Legal

Privacy Policy

Last updated: 2026-05-20.

DigiSign (“DigiSign”, “we”, “us”) respects your privacy. This Privacy Policy explains how we collect, use, store, and share personal information when you use our marketing website, our electronic signing service, and when you contact us. This policy is intended to meet our transparency obligations under the Privacy Act 2020 (New Zealand), including Information Privacy Principle 3 (open collection) and related principles. If you have questions, contact us using the details under Who we are.

Who we are

DigiSign is a New Zealand-based service (Auckland, New Zealand). For privacy requests and questions about this policy, contact us at digisign@outlook.co.nz.

Scope of this policy

This policy applies to:

  • Visitors to our public website (including pages such as pricing, resources, and how it works).
  • People who create a DigiSign account and use the app to send documents for signature.
  • Signers who receive a link to review and sign a PDF using DigiSign, including people who do not register for an account.

What personal information we collect

“Personal information” means information about an identifiable individual. Depending on how you use DigiSign, we may collect:

  • Account details: for example your name and email address, and authentication data processed by our identity provider (such as a password login handled by our supplier, or basic profile details if you choose “Sign in with Google”).
  • Signing workflow details: signer names and email addresses you (or your organisation) provide so we can send signing invitations in sequence; the PDF or document you upload; placement of signature fields; signature and completion data applied to the document; and technical identifiers needed to operate secure signing links.
  • Payment-related information: when you subscribe to a paid plan, our payment provider processes billing details. We typically receive identifiers and subscription status from that provider (for example customer or subscription identifiers linked to your account) rather than storing your full card number ourselves.
  • Support communications: information you include when you email us (such as your email address and the content of your message).
  • Technical information: for example session cookies that keep you logged in when you use the service, and limited server or application log information (which may include IP address, timestamps, and browser type) to operate and protect the service.

When an account holder enters personal information about another person (for example a signer’s name and email), that account holder is responsible for ensuring they are allowed to share that information with us. We process it only to provide the signing service they have requested, consistent with the Privacy Act 2020 (including Principle 3A, which deals with collection about an individual from someone else).

Why we collect personal information and how we use it

We collect and use personal information for purposes that include:

  • Providing, operating, and improving DigiSign (including uploading agreements, ordering signers, sending notifications, and producing signed PDFs).
  • Creating and securing user accounts and sessions.
  • Processing or confirming subscriptions and plan changes through our payment provider.
  • Communicating with you about the service, security alerts, and support enquiries.
  • Protecting the security and integrity of the service, detecting abuse, and meeting legal obligations.

We do not sell your personal information. We do not use personal information for direct marketing unless we specifically introduce it later with a clear opt-in or other lawful basis and update this policy.

Whether you must provide information

If you wish to use DigiSign as a sender, you need to provide certain account and workflow information (such as email and signer details). If you do not, we may not be able to provide the service. Signers must provide the information requested in the signing experience to apply their signature. Where collection is authorised or required by law, we will identify that when we collect the information.

Cookies and similar technologies

We use cookies and similar storage that are necessary for authentication and session management when you use the logged-in parts of the service (for example to keep you signed in securely). At the time this policy was published, we do not run Google Analytics or similar advertising analytics cookies on this site; if we add analytics or non-essential cookies in future, we will update this policy and, where required, adjust consent or settings accordingly.

Who we share personal information with (subprocessors)

We share personal information with trusted service providers who help us run DigiSign, only to the extent needed for their role. These may include:

  • Supabase (database, authentication, storage, and related functions) — for hosting application data, documents, and identity services.
  • Stripe — for payment processing, billing portal, and related subscription status when you purchase a paid plan.
  • Hosting and infrastructure providers (for example the platform that runs our website and API) — for deployment, scaling, and operational logs.
  • Email and identity providers — for example transactional email used in authentication and signing notifications, and Google if you choose Google sign-in.
  • Microsoft (Outlook) — for messages sent to digisign@outlook.co.nz, which may be stored in your mailbox according to Microsoft’s terms.

Where we disclose information to a subcontractor, we expect them to use it only for the purpose we specify and to apply appropriate security measures. Some vendors publish their own privacy policies and data processing terms on their websites.

Storage and disclosure outside New Zealand

DigiSign is operated from New Zealand, but our suppliers may process or store personal information on servers outside New Zealand (for example where a cloud region or payment network is based). Where we disclose personal information to an overseas person or entity, we comply with the Privacy Act 2020 as it relates to overseas disclosures (including Information Privacy Principle 12), including by using reputable suppliers and appropriate contractual or technical safeguards where applicable. If we disclose information overseas in circumstances where comparable protection may not apply, we will ensure we are permitted to do so under the Act (for example with your informed consent where required).

Security

We take reasonable steps to protect personal information from loss, misuse, unauthorised access, or disclosure. These steps include technical and organisational measures appropriate to the sensitivity of the information (such as encryption in transit for connections to our service, access controls, and secure handling of signing links). No online service can guarantee absolute security; you should also protect your password and devices.

Retention

We retain personal information for as long as needed to provide the service, comply with law, resolve disputes, and enforce our agreements. Retention periods for specific data types may depend on your subscription, how you use the product, and backups. When information is no longer required, we will delete or anonymise it subject to any longer retention that applies by law or for legitimate business continuity (for example secure backups for a reasonable period). For deletion requests, contact us using the details below.

Access and correction

Under the Privacy Act 2020, you may request access to personal information we hold about you, and ask us to correct it if it is inaccurate. To make a request, email digisign@outlook.co.nz with enough detail for us to identify you and the information. We will respond within a reasonable time. In some cases the law allows us to withhold access (for example where it would unreasonably breach another person’s privacy); if we do, we will explain the reason where we are permitted to.

Complaints

If you believe we have breached the Privacy Act 2020 or mishandled your personal information, please contact us first at digisign@outlook.co.nz so we can try to resolve the matter. You may also complain to the Office of the Privacy Commissioner (New Zealand). Information about making a complaint is available at https://www.privacy.org.nz/.

Privacy breaches

If we become aware of a privacy breach that is notifiable under Part 6 of the Privacy Act 2020 (that is, a breach that has caused or is likely to cause serious harm to affected individuals), we will comply with our legal obligations, which may include notifying the Office of the Privacy Commissioner and affected individuals as soon as practicable in accordance with the Act.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date at the top of this page and, where the changes are material, make reasonable efforts to draw them to your attention (for example by posting a notice on our website or contacting account holders). Continued use of the service after the effective date may be subject to the updated policy.

Questions about this policy: digisign@outlook.co.nz

← Back to Resources