Go to main content
Certyneo

Privacy Policy

Last updated: April 14, 2026

1. Data controller

The controller of the data collected via the Certyneo platform is Certyneo, whose registered office is located in France (Certyneo SAS, 7 Rue du Faubourg Saint-Honoré, 75008 Paris, France — R.C.S. Paris 930 253 148). For any question concerning your personal data, you may contact us at privacy@certyneo.com.

2. Data collected

We collect the data you provide to us directly (first name, last name, email, hashed password, job title, company, phone number), the documents you upload for signature, as well as the technical metadata required to operate the Service (IP address, user agent, timestamp, session identifiers).

3. Purposes of processing

Your data is processed in order to: (i) provide and operate the electronic signature Service, (ii) guarantee the probative value of the signatures issued, (iii) bill your subscription, (iv) ensure the security of the platform and prevent fraud, (v) send you communications relating to the Service, and (vi) comply with our legal and regulatory obligations.

4. Legal basis

The processing operations are based on the performance of the contract between us (Article 6(1)(b) GDPR), on compliance with legal obligations (Article 6(1)(c)), and on our legitimate interest in securing our Service (Article 6(1)(f)). No processing for commercial prospecting purposes is carried out without your prior explicit consent.

5. Recipients

Your data is accessible to our strictly authorised technical and support teams, as well as to our current subprocessors: hosting provider (IONOS, European Union), transactional email service (Resend) and SMS OTP service (Twilio Verify). All our subprocessors are bound by contract and provide sufficient security guarantees. An up-to-date list is available on request from privacy@certyneo.com.

6. Hosting and location

Your data is hosted exclusively on servers located within the European Union (Germany). No personal data is transferred outside the EU without appropriate safeguards (European Commission standard contractual clauses).

7. Retention period

Data from your account is retained for as long as you are a Service user. Signed documents and their audit evidence are retained for 10 years after signature, in accordance with eIDAS regulation and Civil Code requirements. Technical data (logs) are retained for a maximum of 12 months.

8. Your rights

In accordance with the GDPR, you have the right to access, rectify, erase, restrict, port and object to the processing of your data. You may exercise these rights from your dashboard or by writing to us at privacy@certyneo.com. You also have the right to lodge a complaint with the French data protection authority, the CNIL (www.cnil.fr).

8.bis Data Protection Officer (DPO)

Certyneo uses an outsourced shared DPO service (DPO-Consulting) pending the appointment of an in-house DPO. You may contact the DPO at dpo@certyneo.com for any question relating to your personal data, and lodge a complaint with your national supervisory authority (in France: CNIL, 3 place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07) if your request goes unanswered.

9. Security

We implement the following technical and organisational measures to protect your data: TLS 1.3 encryption of all communications (Caddy 2 + Let's Encrypt), scrypt hashing with salt and timing-safe comparison for user passwords, single-use Twilio Verify OTP for advanced signatures, single-use email verification and password reset tokens with a short validity (1 hour), per-plan rate limiting on sensitive endpoints, timestamped logging of every step of an envelope's lifecycle (audit log), object storage with versioning enabled for signed documents, and restricted data access for administrators. A detailed list of our security practices is available on the /security page.

10. Cookies

We use only cookies that are strictly necessary to operate the Service (session management, language preferences, CSRF protection). No third-party analytics or advertising cookies are set without your explicit consent.

11. Amendments

This policy may evolve to reflect changes to our Service or to the applicable regulations. Any material modification will be notified to you by email. The last update date appears at the top of this page.

For any question regarding your personal data, contact our data protection officer at privacy@certyneo.com.