Chaindoc logoChaindoc

Privacy Policy

How Chaindoc processes personal data in the course of delivering blockchain-backed document workflows.

Our role

Chaindoc acts as a data processor for documents, signatures, and audit trails that customers upload to the platform. We operate as a data controller only for account administration, product analytics, and marketing activities.

Information we collect

Account data

  • Workspace details, billing contacts, and administrator credentials.
  • Authentication data required to enforce multi-factor policies and device trust.

Transaction data

  • Document metadata (file names, MIME types, expiry windows) and encrypted signature payloads.
  • Immutable blockchain hashes that confirm a document's state at the time of signing.
  • System logs describing who initiated, viewed, or completed a signing workflow.

Platform telemetry

  • Aggregated performance metrics (API latency, webhook delivery success, template usage).
  • Product feedback submitted through in-product surveys or support interactions.

How we use personal data

  • Operate secure document preparation, signing, and archival features.
  • Generate auditable trails and notarisation records that satisfy regulatory requirements.
  • Provide customer support, incident response, and service notifications.
  • Improve the reliability and usability of Chaindoc through privacy-friendly analytics.

Legal bases

Chaindoc processes data on the basis of contract performance (providing e-signature services), legitimate interest (maintaining security, preventing fraud, and improving reliability), and consent (marketing communications where required).

Retention and blockchain considerations

  • Workspace data is retained for the lifetime of the subscription plus any legally mandated retention period.
  • Customers may export or delete documents at any time; associated blockchain hashes remain immutable but no longer reference any readable content.
  • Backup archives reside in encrypted, access-controlled storage with automatic deletion schedules.

Security controls

We apply layered protections including hardware-backed encryption, dedicated signing enclaves, continuous vulnerability scanning, and independent audits (SOC 2 Type II, ISO/IEC 27001). Access to production systems is limited to vetted personnel using least-privilege principles.

Your rights

Depending on your jurisdiction, you may request access, correction, deletion, restriction, or portability of the personal data we hold. Submit requests to privacy@chaindoc.com and we will respond within applicable regulatory timelines.

Sub-processors

Chaindoc uses vetted infrastructure and service sub-processors (for example AWS, Cloudflare, Intercom) to deliver the platform. A current list with data residency details is available in the admin console or on request from our privacy team.

Contact

Questions about this policy or our data protection programme can be sent to privacy@chaindoc.com or to our EU representative listed in the Chaindoc Trust Center.