See https://support.esign-app.com for eSign Documentation and Support
GDPR Compliance Policy
- Chris Cairns🔹Digital Rose
Policy Last Revised: Jan 1, 2023
Digital Rose Inc ("us", "we", or "our") operates the eSign Application at https://esign-app.com (the "Product"). This page informs you of our policy regarding compliance the the General Data Protection Regulation (GDPR).
As a vendor we are committed to supporting GDPR compliance for the eSign application. Following is a summary of the assessment of usage of user data and impact on privacy as it relates to GDPR.
eSign is an app published and only available within the Atlassian cloud infrastructure, please refer to the Atlassian GDPR statement available here GDPR | Atlassian for more information on Atlassian’s related GDPR policies.
eSign GDPR Assessment Summary
The eSign Document Management app is an addon to Atlassian Confluence that adds the capability for users to execute and manage electronic signatures. To support the signature functionality, eSign is required to access certain private user information from within the Atlassian Cloud infrastructure. The eSign app also creates data (e.g. Signatures) that contain private user information that are stored within the Atlassian Cloud.
eSign User Data Access
The following user data fields containing personally identifiable information are accessed by the eSign application. All data is encrypted in transit. The eSign servers do not permanently store any of the accessed User Data.
User Data Access | Usage |
Display Name | The user’s name is retrieved to populate the signee name in the completed signatures. |
E-mail Address | E-mail address is accessed to send transactional notification email (e.g. Signature Pin Reset) |
Locale and Time zone | Locale language and time zone are retrieved to stamp and format the local date/time for the electronic signatures. |
Atlassian Account ID | The internal Atlassian account ID is stored within the signature record. |
eSign User Data Storage
All of the data created by eSign (e.g. Signatures) that contains personally identifiable information is stored within the Atlassian Cloud infrastructure. The data is encrypted at rest as per the Atlassian GPDR document above. The eSign servers do not permanently store any of the created user Data.
User Data Storage | Usage |
Document Records | The Document Record contains document metadata, signatures, audit trail, locale information, etc. Document records are stored within the Atlassian Cloud. All data stored within the Atlassian cloud is encrypted at rest. |
Signatures | Completed review signatures and training signatures are stored within the Document Records. Signatures contain the atlassian user ID, user name, title, e-mail address of each Signee. Signatures are only stored within the customer’s private Atlassian cloud environment. |
eSign User Consent (for Cookies and Tracking)
The eSign application and web servers do not use any individually identifiable tracking technology (e.g. Cookies) to monitor individual user activities in the web browser or mobile devices.
Server side monitoring and analytics identify only to the Atlassian instance level. No personally identifiable user activity is tracked.
eSign User Data Security
As detailed above, private user data is accessed temporarily for data processing from the eSign servers, which are hosted on Heroku. See https://www.heroku.com/policy/security for more information on Heroku (by Salesforce) and the AWS security infrastructure and accreditation.
eSign processed signature data is stored permanently within each customer’s Atlassian instance (e.g. customername.atlassian.net) no privacy data is stored permanently on the eSign servers. See Comprehensive Data Protection | Atlassian and GDPR | Atlassian for details on Atlassian’s support for GDPR compliant management of permanently stored private user data.
eSign User Data Deletion
As detailed above, Signature data created by eSign will contain user private data. The administrators of the Atlassian Cloud have access to remove Signatures from the Confluence repositories if requested.
Additional Questions
Please contact Digital Rose for any additional questions or concerns on GDPR compliance.