PS PaySign Secure payments and digital acceptance workflows

Data protection

Privacy and data protection

PaySign processes personal data that is necessary to operate authentication areas, checkout sessions, payment flows, document acceptance features, security controls and related support functions. This policy describes, at a high level, the categories of data that may be processed and the operational purposes for which that processing may occur.

Categories of personal data

  • Identification and contact details of internal users, customers, signers or operational contacts.
  • Transaction details such as references, amounts, items, timestamps and session metadata.
  • Document-related data, including acceptance records, signature evidence and generated outputs.
  • Technical and security information such as logs, device or browser context and anti-fraud signals.
  • Support and account management information needed to maintain the service relationship.

Purposes of processing

Personal data may be processed to create and manage user accounts, authenticate access, present transaction content, operate checkouts, request or receive payments, generate evidence, support document acceptance flows, prevent misuse, respond to incidents, maintain audit trails, provide customer support, enforce legal terms and comply with applicable laws or legitimate legal requests.

Legal bases

Depending on the context, processing may rely on contractual necessity, legitimate interest, compliance with legal obligations, fraud prevention, security protection, defense of legal claims or consent where a specific use of data requires it. The relevant basis may differ depending on whether the person is an internal user, merchant representative, customer, payer or signer.

Source of data

Information may be obtained directly from the relevant user, from the tenant or merchant configuring a checkout, from payment or messaging providers, from API integrations, from forms completed during a transaction or from technical logs generated through use of the website and platform.

Recipients and processors

Personal data may be disclosed to or processed by infrastructure providers, cloud storage services, payment processors, communication providers, support systems, analytics or fraud prevention tools and other technical partners where necessary to operate the platform. Disclosure may also occur where legally required, contractually necessary or needed to protect rights, safety, platform integrity or legal claims.

International processing

Because the platform may rely on cross-border infrastructure and providers, data may be processed in jurisdictions other than the one from which the user accesses the website. Where relevant, reasonable contractual, technical and organizational safeguards may be implemented to support lawful international processing.

Retention and evidentiary preservation

Data is retained for the period necessary to provide the service, maintain account history, preserve payment and acceptance evidence, respond to disputes, investigate abuse, comply with legal obligations, satisfy accounting or tax retention requirements and protect the operator or platform users in the event of claims or audits.

Security measures

The service operator applies reasonable technical and organizational measures designed to protect confidentiality, integrity and availability. No system can guarantee absolute security and users should also adopt appropriate security practices, including protecting credentials and avoiding unauthorized sharing of access links or sensitive transaction data.

Data subject rights

Subject to the rules applicable in the relevant jurisdiction and the role played by the operator in a given processing activity, individuals may have rights relating to access, rectification, erasure, restriction, objection, portability or complaint. Some requests may need to be handled in coordination with the merchant, tenant or controller responsible for the underlying transaction context.