GDPR

Data in Europe, privacy first

SignDeal is a Spanish company with servers exclusively in the European Union. Your data never leaves European territory.

Servers in Frankfurt, EU
Spanish company (Barcelona)
Reg. (EU) 2016/679
Create free accountContact DPO
GDPR Compliant

100% EU Cloud

EU

SignDeal servers are located in AWS Frankfurt (eu-central-1), within the European Union. As a Spanish company registered in Barcelona (DIPLEO TECHNOLOGIES, S.L.), all customer data is processed and stored exclusively within European territory, ensuring GDPR compliance by design.

We do not make international data transfers outside the European Economic Area without the appropriate safeguards established in Chapter V of the GDPR.

Privacy by design

GDPR is embedded in SignDeal's architecture from day one — not bolted on afterwards.

Data minimization

We only collect data strictly necessary for the signing process. No unnecessary tracking, no advertising profiling.

Full transparency

We clearly inform what data we process, for what purpose and for how long. Privacy policy always accessible.

Technical security

AES-256 encryption at rest and TLS 1.3 in transit via AWS. Strict access controls and security practices aligned with SOC 2 Trust Services Criteria.

Data in the EU

Infrastructure exclusively in European territory. No transfers to the US or third countries without adequate safeguards.

Data subject control

Signatories retain full control over their data: access, rectification, erasure and portability guaranteed.

Breach notification

Documented incident response procedure. Notification to supervisory authority within 72 hours when required.

Data subject rights

The GDPR grants European citizens clear rights over their data. SignDeal makes them easy to exercise.

Right of access

You can request at any time what personal data we process about you and obtain a copy.

Right to rectification

If any data is inaccurate or incomplete, you can request its correction immediately.

Right to erasure ("right to be forgotten")

You can request deletion of your data when it is no longer necessary for the purpose for which it was collected.

Right to data portability

You will receive your data in a structured, commonly used, machine-readable format to transfer to another provider.

To exercise any of these rights, write to us at [email protected]

Data Processing Agreement (DPA)

Article 28 of the GDPR requires data controllers to enter into a Data Processing Agreement (DPA) with their processors. SignDeal acts as data processor when processing signature data on behalf of its business customers.

Our standard DPA is available to all Business and Enterprise plan customers. It includes the Standard Contractual Clauses (SCCs) approved by the European Commission for any international transfer that may be necessary.

Request DPA

EU Cloud advantages

Server locationAWS Frankfurt (eu-central-1)
Data controllerDIPLEO TECHNOLOGIES, S.L. — Barcelona
Supervisory authorityAEPD (Spain)
Latency for EU usersOptimized — < 50 ms
Transfers outside EUNone — data always in the EU
Legal basisContract performance · Legitimate interest

Privacy questions?

Our Data Protection Officer is available to answer any questions about GDPR compliance, request the DPA, or exercise your rights.

[email protected]View privacy policy

Standards & compliance

Infrastructure certifications belong to our cloud provider, AWS.

SOC 2 Security FrameworkSOC 2 AlignedHIPAA-ready eSignatureHIPAA Ready
GDPR CompliantGDPR
eIDAS
ISO 27001 Information SecurityISO 27001 (AWS)

© 2026 DIPLEO TECHNOLOGIES, S.L. All rights reserved.

PrivacyLegal NoticeCookies