Skip to main content
SignatureAPI complies with the EU General Data Protection Regulation (GDPR) and the UK GDPR where applicable. This page provides a brief overview of what GDPR is and how our compliance commitments are addressed contractually.

What is GDPR?

The General Data Protection Regulation (GDPR) is a data protection law that applies to the processing of personal data of individuals in the European Union and European Economic Area. The UK GDPR is the United Kingdom’s equivalent framework, based on the GDPR and incorporated into UK law following Brexit. Together, these laws establish requirements around lawful processing, data security, transparency, and individual rights.

GDPR at SignatureAPI

When customers use SignatureAPI, they act as the data controller, and SignatureAPI acts as a data processor, processing personal data only on the customer’s documented instructions and to provide the services described in our Terms. Our obligations under EU and UK GDPR—including security measures, subprocessors, international data transfers, and data subject rights assistance—are set out in our Data Processing Addendum.

Data Processing Addendum (DPA)

SignatureAPI’s GDPR commitments are governed by our Data Processing Addendum (DPA), which forms part of our Terms and Conditions. You can review the full DPA here: Data Processing Addendum.