SignDex API v2.0 is now live. Read the release notes

EN

signdex
Log In
View Demo
Sign Up
Log In
View Demo
Sign Up
signdex

Privacy Notice

We value your trust. This document outlines how SignDex collects, processes, and protects your personal data in compliance with the Personal Data Protection Act 2010 (PDPA).

Last Updated: February 25, 2026

CONTENT

Download PDF Version

1. Collection of Data

We value your trust. This document outlines how SignDex collects, processes, and protects your personal data in compliance with the Personal Data Protection Act 2010 (PDPA).

  • Account Information: Name, work email, company name, and phone number (for 2FA).
  • Signature Data: Your digitized signature, initials, and any biometric data captured during the signing process (if enabled).
  • Document Metadata: File names, timestamps, and IP addresses of all parties involved in a transaction.
  • eKYC Data: Identity card (MyKad) or passport details when strictly required for high-assurance signing levels.

2. Usage of Information

Your data is used primarily to process transactions and generate legally binding audit trails. We do not sell your personal data to advertisers. Usage includes:

  • Service Delivery

Creating envelopes, routing documents, and notifying signers.

  • Legal Evidence

Generating the Certificate of Completion and Audit Logs required by court.

3. Data Sovereignty Promise

SignDex guarantees that all documents uploaded by Malaysian entities are stored exclusively on servers located within Malaysia (unless otherwise configured for On-Premise clients).

We do not replicate your legal contracts to offshore backup centers without your explicit written consent, ensuring full compliance with data residency requirements for regulated industries.

4. Disclosure & Sharing

We only share data when necessary to execute the service or when required by law:

  • Certification Authorities (CAs): When you request a high-assurance signature (e.g., Local CA or AATL), minimal identity data is passed to the CA (e.g., Pos Digicert) to issue the digital certificate.
  • Legal Requirements: We may disclose data if subpoenaed by a Malaysian court of law.

5. Security Measures

We employ banking-grade security protocols to protect your data, including AES-256 encryption at rest and TLS 1.2+ for data in transit. Access to production servers is strictly limited to authorized personnel via VPN and MFA.

ENCRYPTED

6. Your Rights (PDPA)

Under the Personal Data Protection Act 2010, you have the right to:

  • Access your personal data held by us.
  • Withdraw consent for processing (subject to legal contract retention laws).
  • Request correction of inaccurate data.
  • Prevent processing for direct marketing.

7. Contact Our Data Privacy Officer

If you have any questions about this Privacy Notice or wish to exercise your rights, please contact our DPO:

Data Privacy Officer

Crest Infosolutions SdnBhd
Level 25, Menara SignDex, Kuala Lumpur.
privacy@signdex.com