See https://support.esign-app.com for eSign Documentation and Support
GDPR Compliance Policy
- Chris Cairns
Policy Last Revised: Dec 09, 2024
Digital Rose Inc ("us", "we", or "our") operates the eSign Application at https://esign-app.com (the "Product"). This page informs you of our policy regarding compliance the the General Data Protection Regulation (GDPR).
As a vendor we are committed to supporting GDPR compliance for the eSign application. Following is a summary of the assessment of usage of user data and impact on privacy as it relates to GDPR.
eSign is an app published and only available within the Atlassian cloud infrastructure, please refer to the Atlassian GDPR statement available here GDPR | Atlassian for more information on Atlassian’s related GDPR policies.
eSign GDPR Assessment Summary
The eSign app is an addon to Atlassian Jira/Confluence that adds the capability for users to execute and manage electronic signatures. To support the signature functionality, eSign is required to access certain private user information from within the Atlassian Cloud infrastructure. The eSign app also creates data (e.g. Signatures) that contain private user information that are stored within the Atlassian Cloud.
eSign User Data Access
The following user data fields containing personally identifiable information are accessed by the eSign application. All data is encrypted in transit. The eSign servers do not permanently store any of the accessed User Data.
User Data Access | Usage |
Display Name | The user’s name is retrieved to populate the signee name in the completed signatures. |
E-mail Address | E-mail address is accessed to send transactional notification email (e.g. Signature Pin Reset) |
Locale and Time zone | Locale language and time zone are retrieved to stamp and format the local date/time for the electronic signatures. |
eSign User Data Storage
All of the data created by eSign (e.g. Signatures) that contains personally identifiable information is stored within the Atlassian Cloud infrastructure. The data is encrypted at rest as per the Atlassian GPDR document above. The eSign servers do not permanently store any of the created user Data.
User Data Storage | Usage |
Signatures | Completed signatures containing user names, and the date/time and time zone of each signatures are stored securely within the Atlassian cloud environment. Encrypted at Rest. |
eSign User Consent (for Cookies and Tracking)
The eSign application and web servers do not use any individually identifiable tracking technology (e.g. Cookies) to monitor individual user activities in the web browser or mobile devices.
Server side monitoring and analytics identify only to the Atlassian instance level. No personally identifiable user ID’s are forwarded to analytics. All IP addresses are anonymized.
eSign User Data Security
As detailed above, private user data is accessed temporarily for data processing only. The eSign eSign Processing Services are hosted by ISO 27001 and SOC 2 compliant partners. eSign signature data is stored permanently within each customer’s Atlassian instance (e.g. customername.atlassian.net).
US Data Processing - Heroku: ISO, SOC, HIPAA, PCI Compliance | Heroku
EU Data Processing - Render.com: Security and Trust | Render
Atlassian Data Storage - See Comprehensive Data Protection | Atlassian and GDPR | Atlassian for details on Atlassian’s support for GDPR compliant management of permanently stored private user data.
eSign User Data Deletion
As detailed above, Signature data created by eSign will contain user private data. The administrators of the Atlassian Cloud have access to remove Signatures from the Jira/Confluence repositories if requested.
Additional Questions
Please contact Digital Rose for any additional questions or concerns on GDPR compliance.