Skip to main content
Certyneo

Privacy Policy

Last updated: 14 April 2026

1. Data Controller

The data controller for information collected via the Certyneo platform is Certyneo SAS, with registered office at 7 rue du Faubourg Saint-Honoré, 75008 Paris, France, registered with the Paris Commercial Court under number 930 253 148. For any questions about your personal data, please contact us at privacy@certyneo.com.

2. Data Collected

We collect data you provide directly to us (name, surname, email, hashed password, job title, company, telephone number), documents you upload for signature purposes, and technical metadata necessary for the Service to function (IP address, user-agent, timestamp, session identifiers).

3. Processing Purposes

Your data is processed for: (i) providing and operating the electronic signature service, (ii) ensuring the probative value of issued signatures, (iii) billing your subscription, (iv) ensuring the security of the platform and preventing fraud, (v) sending you communications relating to the Service, and (vi) meeting our legal and regulatory obligations.

4. Legal Basis

Processing is based on contract performance (Article 6(1)(b) GDPR), compliance with legal obligations (Article 6(1)(c)), and our legitimate interest in securing our Service (Article 6(1)(f)). No commercial prospecting processing is carried out without your prior explicit consent.

5. Recipients

Your data is accessible to our technical and support teams who are authorised to access it, as well as to our current subprocessors: hosting provider (IONOS, European Union), transactional email service (Resend) and SMS OTP service (Twilio Verify). All our subprocessors are bound by contract and provide sufficient security guarantees. An up-to-date list is available upon request at privacy@certyneo.com.

6. Hosting and Location

Your data is hosted exclusively on servers located within the European Union (Germany). No personal data is transferred outside the EU without appropriate safeguards (European Commission Standard Contractual Clauses).

7. Retention Period

Your account data is retained as long as you are a Service user. Signed documents and their audit proof are retained for 10 years after signature, in accordance with eIDAS regulation and Civil Code requirements. Technical data (logs) are retained for a maximum of 12 months.

8. Your Rights

In accordance with GDPR, you have the right to access, rectify, erase, restrict, port and object to processing of your data. You can exercise these rights from your dashboard or by writing to privacy@certyneo.com. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

8.bis Data Protection Officer (DPO)

Certyneo relies on an externalised shared DPO via the DPO-Consulting firm. You can contact them at dpo@certyneo.com for any questions regarding your personal data, and lodge a complaint with the CNIL (3, place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07) if your request remains unanswered. A declaration to the CNIL in the DPO register has been made as part of our GDPR compliance framework.

9. Security

We implement the following technical and organisational measures to protect your data: TLS 1.3 encryption for all communications (Caddy 2 + Let's Encrypt), scrypt hashing with salt and timing-safe comparison for user passwords, single-use Twilio Verify OTP for advanced signatures, single-use email verification and password reset tokens with short validity (1 hour), rate limiting by plan on sensitive endpoints, timestamped logging of every stage in an envelope's lifecycle (audit log), object storage with versioning enabled on signed documents, restricted administrator access to data. A detailed list of our security practices is available on the /security page.

10. Cookies and other

We use only strictly necessary cookies for the Service to function (session management, language preferences, CSRF protection). No third-party audience measurement or advertising cookies are set without your explicit consent.

11. Changes

This policy may evolve to reflect changes to our Service or applicable regulations. Any substantial modification will be notified to you by email. The date of last update appears at the top of this page.

For any questions regarding your personal data, contact our Data Protection Officer at privacy@certyneo.com.