Privacy Policy

BuiltSign is a registered trade name of Crul.Dev, a sole proprietorship registered at the Dutch Chamber of Commerce under number 97533114 ("we", "our", or "us").

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document signing platform. Crul.Dev, trading as BuiltSign, is the data controller within the meaning of the General Data Protection Regulation (GDPR).

By using BuiltSign, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access the service.

Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, company name, and password when you create an account.
• Payment Information: Credit card details and billing address (processed securely through Stripe).
• Documents: PDF files you upload for signing, including any personal data contained within them.
• Signature Data: Electronic signatures, IP addresses, and timestamps associated with signing events.

Automatically Collected Information

• Device and browser information
• IP address and approximate location
• Usage data and analytics
• Cookies and similar tracking technologies

We use the information we collect to:

• Provide, maintain, and improve our services
• Process document signing requests
• Create and maintain audit trails for legal compliance
• Process payments and prevent fraud
• Send transactional emails and notifications
• Provide customer support
• Analyze usage patterns to improve user experience
• Comply with legal obligations

Legal Basis for Processing

We process your personal data based on the following legal grounds under Article 6 of the GDPR:

• Contract: Processing necessary to perform our agreement with you (providing document signing services).
• Legitimate Interest: Processing for our legitimate business interests (analytics, security, fraud prevention) where these do not override your rights.
• Legal Obligation: Processing necessary to comply with legal requirements (audit trails, tax records).
• Consent: Where you have given explicit consent (marketing communications, optional features).

Your documents and data are stored securely using industry-standard encryption. We use Amazon Web Services (AWS) S3 for document storage with server-side encryption. All data transmissions are protected using TLS 1.3 encryption.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

We retain your personal information for as long as your account is active or as needed to provide you services. Signed documents and audit trails are retained for a minimum of 7 years to comply with legal requirements.

You may request deletion of your account and personal data at any time. However, the right to erasure (Article 17 GDPR) is not absolute. We may refuse deletion for data we are legally required to retain, including: (a) signed documents and audit trails necessary to establish, exercise, or defend legal claims (Article 17(3)(e) GDPR); (b) financial and administrative records subject to the 7-year statutory retention obligation under Article 52 of the Dutch General Tax Act (AWR). After the mandatory retention period expires, your data will be permanently and irreversibly deleted.

We may share your information with:

• Service Providers (sub-processors): Third-party vendors supporting our platform, each contractually bound by Standard Contractual Clauses (SCCs, Commission Implementing Decision EU 2021/914) for transfers outside the EEA: Supabase, Inc. (database & authentication, US/EU); Amazon Web Services (storage, EU region); Stripe, Inc. / Stripe Payments Europe, Ltd. (payments, US/IE — also certified under the EU-US Data Privacy Framework); Resend, Inc. (email delivery, US); Vercel, Inc. (hosting & edge delivery, US/EU); Twilio, Inc. (SMS verification, US). An up-to-date list of sub-processors is available upon request at info@builtsign.com.
• Signing Parties: Other parties involved in document signing workflows you initiate.
• Legal Requirements: When required by law, regulation, or legal process.
• Business Transfers: In connection with a merger, acquisition, or sale of assets.

We do not sell your personal information to third parties for marketing purposes.

If you are located in the European Economic Area (EEA), you have certain data protection rights:

• Access: Request a copy of your personal data.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to certain processing of your data.
• Restriction: Request restriction of processing.
• Withdraw Consent: Withdraw your consent at any time where processing is based on consent.
• Lodge a Complaint: You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or another supervisory authority in the EU.

To exercise these rights, please contact us at legal@builtsign.com. We will respond to your request within one month.

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

Our service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact the data controller:

• Email: legal@builtsign.com
• Crul.Dev (trading as BuiltSign)
• Zwedenstraat 37, Almere, The Netherlands
• KVK: 97533114
• VAT: NL005276049