Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in. 12 months Performance cookies _hjIncludedInSample Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels. 12 months Performance cookies _hjShownFeedbackMessage This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show. 12 months Performance cookies _hjid Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 12 months Performance cookies _hjRecordingLastActivity This should be found in sessionStorage (as opposed to cookies). This gets updated when a visitor recording starts and when data is sent through the WebSocket (the visitor performs an action that Hotjar records). Session Performance cookies hjTLDTest When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed. Session Performance cookies _hjUserAttributesHash User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated. Session Performance cookies _hjCachedUserAttributes This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool. Session Performance cookies _hjLocalStorageTest This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms. N/A Performance cookies amplitude_id_* This allows Amplitude to collect information about your usage of our Services. Unlimited Performance cookies

Your rights

Under the GDPR regulation, data subjects have the following rights:

  • the right to access personal data held about them;
  • the right to object to processing (for example, direct marketing);
  • the right to data portability;
  • the right to complain about processing carried out by the data controller;
  • the right to object to automated decision making;
  • the right for the personal data being updated;
  • the right to be forgotten.

You may exercise any of your rights in relation to your personal data by contacting our Data Protection Officer by email at

Changes and Updates

We may revise this Privacy Policy from time to time and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you. We will not reduce your rights under this Privacy Policy without your explicit consent.

Contact us

If you have any questions, concerns or complaints about this Privacy Policy, you may contact our Data Protection Officer by email at