Data Processing Overview
An overview of how processor terms for customer envelope workflows are handled where we process personal data on your instructions.
Last updated: June 19, 2026
1. Scope
This overview describes our practices when we process customer-controlled envelope, recipient, and signing workflow data on customer instructions.
2. Roles
A customer commonly acts as controller for recipient and envelope data it supplies, while the Operator commonly acts as processor for that customer-directed processing. The Operator acts as an independent controller for account security, billing administration, legal compliance, service protection, and other purposes it determines. Actual roles depend on the facts and applicable law.
3. Processing Principles
- We use customer workflow data to provide the requested workflow and for limited security, legal, and service-integrity purposes described in the Privacy Policy.
- We apply confidentiality and least-privilege access controls.
- We aim to maintain appropriate technical and organizational security measures.
- We assist customer controllers with data-subject requests where feasible and legally required.
- We notify customer controllers of verified security incidents affecting their data without undue delay.
- We support deletion/return handling subject to our data retention schedule and legal exceptions.
4. Subprocessors and Transfers
Current service providers are listed on the Subprocessors page. The list does not itself provide contractual authorization or a lawful international-transfer mechanism.
5. Contact
For questions regarding data processing, contact privacy@filosign.xyz.