Privacy Policy

Last updated: 27 June 2026 · GDPR compliant

Tivro Web LTD ("Company", "we") operates eSignify. This policy explains how we collect, use, and protect your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

1. Data we collect

• Account data: name, email address, password hash, plan, billing details.
• Document data: documents you upload, field placements, signature images, completed signed PDFs.
• Signing data: recipient names, email addresses, IP addresses, user agents, timestamps of views and signatures.
• Usage data: pages visited, actions taken, browser type, device type, referrer.
• Payment data: handled entirely by Stripe. We store only plan type, invoice references, and subscription status. We never see or store your card number.

2. How we use your data

• To provide, maintain, and improve the Service.
• To send transactional emails (signing requests, verification, receipts).
• To generate audit trails and certificates of completion required by law.
• To detect and prevent fraud, abuse, and security incidents.
• To comply with legal obligations.

3. Legal basis (UK GDPR)

We process your data on the following bases: Contract (to deliver the Service); Legitimate interests (security, fraud prevention, analytics); Legal obligation (audit records); Consent (marketing emails, where applicable).

4. Data sharing

We do not sell your data. We share data only with: Stripe (payment processing), our hosting provider (cPanel/server infrastructure), and as required by law.

5. Data retention

Account data is retained for as long as your account is active, plus 90 days after deletion. Signed documents and audit trails are retained for 7 years to meet legal requirements. You may request earlier deletion where legally permitted.

6. Your rights (UK GDPR)

You have the right to: access, rectify, or erase your data; restrict or object to processing; data portability; withdraw consent. Contact privacy@abhian.net to exercise any right. You may also lodge a complaint with the ICO (ico.org.uk).

7. Cookies

We use strictly necessary cookies only (session management, CSRF protection). We do not use tracking cookies, advertising cookies, or third-party analytics. No cookie consent banner is required.

8. International transfers

Your data is stored on servers in the European Economic Area or UK. Where data is processed by Stripe (US), appropriate safeguards (Standard Contractual Clauses) are in place.

9. Security

We use TLS encryption in transit, bcrypt password hashing, CSRF protection, rate limiting, and access controls. Documents are stored on private file storage inaccessible without authentication.

10. Contact

Data controller: Tivro Web LTD, Nottingham, England. Privacy enquiries: privacy@abhian.net