Skip to main content
Certyneo

Privacy Policy

Last updated: 14 April 2026

1. Data Controller

The controller of data collected via the Certyneo platform is Certyneo SAS, whose registered office is located at 7 rue du Faubourg Saint-Honoré, 75008 Paris, France, registered in the Paris Trade and Companies Register under number 930 253 148. For any questions regarding your personal data, you can contact us at privacy@certyneo.com.

2. Data Collected

We collect data you provide directly to us (name, surname, email, hashed password, job title, company, phone number), documents you upload for signature purposes, and technical metadata necessary for the Service to function (IP address, user-agent, timestamp, session identifiers).

3. Processing Purposes

Your data is processed to: (i) provide and operate the electronic signature Service, (ii) ensure the evidential value of issued signatures, (iii) bill your subscription, (iv) ensure platform security and prevent fraud, (v) send you communications relating to the Service, and (vi) comply with our legal and regulatory obligations.

4. Legal Basis

Processing activities are based on contract performance (Article 6.1.b GDPR), compliance with legal obligations (Article 6.1.c), and our legitimate interest in securing our Service (Article 6.1.f). No processing for commercial prospecting purposes is carried out without your prior explicit consent.

5. Recipients

Your data is accessible to our technical and support teams with strict authorisation, as well as to our current sub-processors: hosting provider (IONOS, European Union), transactional email service (Resend) and SMS OTP service (Twilio Verify). All our sub-processors are bound by contract and provide sufficient security guarantees. An up-to-date list is available on request at privacy@certyneo.com.

6. Hosting and Location

Your data is hosted exclusively on servers located within the European Union (Germany). No personal data is transferred outside the EU without appropriate safeguards (standard contractual clauses of the European Commission).

7. Retention Period

Your account data is retained as long as you are a Service user. Signed documents and their audit proof are retained for 10 years after signature, in accordance with eIDAS regulation and Civil Code requirements. Technical data (logs) is retained for a maximum of 12 months.

8. Your Rights

In accordance with GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your data. You can exercise these rights from your dashboard or by writing to us at privacy@certyneo.com. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

8.bis Data Protection Officer (DPO)

Certyneo relies on an outsourced shared DPO through the DPO-Consulting firm. You can contact them at dpo@certyneo.com for any questions regarding your personal data, and lodge a complaint with the CNIL (3, place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07) if your request remains unanswered. A declaration with the CNIL in the DPO register has been filed as part of our GDPR compliance framework.

9. Security

We implement the following technical and organisational measures to protect your data: TLS 1.3 encryption for all communications (Caddy 2 + Let's Encrypt), scrypt hashing with salt and timing-safe comparison for user passwords, single-use Twilio Verify OTP for advanced signatures, single-use email verification and password reset tokens with short validity (1 hour), rate limiting by plan on sensitive endpoints, timestamped logging of each step in the envelope lifecycle (audit log), object storage with versioning enabled for signed documents, restricted administrative access to data. A detailed list of our security practices is available on the /security page.

10. Cookies and other

We use only cookies strictly necessary for the Service to function (session management, language preferences, CSRF protection). No third-party analytics or advertising cookies are placed without your explicit consent.

11. Changes

This policy may be updated to reflect changes to our Service or applicable regulations. Any material changes will be notified to you by email. The date of last update appears at the top of this page.

For any questions regarding your personal data, contact our Data Protection Officer at privacy@certyneo.com.