Skip to main content
Certyneo

Privacy Policy

Last updated: 14 April 2026

1. Data Controller

The data controller for information collected via the Certyneo platform is the company Certyneo SAS, whose registered office is located at 7 rue du Faubourg Saint-Honoré, 75008 Paris, France, registered in the Paris Business Register under number 930 253 148. For any questions regarding your personal data, you can contact us at privacy@certyneo.com.

2. Data Collected

We collect data you provide directly to us (name, surname, email, hashed password, job title, company, phone number), documents you upload for signature purposes, and technical metadata necessary for Service operation (IP address, user-agent, timestamp, session identifiers).

3. Processing Purposes

Your data is processed to: (i) provide and operate the electronic signature Service, (ii) ensure the evidentiary value of signatures issued, (iii) bill your subscription, (iv) ensure platform security and prevent fraud, (v) send you communications relating to the Service, and (vi) comply with our legal and regulatory obligations.

4. Legal Basis

Processing is based on contract performance (GDPR article 6.1.b), compliance with legal obligations (article 6.1.c), and our legitimate interest in securing our Service (article 6.1.f). No commercial prospecting is carried out without your prior explicit consent.

5. Recipients

Your data is accessible to our authorised technical and support teams, as well as our current sub-processors: hosting provider (IONOS, European Union), transactional email service (Resend), and SMS OTP service (Twilio Verify). All our sub-processors are contractually bound and provide sufficient security safeguards. The current list is available on request at privacy@certyneo.com.

6. Hosting and Location

Your data is hosted exclusively on servers located within the European Union (Germany). No personal data is transferred outside the EU without appropriate safeguards (Standard Contractual Clauses issued by the European Commission).

7. Retention Period

Your account data is retained as long as you are a user of the Service. Signed documents and their audit evidence are retained for 10 years after signature, in accordance with eIDAS regulation and Civil Code requirements. Technical data (logs) are retained for a maximum of 12 months.

8. Your Rights

In accordance with GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your data. You may exercise these rights from your dashboard or by writing to us at privacy@certyneo.com. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

8.bis Data Protection Officer (DPO)

Certyneo relies on an externalised shared DPO via DPO-Consulting. You may contact them at dpo@certyneo.com for any questions regarding your personal data, and lodge a complaint with the CNIL (3, place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07) if your request remains unanswered. A declaration to the CNIL in the DPO register has been made as part of our GDPR compliance framework.

9. Security

We implement the following technical and organisational measures to protect your data: TLS 1.3 encryption for all communications (Caddy 2 + Let's Encrypt), scrypt hashing with salt and timing-safe comparison for user passwords, one-time Twilio Verify OTP for advanced signatures, one-time email verification and password reset tokens with short validity (1 hour), rate limiting per plan on sensitive endpoints, timestamped logging of each stage in the lifecycle of an envelope (audit log), object storage with versioning enabled on signed documents, restricted data access by administrators. A detailed list of our security practices is available on the /security page.

10. Cookies and other

We use only cookies strictly necessary for the operation of the Service (session management, language preferences, CSRF protection). No third-party analytics or advertising cookies are set without your explicit consent.

11. Changes

This policy may be updated to reflect changes to our Service or applicable regulations. Any substantial modification will be notified to you by email. The date of last update appears at the top of this page.

For any questions about your personal data, please contact our Data Protection Officer at privacy@certyneo.com.