Mailsign Privacy Policy
Published 12th of July 2025
Scope
This Policy applies to personal data collected when an Administrator creates an account, when an Organisation uses the Service and when Users interact with Mailsign.
What Data We Collect and Why
We only collect data that is necessary to deliver the Service and to comply with legal obligations. You will find the types of personal data we collect below as well as the justification for storing the data.
| Data Category | Purpose | Legal Basis |
|---|---|---|
| Organisation Details (Name, Address, Registration Number, VAT Number) | To identify the Organisation and fulfill accounting and legal obligations. | Legal obligation |
| Brand Assets (Logo, Fonts, Colour Palette) | To generate branded email signatures and fulfill service delivery. | Contractual obligation |
| User Details (Name, Job Title, Business Contact Info, Gender) | To personalize email signatures and guidance links. | Contractual obligation |
| Billing Contact Information and Invoicing Address | To issue invoices and receipts. | Contractual obligation |
| Support Messages and Attachments | To resolve issues and improve support quality. | Legitimate interest |
| Technical Data (IP Address, Device Type, Browser Information) | To secure, monitor, and maintain the integrity of the service. | Legitimate interest |
Children
We do not knowingly collect data relating to children. Creating accounts on behalf of minors is forbidden under our terms of service.
Legal Bases Under GDPR
We rely primarily on contract performance, legal obligation and legitimate interest. In cases where we rely on legitimate interest we balance our interest with your rights and expect minimal privacy impact.
Stripe Payments
Stripe Payments Europe Ltd processes payment information as an independent controller. Their privacy policy is available at https://stripe.com/se/privacy. Pelatech AB never stores any credit, debit or other card information.
Employee Access and Confidentiality
Access to personal data is strictly limited to authorized personnel who are under confidentiality obligations. All employees handling personal data receive regular training in privacy, data protection, and information security best practices.
How We Store Data
All data is stored in data centres located in the European Economic Area. We implement encryption in transit and at rest, access control and regular security testing.
Retention
We keep personal data only as long as required:
- Content and account data – for the lifetime of the Subscription plus sixty days
- Backups – deleted within seventy five days
- Invoices – retained for seven years as per Swedish Accounting law
Data Sharing
We share data only with subprocessors that are necessary to provide the Service such as hosting providers. A current list is maintained at mailsign.work. Subprocessors are bound by written agreements and process data only on our instructions.
International Transfers
If data is transferred outside the European Economic Area we rely on adequacy decisions or Standard Contractual Clauses.
Identity Verification
To protect your personal data, we may require identity verification before processing any request related to your data rights. This may include requesting additional information to confirm your identity and ensure security.
Your Rights
You may request access, rectification, erasure, data portability, restriction and objection by emailing [email protected]. You also have the right to make a complaint to Integritetsskyddsmyndigheten at imy.se.
Data Processing Agreement
Where the Organisation provides Content that contains personal data, Pelatech AB processes that data on behalf of the Organisation under the terms of service available at mailsign.work.
Changes
We always notify the administrator by email at least thirty days before changes to this Policy take effect.
Cookies and Tracking Technologies
Mailsign does not use cookies or tracking technologies within the SaaS platform itself. However, our public website may use strictly necessary and analytical cookies to improve performance and user experience. For further information, refer to our Cookie Policy (if applicable).
Automated Decision-Making
Mailsign does not engage in any profiling or automated decision-making that produces legal or similarly significant effects on individuals, as defined in Article 22 of the GDPR.
Security Incidents and Breach Notification
In the event of a personal data breach that may pose a risk to your rights and freedoms, we will notify affected individuals and relevant supervisory authorities in accordance with GDPR requirements. We also maintain a documented incident response plan and conduct regular security reviews.
Contact Information
Mailsign is a product from Pelatech AB.
Email: [email protected]
Address: Pelatech AB, Geijersgatan 7B, 411 34 Gothenburg, Sweden