Privacy Policy
This policy explains how Signatures Media Ltd ("we", "us", "our") collects and uses personal data when you visit signatures.com (the "Site") or use our tools. We are the data controller for that data. We are committed to handling your information in line with the UK GDPR, the Data Protection Act 2018 and, where it applies to visitors in the EEA, the EU GDPR.
1. Who we are
signatures.com is operated by Signatures Media Ltd, a company registered in England and Wales (company number 17150339), with its registered address at 17 Cabul Road, London, England, SW11 2PR. We are registered with the UK Information Commissioner's Office (ICO) under registration number ZC162258. Signatures Media Ltd is the controller responsible for your personal data.
For any question about this policy or your personal data, contact us at privacy@signatures.com. This is the best way to reach us for all data protection enquiries, including requests to exercise your rights (such as access, correction or deletion) and complaints. We aim to acknowledge enquiries promptly and to respond within one month in line with data protection law.
2. The personal data we collect
We collect only the data we need to run the Site, answer you, and improve our content. We collect personal data directly from you when you interact with the Site and do not obtain personal data about you from third-party sources.
Information you give us
We collect personal data directly from you and automatically from your use of the Site. We do not obtain personal data from third-party data brokers.
- Contact enquiries. When you use our contact form or email us, we collect your name, email address and the contents of your message. We require this information to respond to your enquiry and communicate with you.
- Newsletter sign-ups. If you subscribe to updates, we collect your email address and your consent record. Subscription requires a clear affirmative opt-in and you will receive a confirmation email where applicable.
- Email signature generator. When you use this tool, the contact details you type (such as your name, job title, company, email, phone numbers and social media links) are processed in your browser to build your signature. We do not store that text on our servers. However, any image you upload (a profile photo, company logo or banner) is uploaded to and stored on our content server so that it can be hosted at a public URL and displayed inside your email signature. A profile photo may show your face and is therefore personal data. Uploaded images may be accessible to anyone with the link. This hosting is solely to enable the functionality of the email signature tool. You should only upload images you have the right to use and share.
Information we collect automatically and with your consent
This data is collected automatically when you access the Site.
- Server and security logs. We automatically collect limited technical data such as your IP address, browser type, device information, requested pages and timestamps. This is necessary to operate the Site, maintain its security and prevent misuse. We rely on our legitimate interests in ensuring the security and proper functioning of the Site.
- Analytics (with your consent). If you consent to analytics cookies, we use Google Analytics 4 to understand how users interact with the Site, such as pages viewed, time on page, referring sources, approximate location and device type. These analytics cookies are non-essential and are only set after you give consent through our cookie consent mechanism. For further details about the cookies we use, including their purpose and how to manage your preferences, please see our Cookie Policy.
We do not deliberately collect special category data (such as health, religion or political views) and we ask that you do not include such information when contacting us or using the Site. The Site is not directed at children, and we do not knowingly collect data from anyone under 16. If we become aware that we have collected personal data from a child in a manner that is not compliant with applicable data protection law, we will take steps to delete it.
3. Why we use your data, and our lawful basis
Under the UK GDPR we must have a lawful basis for each use of your personal data. Our bases are:
| What we do | Data used | Lawful basis |
|---|---|---|
| Respond to your enquiries and provide support | Name, email, message | Legitimate interests (to respond to enquiries and manage communications); and, where applicable, steps taken at your request prior to entering into a contract |
| Provide the email signature generator and host images you upload | Uploaded images | Performance of a service requested by you, and legitimate interests (to operate and maintain the functionality of the tool) |
| Send you our newsletter | Email address | Consent (you can withdraw at any time) |
| Measure and improve our content | Analytics data | Consent (analytics cookies) |
| Track referrals through affiliate links | Online identifiers and interaction data collected through cookies or similar technologies | Consent (via cookies or similar technologies) |
| Keep the Site secure and prevent abuse | Server/security logs | Legitimate interests (to ensure network and information security and prevent fraud or misuse) |
| Comply with our legal obligations | As required | Legal obligation |
Our legitimate interests include operating and improving the Site, providing our tools and content, and ensuring the security of our systems.
Legitimate interests
We have considered the impact on your rights and freedoms and do not consider our interests override them. In particular, we have assessed whether the processing is necessary and proportionate and whether less intrusive means are available.
Where we rely on legitimate interests, we have considered whether those interests are overridden by your interests and rights. You can object to processing at any time on grounds relating to your particular situation - see "Your rights" below. Where we rely on consent, you can withdraw it at any time without affecting processing carried out before withdrawal.
4. Who we share your data with
We do not sell your personal data. We share it only with carefully selected service providers ("processors") who help us run the Site, and only as needed. These currently include:
- Hosting & infrastructure - Amazon Web Services (AWS), including Amazon RDS (database) and Amazon CloudFront (content delivery), in the eu-west-2 (London) region.
- Analytics - Google LLC (Google Analytics 4), which processes personal data on our behalf where you have provided consent to analytics cookies.
- Newsletter - Brevo, which processes your email address on our behalf to send communications where you have subscribed.
- Email - Google Workspace (Gmail), used to receive and reply to your enquiries.
- Affiliate networks - when you click an affiliate link, the destination merchant or its affiliate network may process data on its own systems as an independent controller in accordance with its own privacy policy. See our Affiliate Disclosure and Cookie Policy.
Each processor acts under a written contract that requires them to act only on our instructions and to implement appropriate technical and organisational measures to protect your personal data. We may also disclose personal data where required by law, including to regulators, courts or law enforcement authorities, to establish or defend legal claims, or in connection with a merger, acquisition, sale or reorganisation of our business.
5. International transfers
Some of our providers (for example Google) are based in, or process data in, countries outside the UK and EEA, including the United States. Our newsletter provider, Brevo, is based in the European Union. Where personal data is transferred outside the UK/EEA, we ensure that an appropriate level of protection is afforded to it in accordance with UK data protection law. This includes relying on a safeguard recognised by law, such as UK "adequacy" regulations (including the UK-US Data Bridge where applicable and the provider is certified), the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or EU Standard Contractual Clauses. Where the safeguards are used, we take steps to assess whether they are effective in practice. You can ask us for further information about the safeguards that we rely on by contacting us.
6. How long we keep your data
We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory and reporting requirements.
- Contact enquiries - kept for up to 24 months after our last contact with you, then deleted.
- Uploaded signature images - because a hosted image must stay available for your email signature to keep displaying, we retain it until you ask us to delete it. To request deletion at any time, email privacy@signatures.com. We may also periodically review and remove images that are no longer in active use.
- Newsletter - kept until you unsubscribe.
- Analytics - retained for 14 months in line with our Google Analytics retention setting; this data is typically aggregated and does not directly identify you; aggregate reports may be kept longer.
- Server/security logs - kept for around 90 days for security and diagnostics.
7. Cookies and similar technologies
We use a small number of strictly necessary cookies to enable the operation and security of the Site, and - only with your consent - analytics cookies. We do not use advertising or cross-site tracking cookies. Any cookies or similar technologies that are not strictly necessary are only placed on your device after you have given your consent through our cookie consent mechanism. You can give or withdraw consent at any time using the "Cookie settings" link in the footer. Full details are in our Cookie Policy.
8. Automated decision-making
We do not carry out automated decision-making or profiling that produces legal effects, or similarly significant effects on you, within the meaning of applicable data protection law.
This means we do not make decisions about you solely by automated means that could significantly affect your rights, for example decisions that impact your legal position, financial circumstances or access to services.
We may use limited analytics tools to understand how users interact with the Site, but this does not involve profiling individuals in a way that has a significant effect on them.
9. How we protect your data
We use appropriate technical and organisational measures to protect your data, taking into account the nature, scope, context and purposes of the processing and the risks to individuals' rights and freedoms, including encryption in transit (HTTPS/TLS), access controls, and limiting access to the staff and providers who need it.
We also implement measures such as data minimisation and, where appropriate, pseudonymisation. No method of transmission or storage is completely secure, but we take reasonable steps to protect your information and to notify the ICO and affected individuals where the law requires it following a personal data breach.
10. Your rights
If you are in the UK or EEA, you have the right to:
- be informed about how we use your data (this policy);
- access a copy of the personal data we hold about you;
- have inaccurate data corrected;
- have your data erased in certain circumstances ("right to be forgotten");
- restrict or object to our processing, including the right to object to processing based on legitimate interests on grounds relating to your particular situation;
- data portability, where processing is based on consent or a contract and carried out by automated means;
- withdraw consent at any time, where we rely on consent. You can withdraw your consent at any time using the relevant settings or by contacting us.
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) - see the "Complaints" section below for details.
To exercise any of these rights, email privacy@signatures.com. We will respond within one month. There is normally no charge. We may need to verify your identity first. In certain circumstances permitted by law, we may extend the response period or decline to act on a request, in which case we will explain our reasons.
11. Complaints
We hope to resolve any concern you raise. If you have a concern about how we handle your personal data, please contact us first using the details above so we can try to resolve it.
You have the right to lodge a complaint with the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113. If you are in the EEA, you may complain to your local supervisory authority.
We aim to acknowledge data protection complaints promptly and to respond within a reasonable timeframe in line with our legal obligations.
12. Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the "last updated" date above. Where changes are material, we will take appropriate steps to bring them to your attention and, where required, seek your consent. Please check back periodically.
13. Contact us
Signatures Media Ltd
17 Cabul Road, London, England, SW11 2PR
Privacy enquiries: privacy@signatures.com
All data-protection enquiries, including requests to exercise your rights, should be sent to this address.