Privacy Policy

This Privacy Policy document contains types of information that is collected by SecretSign and how we use it. If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us.

1. Your Data

In SecretSign, your data is either end-to-end encrypted, server-side encrypted, or stored as plaintext, depending on the type of data and its purpose. The following list describes the types of data that might be important to your, along with their corresponding encryption rules.

End-to-end encrypted

The following data is encrypted on your device before uploading to the server. No one, even us, can decrypt the contents without the encryption key. Please note that if you enable the option to share the decryption key via the server, we can technically decrypt your files.

• Signing files
• Signatories' names
• Siginig data in protected header (i.e. certificates, name)

Server-side encrypted

The following data is encrypted on the server-side using our symmetric keys and securely stored in the database. Please note that our servers or third-party services can read the decrypted contents if necessary.

• Signatories' email address
• Title for signature request
• Session (or device)'s name

Plaintext

The following data is stored as plaintext in the database.

• Your email address linked to your account
• The time and ip address when you loggged in or added a device

2. Third-party services

To provide the services, we rely on third-party services, which process different categories of data. Details of each services' purpose, data center location, and its URL are as follow:

Vultr

• Purpose: SecretSign's api server
• Location: Singapore
• URL: https://www.vultr.com/

TiDB Serverless

• Purpose: SecretSign's database
• Location: Singapore
• URL: https://www.pingcap.com/tidb-serverless/

Stripe

• Purpose: Processing of payment data
• Location: United States
• URL: https://stripe.com/

CloudFlare R2

• Purpose: Storing signing files
• Location: Asia-Pacific
• URL: https://www.cloudflare.com/developer-platform/r2/

AWS SES

• Purpose: Sending transactional emails
• Location: Asia-Pacific
• URL: https://aws.amazon.com/ses/

3. Data disclosure

We may disclose your files, account information, and other usage data if we are legally required to do so by Japanese authorities. However, as long as you do not enable the option to share the decryption key via the server, only you will be able to decrypt the disclosed files and other metadata that are end-to-end encrypted. Please note that some data, such as your account email, is stored as plaintext. Refer to "1. Your Data" to find out which data is end-to-end encrypted and which is not.

4. Consent and Modifications to Privacy Policy

By using our website, you hereby consent to our Privacy Policy and agree to its terms. Within the limits of applicable law, the company reserves the right to review and change this Privacy Policy at any time. As long as you are using the services, you are responsible for regularly reviewing this Privacy Policy. Continued use of the services after such changes have been made shall constitute your consent to them.