Privacy Policy

Last Updated: January 21, 2026

Data Controller

The data controller responsible for your personal data is:

LuxSign

Electronic Signature Platform
Grand Duchy of Luxembourg
Luxembourg

RCS: A46705

1. Introduction

LuxSign ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature service ("Service"). We process your data based on the legal grounds described in Section 3 below.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address)
  • Documents you upload to the Service
  • Signatures and initials you create
  • Payment information (processed by third-party payment processors)
  • Communications with us (support emails, feedback)

2.2 Automatically Collected Information

  • IP addresses and device information
  • Browser type and version
  • Usage data (pages visited, features used, time spent)
  • Cookies and similar tracking technologies
  • Log data (access times, errors, system activity)

3. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

Processing ActivityLegal BasisDetails
Account creation and managementContract Performance (Art. 6(1)(b))Necessary to provide the Service you requested
Document signing and storageContract Performance (Art. 6(1)(b))Core functionality of the e-signature service
Audit trail creationLegal Obligation (Art. 6(1)(c)) and Legitimate Interest (Art. 6(1)(f))Required under eIDAS Regulation and for dispute resolution
Email notificationsContract Performance (Art. 6(1)(b))Essential service communications
Analytics and service improvementLegitimate Interest (Art. 6(1)(f))Improving service quality and user experience
Marketing communicationsConsent (Art. 6(1)(a))Only with your explicit consent; can be withdrawn anytime
Security and fraud preventionLegitimate Interest (Art. 6(1)(f))Protecting our Service and users from threats
Payment processingContract Performance (Art. 6(1)(b))Processing subscription payments
Cookie-based tracking (non-essential)Consent (Art. 6(1)(a))Only with your explicit consent via cookie banner

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process and complete transactions
  • Send you service-related communications
  • Respond to your requests and support inquiries
  • Detect, prevent, and address technical issues and security threats
  • Monitor and analyze usage patterns and trends
  • Comply with legal obligations and enforce our Terms of Service
  • Protect our rights, property, and safety, and that of our users

6. Data Storage and Security

Your data is stored on secure servers located in the European Union. We implement industry-standard encryption for data at rest and in transit. However, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Information Sharing and Disclosure

We may share your information:

  • With Other Users: When you send documents for signature, recipients will see your name and email
  • Service Providers: Third-party vendors who assist in operating our Service (hosting, payment processing, analytics)
  • Legal Requirements: When required by law, court order, or governmental request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • Protection of Rights: To protect our rights, property, safety, or that of our users or the public

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

8. Your Rights

Subject to applicable law, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate or incomplete data
  • Erasure - Request deletion of your data ("right to be forgotten")
  • Restriction - Restrict certain processing of your data
  • Data Portability - Receive your data in a structured, machine-readable format
  • Object - Object to processing based on legitimate interests
  • Withdraw Consent - Where processing is based on consent, withdraw at any time
  • Lodge a Complaint - File a complaint with a supervisory authority

To exercise these rights, contact our Data Protection Officer at contact@luxsign.lu. We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Supervisory Authority: You have the right to lodge a complaint with the Commission Nationale pour la Protection des Donnees (CNPD), the Luxembourg supervisory authority for data protection.

CNPD Contact:
15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg
Tel: (+352) 26 10 60 - 1
Website: cnpd.public.lu

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. The specific retention periods are as follows:

Data CategoryRetention PeriodJustification
Account informationDuration of account + 3 yearsContractual obligations and legal requirements
Signed documents10 years from signing dateLuxembourg commercial law requirements and eIDAS compliance
Audit trail data10 years from document completionLegal evidence requirements under eIDAS Regulation
Payment records10 yearsLuxembourg tax and commercial law requirements
Support communications3 years from resolutionQuality assurance and dispute resolution
Server logs90 daysSecurity monitoring and troubleshooting
Analytics data26 monthsService improvement (anonymized where possible)
Cookie consent records12 monthsGDPR and ePrivacy Directive compliance
Marketing consent recordsDuration of consent + 3 yearsProof of consent under GDPR

Upon expiration of the retention period, personal data will be securely deleted or anonymized. Data may be retained longer if required by law or for the establishment, exercise, or defense of legal claims.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service. Cookies are small data files stored on your device. You can control cookies through your browser settings, but disabling cookies may affect Service functionality. For more information, see our Cookie Policy.

11. International Data Transfers

Your data is stored and processed in the European Union. If you access the Service from outside the EU, your data will be transferred to and processed in the EU. Luxembourg is a member of the European Union and subject to EU data protection laws.

12. Children's Privacy

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at contact@luxsign.lu, and we will take steps to delete such information.

13. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information to them.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically. For material changes, we will provide notice via email or through the Service.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at:

Contact: contact@luxsign.lu

Technical Support: support@luxsign.lu

Back to Home