background pattern
MusiSign Logo

MusiSign Privacy Policy

This Privacy Policy explains how Musifacts Europe BV processes personal data when Users access or use MusiSign, including when they create an account, upload Documents, send signature requests, review Documents or apply Electronic Signatures.

1. Controller and contact details

Musifacts Europe BV, Hughersluys 23, 4536 HM Terneuzen, The Netherlands, VATNL858651592B01, phone +31 (115) 785010, email info@musifacts.com, is responsible for the operation of MusiSign. Privacy and legal requests may be sent to info@musisign.com.

2. Roles under GDPR

Depending on the specific use of MusiSign, Musifacts Europe BV may act as a data controller for account, security, audit, operational and business relationship data. Where Users upload Documents or personal data on behalf of their own organisation or another party, Musifacts Europe BV may process that information as a processor or service provider in accordance with applicable instructions and agreements.

3. Personal data we process

We may process the following categories of personal data:

  • account information, such as name, email address, organisation and access rights;
  • Document content and data entered into fields;
  • Recipient information, such as name, email address and signing role;
  • Electronic Signature data and signature images or marks;
  • audit and traceability data, including timestamps, IP address, user agent and events;
  • authentication data, including sessions, CSRF tokens, optional passkeys and 2FA status;
  • integration data from enabled providers, such as SSO identifiers, webhook delivery data, API token metadata, billing references or analytics events;
  • technical logs needed for security, troubleshooting and service operation;
  • support communications and administrative correspondence.

4. Purposes of processing

We process personal data to:

  • provide, operate and secure MusiSign;
  • authenticate Users and manage accounts;
  • send and manage Document workflows;
  • record Electronic Signatures, audit trails and verification evidence;
  • deliver transactional emails and service notifications;
  • support optional SSO, passkeys, 2FA, billing, analytics, APIs and webhooks;
  • prevent abuse, investigate security events and protect legal interests;
  • comply with legal, accounting, audit and regulatory obligations;
  • respond to questions, support requests and legal requests.

5. Legal bases

Processing may be based on performance of a contract, legitimate interests, compliance with legal obligations, consent where required, or other lawful bases available under Regulation (EU) 2016/679 (GDPR) or applicable law.

6. Data location

Documents, metadata, audit records and associated platform data are stored on internal servers located in Europe. Some limited data may be processed by external providers used for email delivery, domain routing, security, backup or operational support, subject to appropriate safeguards.

7. Optional integrations and service providers

The production configuration of MusiSign may enable only some integrations. When enabled, these integrations may process limited data needed for their function:

  • Google OAuth
  • Microsoft OAuth
  • OIDC single sign-on
  • PostHog analytics and feature flags
  • Stripe billing
  • SMTP, SMTP API or MailChannels email delivery
  • database or S3-compatible document storage
  • webhooks and public API integrations

8. Sharing of personal data

Personal data may be shared with Senders, Recipients and authorised Users involved in a Document workflow; service providers supporting operation of MusiSign; professional advisers; public authorities where legally required; or other parties where necessary to protect rights, security or legal interests.

9. Retention

Personal data is retained for as long as necessary to provide MusiSign, maintain signed Documents and audit trails, meet legal obligations, preserve evidence, resolve disputes and support business records. Retention periods may vary depending on the type of Document, applicable laws and the relevant business relationship.

10. Security

Musifacts Europe BV applies technical and organisational measures designed to protect personal data, including access controls, encrypted transport, audit records, traceability features, system monitoring and controlled administrative access. No system can be guaranteed to be completely secure.

11. Your rights

Subject to applicable law, individuals may have rights of access, rectification, erasure, restriction, objection, portability and withdrawal of consent. Requests can be sent to info@musisign.com. We may need to verify identity and assess whether the request affects legal retention of signed Documents or audit evidence.

12. International transfers

Where personal data is transferred outside the European Economic Area, Musifacts Europe BV will rely on appropriate safeguards where required, such as adequacy decisions, standard contractual clauses or other mechanisms recognised by applicable data protection law.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Updated versions will show a version number, effective date and last updated date.

Privacy Policy • Version 1.0 • Effective date: 4 July 2026 • Last updated: 4 July 2026

This legal page forms part of the MusiSign Legal & Compliance documentation.