See https://support.esign-app.com for eSign Documentation and Support

GDPR Compliance Policy

Policy Last Revised: Apr 16, 2021

Digital Rose Inc ("us", "we", or "our") operates the eSign Application at https://esign-app.com (the "Product"). This page informs you of our policy regarding compliance the the General Data Protection Regulation (GDPR).

As a vendor we are committed to supporting GDPR compliance for the eSign application. Following is a summary of the assessment of usage of user data and impact on privacy as it relates to GDPR.

eSign is an app published and only available within the Atlassian cloud infrastructure, please refer to the Atlassian GDPR statement available here GDPR | Atlassian for more information on Atlassian’s related GDPR policies.

eSign GDPR Assessment Summary

The eSign app is an addon to Atlassian Jira/Confluence that adds the capability for users to execute and manage electronic signatures. To support the signature functionality, eSign is required to access certain private user information from within the Atlassian Cloud infrastructure. The eSign app also creates data (e.g. Signatures) that contain private user information that are stored within the Atlassian Cloud.

eSign User Data Access

The following user data fields containing personally identifiable information are accessed by the eSign application. All data is encrypted in transit. The eSign servers do not permanently store any of the accessed User Data.

User Data Access

Usage

Display Name

The user’s name is retrieved to populate the signee name in the completed signatures.

E-mail Address

E-mail address is accessed to send transactional notification email (e.g. Signature Pin Reset)

Locale and Time zone

Locale language and time zone are retrieved to stamp and format the local date/time for the electronic signatures.

eSign User Data Storage

All of the data created by eSign (e.g. Signatures) that contains personally identifiable information is stored within the Atlassian Cloud infrastructure. The data is encrypted at rest as per the Atlassian GPDR document above. The eSign servers do not permanently store any of the created user Data.

User Data Storage

Usage

Signatures

Completed signatures containing user names, and the date/time and time zone of each signatures are stored securely within the Atlassian cloud environment. Encrypted at Rest.

eSign User Consent (for Cookies and Tracking)

The eSign application and web servers do not use any individually identifiable tracking technology (e.g. Cookies) to monitor individual user activities in the web browser or mobile devices.

Server side monitoring and analytics identify only to the Atlassian instance level. No personally identifiable user ID’s are forwarded to analytics. All IP addresses are anonymized.

eSign User Data Security

As detailed above, private user data is accessed temporarily for data processing from the eSign servers, which are hosted on Heroku. See https://www.heroku.com/policy/security for more information on Heroku (by Salesforce) and the AWS security infrastructure and accreditation.

eSign processed signature data is stored permanently within each customer’s Atlassian instance (e.g. customername.atlassian.net) no privacy data is stored permanently on the eSign servers. See Comprehensive Data Protection | Atlassian and GDPR | Atlassian for details on Atlassian’s support for GDPR compliant management of permanently stored private user data.

eSign User Data Deletion

As detailed above, Signature data created by eSign will contain user private data. The administrators of the Atlassian Cloud have access to remove Signatures from the Jira/Confluence repositories if requested.

Additional Questions

Please contact Digital Rose for any additional questions or concerns on GDPR compliance.