1. Introduction
Welcome to eSign.Online ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital signature and credit report services.
By accessing or using our services, you agree to the terms of this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
2.1 Personal Information
We may collect the following types of personal information:
- Identity Information: Name, Aadhaar number (masked), PAN number, date of birth, gender
- Contact Information: Email address, phone number, postal address
- Business Information: Company name, designation, GST number, CIN
- Financial Information: Bank account details (for verification), credit score data
- Document Information: Documents uploaded for digital signature
2.2 Technical Information
We automatically collect certain technical information when you use our services:
- IP address and device identifiers
- Browser type and version
- Operating system
- Access times and dates
- Pages viewed and actions taken
- Referral URLs
2.3 Information from Third Parties
We may receive information about you from third parties, including:
- UIDAI (for Aadhaar-based verification)
- Credit bureaus (CIBIL, Experian, Equifax, CRIF)
- Government databases for identity verification
- Business partners and API clients
3. How We Use Your Information
We use the collected information for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Providing digital signature services | Contract performance |
| Identity verification and KYC | Legal obligation |
| Credit report generation | Consent |
| Customer support | Legitimate interest |
| Service improvement | Legitimate interest |
| Fraud prevention | Legal obligation |
| Marketing communications | Consent |
4. Data Sharing and Disclosure
We may share your information with:
4.1 Service Providers
Third-party vendors who assist in providing our services, including cloud hosting providers, payment processors, and analytics services.
4.2 Government Authorities
When required by law or to comply with legal processes, including requests from UIDAI, RBI, or other regulatory bodies.
4.3 Business Partners
With your consent, we may share information with our API clients and business partners for whom you are using our services.
Important: We do not sell your personal information to third parties for marketing purposes.
5. Data Security
We implement robust security measures to protect your information. Our organization holds the following certifications:
- ISO 27001 - Information Security Management System
- ISO 9001:2015 - Quality Management System
- CMMI - Capability Maturity Model Integration
- ISO 45001:2018 - Occupational Health and Safety Management
Additional security measures include:
- Encryption: All data is encrypted using 256-bit SSL/TLS encryption in transit and AES-256 at rest
- Access Controls: Strict role-based access controls and multi-factor authentication
- Infrastructure: Secure data centers with redundancy and disaster recovery
- Monitoring: 24/7 security monitoring and intrusion detection systems
- Audits: Regular security audits and penetration testing
6. Data Retention
We retain your information for as long as necessary to:
- Provide our services to you
- Comply with legal obligations (typically 8 years for financial records)
- Resolve disputes and enforce agreements
- Meet regulatory requirements under IT Act 2000 and RBI guidelines
After the retention period, data is securely deleted or anonymized.
7. Your Rights
Under applicable data protection laws, you have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal requirements)
- Portability: Receive your data in a portable format
- Objection: Object to certain processing activities
- Withdraw Consent: Withdraw previously given consent
To exercise these rights, contact us at privacy@esign.online
8. Cookies and Tracking
We use cookies and similar technologies to enhance your experience. For detailed information, please refer to our Cookie Policy.
9. Children's Privacy
Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
10. International Data Transfers
Your information may be transferred to and processed in countries other than India. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses and adequacy decisions.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
- Email: privacy@esign.online
- Address: eSign.Online, India
- Data Protection Officer: dpo@esign.online
13. Grievance Officer
In accordance with the Information Technology Act 2000 and rules made thereunder, the name and contact details of the Grievance Officer are provided below:
Grievance Officer
Email: grievance@esign.online
Response Time: Within 24 hours of receipt