This Privacy Policy explains how we process personal data when you:

• visit our website;
• create an account;
• use the Signio application;
• upload lease documents or related files;
• contact us;
• join a waitlist, request a demo, or otherwise interact with us.

Depending on how you use Signio, we may process:

Account and contact data

• name
• work email address
• company name
• job title
• login and authentication data

Usage and product data

• workspace and account settings
• activity logs
• feature usage
• device, browser, and technical session data

Uploaded documents and extracted lease data

• lease agreements, drafts, annexes, and supporting documents
• information extracted from those documents, such as key terms, dates, payment structure, and commercial conditions

Personal data contained in documents

Uploaded lease documents may contain personal data, including names, email addresses, signatures, phone numbers, and other information relating to identified or identifiable individuals. Personal data under GDPR is broad and includes any information relating to an identified or identifiable person.

Communications

• messages you send to us
• demo or support requests
• feedback and survey responses

We process personal data for the following purposes:

To provide and operate Signio

We process personal data to create accounts, operate workspaces, host uploaded documents, extract and structure lease information, and provide core product functionality.
Legal basis: performance of a contract, or steps taken at your request before entering into a contract. GDPR requires a lawful basis for processing.

To improve the product and support users

We use personal data to troubleshoot issues, respond to support requests, improve workflows, and understand product performance.
Legal basis: legitimate interests in operating and improving our service.

To communicate with you

We process contact details to send service-related updates, respond to inquiries, and manage demos or waitlists.
Legal basis: contract, legitimate interests, or consent where required.

To protect the service and prevent misuse

We process technical and usage data to maintain security, detect abuse, and protect our systems and users.
Legal basis: legitimate interests.

To comply with legal obligations

We may process personal data where required to comply with applicable laws, accounting obligations, or lawful requests from authorities.
Legal basis: legal obligation.

When you upload a lease or related file, Signio processes the document to extract, organize, and present relevant lease information. This may include the use of service providers that help us host files, run infrastructure, or support document and AI-assisted processing.

Outputs are designed to assist users, not replace legal, accounting, or professional judgment.

We collect personal data:

• directly from you;
• from your employer or organization when they provision access for you;
• from documents uploaded into Signio;
• automatically from your use of the website or app.

GDPR Articles 13 and 14 require organizations to explain whether data comes directly from the individual or from other sources.

We may share personal data with:

• cloud hosting and infrastructure providers;
• authentication providers;
• analytics providers;
• email and support tools;
• document processing and AI service providers;
• professional advisors where necessary;
• competent authorities where legally required.

We only share personal data where needed to provide the service or comply with legal obligations.

If personal data is transferred outside the EEA/UK/Switzerland, we will use appropriate safeguards where required under applicable law, such as standard contractual clauses or equivalent mechanisms.

We keep personal data only as long as necessary for the purposes described in this Privacy Policy, including to provide the service, maintain security, comply with legal obligations, resolve disputes, and enforce agreements.

If you delete documents or close your account, some data may remain in backups or logs for a limited period before deletion or overwrite.

Privacy notices should explain retention periods or the criteria used to determine them.

We use reasonable technical and organizational measures designed to protect personal data and uploaded documents, including access controls, encryption in transit, and restricted internal access where appropriate. IMY states that processed personal data must be protected.

No system is completely risk-free, and we cannot guarantee absolute security.

Depending on your location and the applicable law, you may have the right to:

• access your personal data;
• request rectification;
• request erasure;
• request restriction;
• object to certain processing;
• request data portability;
• withdraw consent where consent is the legal basis;
• lodge a complaint with a supervisoru authority.

The right to be informed and other data subject rights are core GDPR rights.

If you are in Sweden, you may lodge a complaint with the Swedish Authority for Privacy Protection (IMY).

Signio is intended for business users and is not directed to children.

We may update this Privacy Policy from time to time. If we make material changes, we will update the “Last updated” date and, where appropriate, provide additional notice.

For privacy questions or requests, contact:

info@getsignio.com