Privacy Policy

    Last Modified: 08/07/2026

    Welcome to Signit. This Privacy Policy describes how we collect, use, store, or otherwise process personal information and personal data that you may provide to us through using our website and associated services (collectively the "Services").

    We refer to any information that can identify an individual, directly or indirectly, as "Personal Information".

    We shall process and protect your Personal Information in accordance with this Privacy Policy and the Saudi Personal Data Protection Law ("PDPL").

    1. About this Privacy Policy

    Signit for Information Systems Technology, a company incorporated in the Kingdom of Saudi Arabia, acts as the data controller for Personal Information processed under this Privacy Policy, except where we act on behalf of our customers as a data processor. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.


    2. Updates and Amendments

    We reserve the right to update or modify this Privacy Policy at our discretion. Any changes will be posted on our website with an updated revision date. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy. We will endeavor to notify you of significant changes in advance through the contact information you have provided.


    3. Collection of Information

    3.1 Personal Information

    We collect information that identifies you ("Personal Information") when you interact with our Services, including but not limited to:

    • Contact details such as name, email address, and phone number
    • Account details for accessing our Services
    • Payment and billing information for processing transactions
    • Electronic signature data and document interaction histories
    • Usage data, including how you use our Services, IP addresses, and device information

    In addition to the information we collect from you directly, we may also receive information about you from other sources.

    3.2 Cookies and Third-Party Tracking

    We use cookies and similar tracking technologies to enhance your browsing experience and analyze service usage.


    4. Role of Signit

    Depending on the nature of the Services:

    • (a) Signit acts as a Data Controller for Personal Information collected directly from users (such as account information, billing details, and usage data);
    • (b) Signit acts as a Data Processor when processing Personal Information contained in documents uploaded or managed by customers through the Services.

    In such cases, the customer is the Data Controller and remains responsible for ensuring that Personal Information is processed in compliance with applicable laws.


    5. Use and Processing of Personal Information

    5.1 We collect and use your information for several key purposes, designed to enhance your experience and ensure the smooth operation of our Services. Specifically, we use your information to:

    • Enhance Service Delivery: To continuously provide, maintain, and improve the services you rely on. This includes tailoring our offerings to meet your needs more effectively.
    • Process Transactions: To manage transactions efficiently and communicate with you about your account details and updates related to our Services.
    • Customer Support: To offer timely and helpful customer service, responding to your inquiries and supporting your needs.
    • Marketing and Promotions: To inform you about new features, promotions, and other services we believe might interest you.
    • Legal Compliance: To adhere to our legal obligations, enforce our terms, and protect both your rights and ours under the law, in compliance with the Saudi Personal Data Protection Law (PDPL).

    We endeavor to collect only such Personal Information that is reasonably necessary to perform the Services for you or to respond to your inquiries. You are responsible for ensuring that the data you provide is accurate, complete, and current. We will take reasonable steps to ensure that the Personal Information we collect and use is relevant to its intended use.

    5.2 We process Personal Information in accordance with the Saudi Personal Data Protection Law (PDPL) based on one or more of the following legal bases:

    • (a) Your Consent: where you have provided clear consent for specific processing activities;
    • (b) Contractual Necessity: where processing is required to provide the Services or perform our contractual obligations to you;
    • (c) Legal Obligation: where processing is necessary to comply with applicable laws and regulations;
    • (d) Legitimate Interests: where processing is necessary for our legitimate business interests, provided such interests do not override your fundamental rights.

    5.3 We may use artificial intelligence ("AI") features to support functionalities such as contract drafting, review, summarization, search, and metadata extraction. Where such features involve the processing of Personal Information, we do so solely for the purpose of providing the Services and in accordance with applicable laws and our customer agreements. For more information on how we handle AI-related processing, please refer to our AI Trust & Security Policy.


    6. Personal Information Sharing

    We may share your information that we collect, store, and process in the following circumstances:

    • With Your Permission: Share your data with third parties when you've explicitly agreed.
    • For Legal Reasons: Share information to comply with laws, or to respond to legal processes and potential threats to safety.
    • With Service Providers: Work with partners who help us deliver and improve our services, under strict privacy agreements.
    • During Business Changes: Transfer information as part of any merger, acquisition, or sale of company assets, ensuring continuity of service.
    • For Marketing: Collaborate on marketing activities that might interest you, with your consent.

    7. Cross-Border Transfers

    We store and process your Personal Information within the Kingdom of Saudi Arabia in accordance with local regulations to ensure the confidentiality, availability, and integrity of your data.

    Where it is necessary to transfer Personal Information outside the Kingdom, such transfers will be conducted in accordance with the PDPL and its Implementing Regulations, including ensuring:

    • (a) the transfer is permitted under applicable laws;
    • (b) appropriate safeguards are in place to protect Personal Information; and
    • (c) the transfer does not adversely affect national security or vital interests of the Kingdom of Saudi Arabia.

    We take all reasonable steps to ensure that transferred Personal Information remains adequately protected.


    8. Retention of Your Personal Information

    We retain Personal Information only for the period necessary to serve the purposes mentioned in this Privacy Policy, meet our legal requirements, address disputes, and uphold our agreements. Retention periods may vary depending on the nature of the data and applicable obligations.

    When such information is no longer required for these purposes, including upon termination of your account or cessation of your use of the Services, or where required by applicable law, we will take reasonable steps to securely delete or anonymize your data, unless retention is required by applicable law or for legitimate business purposes.


    9. Security

    9.1 Security Measures

    We have implemented security measures (certified by the ISO 27001 standard) intended to prevent your Personal Information from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We periodically review our information collection, storage and processing practices, including technical and organizational measures, to guard against unauthorized access to systems.

    Access to customer data by our employees is restricted and monitored, with access granted only when necessary for the provision of Services, under strict confidentiality requirements.

    Your Account is protected by your Account password. We advise you to secure your Personal Information by not disclosing your username and password and by logging out of your Account after each use. You acknowledge and agree that the internet is not a completely secure environment and that we are not responsible for any failure in securing your Personal Information from being lost, used, or accessed in an unauthorized way, altered, or disclosed.

    9.2 Incident Response

    In the event of a personal data breach that may result in harm to Personal Information or to data subjects, we will take appropriate measures in accordance with the PDPL, including:

    • (a) notifying the competent authority where required; and
    • (b) notifying affected individuals where the breach is likely to cause significant harm.

    We will act promptly to investigate, mitigate, and remediate any such incidents.


    10. Your Privacy Rights

    You hold control over your personal information with us, and in accordance with the PDPL, you have the following rights regarding your personal data:

    • Right of Access: You can request access to your personal data.
    • Right to Rectification: You can request the correction of inaccurate data.
    • Right to Deletion: You can request the deletion of your personal data under certain circumstances.
    • Right to Object: You can object to certain types of processing, such as direct marketing.
    • Right to Restriction: You can request that we limit the processing of your personal data.

    To exercise these rights, please contact us at hala@signit.sa. We will verify your identity and respond within the timeframes required by the PDPL.


    11. Children's Privacy

    Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children without parental consent. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete the information as soon as possible.


    12. Language and Translations

    We may provide translations of the Privacy Policy. Translations are provided for informational purposes and if there is an inconsistency or conflict between a translation and the Arabic version, the Arabic version shall prevail.


    13. Complaints

    We are committed to resolving valid complaints about our processing of your Personal Information promptly, fairly, and confidentially. If you have a concern or complaint, please contact us at hala@signit.sa with "Privacy Complaint" in the subject line, and we will respond within a reasonable timeframe.


    14. Contact Us

    If you have any questions about the Services and the Privacy Policy, or other inquiries, please contact us at hala@signit.sa. We will respond to any such request in a timely manner.