Skip to main content
swipesign

Privacy Policy

At swipesign GmbH, situated at Elisabethstraße 15, Top 5A, 1010 Vienna, Austria (hereinafter referred to as "swipesign", "we", "us" or similar), we hold your privacy and personal rights in the highest regard.

Your data is handled with confidentiality and in strict compliance with all applicable legislation, notably the European Union General Data Protection Regulation (EU GDPR) and the Austrian Data Protection Act, as well as in accordance with the provisions set forth in these privacy policies.

In particular, we protect, together with our service providers and partners, all data processing operations in accordance with the current technical state of the art against unauthorized access, loss, misuse, and unauthorized modification.

These privacy policies (hereinafter "Declaration") describe how we process your personal data (i) when we provide services to you or you use our services, and (ii) when you visit our websites (swipesign.xyz) or platform (app.swipesign.xyz), or use services via our website or platform as a customer. If you already use services from swipesign, this Declaration also applies to data previously collected by us and stored by us that we may link and process with data collected or received in the future.

This Declaration forms part of the contract between you and us if it is included as a contractual component in the respective contract or referenced in the applicable General Terms and Conditions (GTC). If there are contradictions between this Declaration and the provisions of the respective contract or GTC, the latter shall prevail.

In addition to this Declaration, further data protection provisions such as those in your contract with us, in usage conditions, GTC, or other privacy policies may apply.

1. Responsible Entity

Responsible entity within the meaning of applicable data protection law:

swipesign GmbH

Elisabethstraße 15, Top 5A

1010 Vienna, Austria

Email: office@swipesign.xyz

Website: swipesign.xyz

2. General Information

Personal data ("data") means all information relating to an identified or identifiable natural person.

We process various categories of data from you, including:

  • Contact and identification data such as name, address, email address, telephone number, customer number
  • Personal details such as age, gender, nationality, language
  • User account information such as username and password
  • Financial data such as bank details, payment information, payment history
  • Contract data such as contract type, content, start and duration, billing data
  • Interaction and usage data like correspondence, chat contents, preferences, device information
  • Information about website and platform usage such as visited pages, IP address, cookies, browser settings, visit frequency and duration

2.1 Legal Basis of Processing

We process your data based on different legal grounds depending on the services you use from us:

  • Contract or pre-contractual measures (Art. 6(1)(b) EU GDPR)
  • Legal obligation (Art. 6(1)(c) EU GDPR)
  • Your consent given (Art. 6(1)(a) EU GDPR)
  • Legitimate interests, e.g., website security, service information, marketing communications you have not opted out of (Art. 6(1)(f) EU GDPR)

2.2 Purposes of Processing

Purposes include providing and maintaining our services, notifying changes, customer support, service improvement, usage monitoring, technical problem resolution, and sending news and offers relevant to you. If you do not provide certain data completely, contracts may not be concluded or services may be limited or unavailable. Additional processing beyond these purposes requires your explicit consent.

2.3 Duration of Processing

We process your data only as long as necessary for the respective purposes. Longer retention occurs only as required by law or other obligatory retention periods.

3. Website Data Processing: swipesign.xyz

3.1 SSL/TLS Encryption

We use SSL/TLS encryption to secure the transfer of confidential content such as inquiries sent to us via contact forms. Secure connections are indicated by "https://" and browser lock symbols.

Note that internet transmission such as via email may have security gaps unless encrypted by tools like PGP.

3.2 Server Log Files

We automatically collect certain server log data like browser type/version, OS, referring URL, IP address, and request times for statistical and security reasons. These are not directly linked to individual persons.

3.3 Hosting via Vercel

Our website (swipesign.xyz) is hosted by Vercel. When you access or use the website, technical access data (e.g., IP address, device and browser information, time of access, referring URL) may be processed to deliver the website securely and reliably.

Further information can be found in Vercel's privacy policy: https://vercel.com/legal/privacy-policy

4. Platform Data Processing: app.swipesign.xyz

The platform runs on ISO 27001-certified servers in German data centres operated by OVH (OVH SAS, 2 rue Kellermann, 59100 Roubaix, France, support@ovhcloud.com). For account creation or signing without an account, only name, email address, and mobile number are required. For paid services, additional data such as payment information is collected and stored in accordance with statutory retention periods. For seamless login with electronic signatures via national electronic identity, data is processed by the national QTSP (Qualified Trust Service Provider), e.g., A-Trust.

4.1 Partners for Signatures and Identification

Advanced and qualified electronic signatures are processed via partner APIs or digital identities. Personal data is transferred exclusively for internal KYC purposes, based on the partners' data protection provisions. Partners include A-Trust, eIDeasy, PXL Vision, and Nect. Detailed DPA information can be found here:

A-Trust Privacy Notice & Privacy Policy:
https://www.a-trust.at/downloads/de/Datenschutzmitteilung/Datenschutzmitteilung_Registrierungsprozess.pdf

Nect Privacy Policy:
https://nect.com/legal/privacy-policy-website/

eIDeasy Privacy Policy:
https://www.eideasy.com/legal/privacy-policy
https://www.eideasy.com/legal/terms-of-service

PXL Vision Privacy Policy:
https://www.pxl-vision.com/de/datenschutz

4.2 Support Requests

Support is handled via Zendesk CRM, with data processing under EU standard contractual clauses and GDPR compliance.

Zendesk Data Processing Agreement (DPA):
https://www.zendesk.com/company/data-processing-agreement

4.3 Payment Providers & Other Services

Payments are processed via Stripe; subscription handling is managed in cooperation with swipesign OÜ. SMS authentication codes are sent via Twilio. We use Cloudflare to secure our services in compliance with applicable data protection regulations.

Detailed privacy information for our integrated partners:

Twilio Data Processing Agreement (DPA):
https://www.twilio.com/en-us/legal/data-protection-addendum

Stripe Data Processing Agreement (DPA):
https://stripe.com/legal/dpa

Brevo (formerly Sendinblue) GDPR compliance:
https://help.brevo.com/hc/en-us/articles/360001258744-How-does-Brevo-comply-with-the-GDPR

OVH Data Processing Agreement (DPA):
OVH Data Processing Agreement

Cloudflare Data Processing Addendum (DPA):
https://www.cloudflare.com/cloudflare-customer-dpa

5. Third-Party Services on the Website

We use cookies in accordance with our Cookie Policy.

Email notifications are sent via Brevo.

Tracking and marketing are carried out by LinkedIn Insight Tag, Google Remarketing, and Brevo. Links to social media such as LinkedIn and YouTube lead to their own privacy policies.

5.1 Affiliate Tracking (Refindie)

We use the affiliate tracking service Refindie to manage referral and partner programs.

When a user visits our website via an affiliate link, Refindie may place a cookie on the user's device. This cookie allows us to attribute a potential signup or purchase to the referring partner and calculate affiliate commissions.

The cookie typically stores a unique referral identifier and may include information such as the time of the visit and the referring partner ID. This information does not directly identify individual users.

The use of this cookie only occurs after the user has given consent via our cookie banner.

  • Provider: Refindie
  • Purpose: Affiliate tracking and commission attribution
  • Type: Marketing / Tracking cookie
  • Data processed: Referral identifier, timestamp of visit, conversion event
  • Retention period: Up to 90 days (depending on affiliate program configuration)

Further information about Refindie's data processing can be found in their privacy policy.

6. Rights of Data Subjects

You have the right to access, rectification, erasure, restriction of processing, objection, data portability, and withdrawal of consent, among others.

To exercise your rights, please contact:

support@swipesign.xyz

Subject: <GDPR-Request>

You also have the right to lodge a complaint with the competent Austrian data protection authority.

7. Contact Data Protection Officer

For questions regarding data protection:

swipesign GmbH

Elisabethstraße 15, Top 5A

1010 Vienna, Austria

Email: support@swipesign.xyz

Subject: <Data Protection Officer Enquiry>

8. Changes to Privacy Policy

We regularly update our privacy policies to comply with legal and technical changes.

Please always refer to the latest version on our website: https://www.swipesign.xyz/privacy