Enpeo Sign Logo
Enpeo Sign

Privacy Policy

Last updated: April 2026

1. Introduction

Enpeo Sign ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our electronic signature and document services.

2. Information We Collect

We may collect information about you in a variety of ways, including:

  • Personal Data: Name, email address, account identifiers, and billing-related details where you purchase a subscription. When you use signing links or complete actions on our platform, we may collect network identifiers such as IP addresses (for example, as observed by our servers when you submit a signature or related audit metadata) where needed for security, fraud prevention, and audit integrity.
  • Document Data: The contents of documents you upload for signature, signer names and email addresses you add to an envelope, and related workflow data. We use encryption for sensitive fields where applicable to help protect your documents and signer details.
  • Electronic signature and audit trail data: To support legally defensible electronic signatures and unalterable audit trails, we collect and retain technical and procedural records associated with signing, including without limitation: date and time stamps (such as when a document was completed, when each signer signed, when consent was recorded, and when an audit certificate was generated), IP addresses where captured at the time of signing or related server requests, authentication-related information (such as whether signing occurred via a unique email invitation link, whether an authenticated browser session was present, and the sign-in method where applicable), document identifiers, document hashes (for example cryptographic hashes of signed files), and status fields. This data may appear on audit trail certificates and in our systems for dispute resolution, compliance, and service integrity.
  • Usage Data: Information about how you use our Service, such as access times, features used, and the routes by which you access our Service.
  • Cookies and similar technologies: See Section 4.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain our Service.
  • Facilitate the electronic signing process, maintain an integrity-preserving audit trail, and generate audit certificates that document who signed, when, under what authentication context, and (where captured) from which network endpoint, together with document identification and hashing information. These uses support the evidentiary value of signatures under applicable laws (such as the Electronic Communications and Transactions Act, 2002 in South Africa) and similar frameworks, subject to their requirements.
  • Send administrative information, such as updates, security alerts, and support messages.
  • Comply with legal obligations, including the Protection of Personal Information Act (POPIA), where applicable.

We process audit trail and certificate-related data for the purposes above and do not use that category of data for unrelated marketing profiling.

4. Cookies and Similar Technologies

We and our service providers may use cookies, local storage, and similar technologies to run the Service (for example, to keep you signed in, remember preferences, or maintain UI state), and for security and performance.

Where we or third parties use cookies or pixels for analytics, advertising, or non-essential tracking, we will describe those technologies in this Policy and, where required by law (including GDPR and ePrivacy-style rules), obtain your consent before they are set or read, typically through a cookie or consent banner on our website. You can control many cookies through your browser settings; blocking strictly necessary cookies may affect how the Service functions.

If we introduce new analytics or marketing partners, we will update this section and our consent mechanisms accordingly.

5. Business Customers, End Users, and Data Processing

Many of our customers are organisations or businesses that use Enpeo Sign to send documents to their own clients, employees, or counterparties. In those situations:

  • The business customer (for example, your employer or the organisation that sent you a document) typically decides why and how personal data in that envelope is processed, and is often the data controller (or equivalent) for that processing.
  • Enpeo Sign typically acts as a data processor (or service provider) on behalf of that customer, processing personal data only under their instructions and this Policy, to provide the Service and associated audit and security features.
  • If you are an end signer who received a link from a business customer, questions about their purposes, retention, or legal basis should be directed to them in the first instance; we assist as described in this Policy and applicable law.

For business customers subject to the GDPR or similar laws, processing of personal data on their behalf is supported by our Data Processing Agreement (DPA), which sets out our obligations as processor (including confidentiality, security measures, subprocessors where applicable, and assistance with data subject requests as agreed). Enterprise or organisational customers may request a copy of the DPA by contacting us below.

6. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

7. Sharing Your Information

We do not sell, trade, or rent your personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers where permitted. We use subprocessors (such as cloud hosting, email delivery, and payment providers) to operate the Service; they process data only as needed to provide their services and under appropriate agreements.

8. Your Rights

Depending on your location, you may have the right to request access to, correction of, or deletion of your personal data. You may also have the right to object to or restrict certain processing of your data. To exercise these rights, please contact us using the information below. If we process data on behalf of a business customer, we may need to forward your request to them where they are the controller.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top of this Privacy Policy.

10. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: contact@enpeosign.co.za.

← Back to Home