Privacy policy
1 Personal data controller
1.1 The personal data controller Pavel Strejček, ID 66331021, with registered office at Valdštejnova 839/75, 350 02 Cheb, Czech Republic (hereinafter referred to as "controller"), declares that all personal data processed by the controller are strictly confidential. The controller handles them in accordance with national and European Union legislation in force in the field of personal data protection.
1.2 The controller collects, stores, and uses your personal data in accordance with Act No. 110/2019 Coll., on the processing of personal data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the "GDPR"). The individual purposes for which the controller processes personal data are defined below.
1.3 The controller also collects this personal data through its website at https://SignedText.com (hereinafter referred to as the "Internet Site").
1.4 This policy is issued by the controller to ensure that you are sufficiently informed about what personal data the controller processes about you, for what purpose, for how long, who will have access to your personal data and what your rights are. This policy applies to all personal data collected by the controller, whether collected for the purpose of fulfilling a contractual relationship, legal obligation, legitimate interest or consent.
2 Data processed
2.1 The controller is entitled to process the following personal data according to the purpose, according to categories of personal data, according to categories of data subject, according to categories of recipients and according to the retention period as follows.
| No. | Purpose of processing | Categories of personal data | Category of data subject | Categories of beneficiaries | Preservation time |
|---|---|---|---|---|---|
| 1 | performance of the contractual relationship, legitimate interest | user profile data:
|
registered user, customer | any visitors to the website, both unregistered and registered, personal data controller | for the duration of the user account |
| 2 | legitimate interest, statistical purposes | browser and internet connection details, IP address | website visitor, both unregistered and registered | personal data controller, external payment provider (merchant of record, e.g., Paddle) | for the duration of the user account, max. 4 years for non-registered visitors |
| 3 | accounting and tax purposes | address and identification data | customer | personal data controller, accountant | 10 years from the end of the tax year |
2.2 The individual purposes of processing are:
2.2.1 performance of a contractual relationship means: the relationship between you and the controller arising on the basis of an order, registration, arrangement of a Subscription, based on a concluded contract, based on an application and participation in a competition, and the like;
2.2.2 accounting and tax purposes means: accounting records as defined in accounting and tax legislation;
2.2.3 Statistical purposes means: anonymised website traffic surveys, as well as monitoring the number of page views, time spent on the website, type of device from which you access the website. We collect data in order to improve our services and offer relevant content to our clients;
2.2.4 legitimate interest means: effective defense in the event of a dispute; the period of processing personal data in such a case is 4 years from the expiration of the warranty period for the goods and is extended by the period for which the dispute is ongoing. We want to continuously improve the quality of our services and, if necessary, provide new and better services; we want to prevent the obstruction of such activities; therefore, activities that contribute to the fulfillment of this goal are our legitimate interest. A legitimate interest also includes processing for the purposes of preventing fraud (e.g. assessing the risk of concluding a contract), direct marketing (e.g. offering relevant services to existing customers), transferring personal data within a group of companies for internal administrative purposes, reporting crimes and transferring personal data to the competent authority, ensuring network and information security . This list is only exemplary;
2.2.5 fulfilment of other statutory obligations means: providing information to law enforcement authorities, providing information to other public authorities, etc.
2.3 We process your personal data for the time necessary to ensure all rights and obligations arising from the mutual legal transaction, at least for the period of order processing, execution of the transaction, installation of the service, etc., as well as for the period for which the controller is obliged to keep the personal data according to generally binding legal regulations or for the period for which you have given your consent to the controller, if applicable. Otherwise, the processing period results from the purpose for which the personal data are processed or is determined by legal regulations.
2.4 Personal data is processed manually and automatically by the controller. The controller is entitled to process certain information automatically, for example, to create statistical information about traffic to its website.
2.5 Personal data associated with the User Account may be deleted in the case of long-term account inactivity (more than 12 months) or if the account has not been properly completed (unconfirmed account). The legal basis for this deletion is the controller's legitimate interest in maintaining an up-to-date database of users and minimizing the retention of personal data.
2.6 Personal data may be disclosed to the following categories of processors:
- payment service provider (Merchant of Record): Paddle.com Market Limited;
- hosting service provider: Hetzner Online GmbH;
- email service provider: Seznam.cz, a.s. (Seznam Profi);
- authentication service provider: Google LLC (Firebase Authentication).
3 Personal data processed on the basis of consent
3.1 If we have obtained consent from you to process your personal data, it is for one of the following purposes:
3.1.1 Identification and disclosure of the user of the service creating the signatures;
3.1.2 Ensuring the trustworthiness of signatures
4 Rights of the data subject
4.1 As a data subject, you have the following rights under the law, which you can exercise at any time. These are:
4.1.1 right of access to personal data, under which you have the right to obtain information from the controller about whether the controller processes your personal data. The controller is obliged to provide this information to you without undue delay. The content of the information is determined by Article 15 of the GDPR. The controller shall provide the first copy of the personal data being processed free of charge; for additional copies, the controller may charge a reasonable fee based on administrative costs;
4.1.2 The right to rectification or erasure of personal data, or restriction of processing, whereby you have the right to have personal data that is inaccurate or incorrect rectified. If your personal data is no longer necessary for the purposes for which it was collected or is being processed unlawfully, you have the right to request its erasure. If you do not wish to request the erasure of personal data but only to temporarily restrict its processing, you may request the restriction of processing;
4.1.3 right to request an explanation if you suspect that the processing of personal data by the controller is in breach of the law;
4.1.4 right to contact the Office for Personal Data Protection in case of doubts about compliance with the obligations related to the processing of personal data;
4.1.5 right to data portability, i.e. the right to obtain personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format, see Article 20 GDPR for more details;
4.1.6 The right to object to the processing of personal data which are processed for the performance of a task carried out in the public interest or in the exercise of official authority or for the purposes of protecting the legitimate interests of the controller. The controller shall terminate the processing without undue delay unless it can demonstrate that there is a legitimate interest/reason for the processing which overrides your interests, rights or freedoms;
4.1.7 The right to withdraw consent to the processing of personal data at any time if you have given your consent to the controller to process your personal data.
4.1.8 right to account deletion: The user has the right to delete their account and all data at any time. To delete data, log in to the application, go to Profile Settings and click the 'Delete Account' button. This action is irreversible.
5 Technical data storage (Cookies and Local Storage)
To ensure the functionality of logging in and the security of user accounts, we use technical cookies and local browser storage (Local Storage/IndexedDB). These technologies are necessary for the technical provision of the service (user authentication) and cannot be rejected if you want to use the service.
In the case of logging in via third-party services (Google, Facebook, GitHub), these services may store their own cookies in your browser, which are governed by their own privacy policies.
For detailed information about the cookies we use, the legal basis, how you can manage them, and how we update this document, please refer to the Agree to Cookies.
6 Processing of payment data
When purchasing a subscription, personal data necessary for payment processing are processed by the Merchant of Record as an independent data controller in accordance with its own privacy policy. The Operator does not have access to the user's full payment card details.
7 Transfer to third countries
7.1 Certain personal data (in particular user profile data that the user has voluntarily made public) is accessible to visitors of the website without territorial restriction as part of the performance of the contractual relationship. This disclosure is necessary for the provision of the signature verification service and is based on Article 49(1)(b) of the GDPR (performance of a contract).
7.2 Some providers (e.g., Google LLC) may process personal data outside the European Economic Area. In such cases, the transfer is based on Standard Contractual Clauses (SCCs) or other appropriate safeguards pursuant to Article 46 of the GDPR.
7.3 Other personal data is processed within the EU/EEA and is not transferred to third countries unless there is an appropriate legal basis under Chapter V of the GDPR.
8 Information and questions
8.1 Further information about rights and obligations regarding the protection of personal data can be obtained by the data subject via email at info(at)signedtext.com.
9 Browser Extension
9.1 The SignedText Helper extension is designed with an emphasis on privacy protection. It does not collect browsing history, does not track user behavior across websites, and does not collect personally identifiable information.
9.2 Operating principle and data collection: To verify digital signatures on the visited page, the extension sends to SignedText.com servers:
- Source code (HTML) of the current page;
- Rendered text content of the page.
This data is necessary for the cryptographic verification of content integrity. The data may be temporarily stored on the server disk for processing purposes, but is not permanently archived. It is deleted after verification is complete.
9.3 Local storage: User settings (e.g., preferred language or API token) are stored only locally in your browser and are not synchronized to our servers (with the exception of the API token, which is sent with the authentication request).
9.4 Limited Use Disclosure: The use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.
10 Effective Date
10.1 This policy becomes valid and effective on March 26, 2026.