Privacy Notice
We value your trust. This document outlines how SignDex collects, processes, and protects your personal data in compliance with the Personal Data Protection Act 2010 (PDPA).
CONTENT
1. Collection of Data
We value your trust. This document outlines how SignDex collects, processes, and protects your personal data in compliance with the Personal Data Protection Act 2010 (PDPA).
- Account Information: Name, work email, company name, and phone number (for 2FA).
- Signature Data: Your digitized signature, initials, and any biometric data captured during the signing process (if enabled).
- Document Metadata: File names, timestamps, and IP addresses of all parties involved in a transaction.
- eKYC Data: Identity card (MyKad) or passport details when strictly required for high-assurance signing levels.
2. Usage of Information
Your data is used primarily to process transactions and generate legally binding audit trails. We do not sell your personal data to advertisers. Usage includes:
- Service Delivery
Creating envelopes, routing documents, and notifying signers.
- Legal Evidence
Generating the Certificate of Completion and Audit Logs required by court.
3. Data Sovereignty Promise
SignDex guarantees that all documents uploaded by Malaysian entities are stored exclusively on servers located within Malaysia (unless otherwise configured for On-Premise clients).
We do not replicate your legal contracts to offshore backup centers without your explicit written consent, ensuring full compliance with data residency requirements for regulated industries.
4. Disclosure & Sharing
We only share data when necessary to execute the service or when required by law:
- Certification Authorities (CAs): When you request a high-assurance signature (e.g., Local CA or AATL), minimal identity data is passed to the CA (e.g., Pos Digicert) to issue the digital certificate.
- Legal Requirements: We may disclose data if subpoenaed by a Malaysian court of law.
5. Security Measures
We employ banking-grade security protocols to protect your data, including AES-256 encryption at rest and TLS 1.2+ for data in transit. Access to production servers is strictly limited to authorized personnel via VPN and MFA.
ENCRYPTED
6. Your Rights (PDPA)
Under the Personal Data Protection Act 2010, you have the right to:
- Access your personal data held by us.
- Withdraw consent for processing (subject to legal contract retention laws).
- Request correction of inaccurate data.
- Prevent processing for direct marketing.
7. Contact Our Data Privacy Officer
If you have any questions about this Privacy Notice or wish to exercise your rights, please contact our DPO:
Data Privacy Officer
Level 25, Menara SignDex, Kuala Lumpur.