SignImage to PDFCompressConvertCounter
Legal

Privacy Policy

This Privacy Policy explains how Akrinum OÜ processes personal data in connection with eDocu.

Last updated: 6 May 2026

1. Controller and contact details

The controller responsible for processing your personal data in connection with eDocu is:

  • Akrinum OÜ
  • Registration code: 16014688
  • VAT ID: EE102717822
  • Registered office: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia
  • Email: contact@akrinum.com

We process personal data in accordance with the EU General Data Protection Regulation (“GDPR”) and other applicable data protection laws.

2. Scope of this Policy

This Policy applies when you visit the eDocu website, use our browser-based document tools, interact with our analytics and tracking systems, create an account if account functionality is available, purchase a paid plan if offered, receive emails from us, or contact us for support.

This Policy does not apply to third-party websites or services that may be linked from eDocu.

3. Browser-based document processing

eDocu is designed so that core document actions, such as loading a PDF or image, adding a visual signature, and downloading the result, run in your browser. In the standard free signing flow, we do not intentionally upload your document files to our server.

Your browser, device, operating system, extensions, or network may still create temporary technical copies, caches, previews, or logs outside our control. You should avoid using eDocu for documents that require certified e-signature workflows, regulated identity verification, or strict document management obligations.

If we later offer optional cloud features, such as saved document history, templates, shared signing workflows, or account-based storage, those features may require uploading and storing document content. We will provide additional information in the product before such features are used.

4. Categories of personal data

We may process the following categories of personal data:

  • Visitor and session data: anonymous or pseudonymous visitor identifiers, session identifiers, page views, referrer URLs, timestamps, browser language, timezone, viewport size, device and browser information, IP address, and approximate country or location inferred from IP address or hosting provider headers.
  • Usage event data: actions within eDocu, such as selecting a file type, loading a document, creating a signature, placing a signature, clicking download, completing a download, opening a tool, or interacting with pricing or account prompts.
  • Account data: if accounts are available, name, email address, password hash, saved preferences, saved signatures or initials, company name, and similar information you provide.
  • Payment and billing data: if paid plans are available, billing address, VAT number, subscription status, invoice details, and limited payment information. Full payment card details are handled by our payment providers and are not stored by us.
  • Support and communication data: messages you send us, support requests, feedback, bug reports, and your communication preferences.
  • Cookie and local storage data: identifiers and preferences stored in cookies, localStorage, sessionStorage, or similar browser technologies.

We avoid collecting document names and document content in our analytics where possible because documents may contain sensitive personal, legal, financial, or business information.

5. Purposes and legal bases

We process personal data for the following purposes and legal bases:

  • Providing and operating eDocu – to make the website and browser-based tools available, process actions in the interface, and provide core functionality.
    Legal basis: performance of a contract or steps prior to entering into a contract (Article 6(1)(b) GDPR), and our legitimate interests in operating the Service (Article 6(1)(f) GDPR).
  • Analytics and product improvement – to understand which tools are used, where users drop off, which traffic sources are useful, and how to improve reliability, performance, privacy, and usability.
    Legal basis: our legitimate interests in improving the Service (Article 6(1)(f) GDPR), or consent where required by applicable law.
  • Security, abuse prevention, and debugging – to detect misuse, prevent fraud, protect the Service, investigate errors, and maintain system logs.
    Legal basis: legitimate interests in protecting the Service and users, and compliance with legal obligations (Article 6(1)(f) and 6(1)(c) GDPR).
  • Accounts and saved features – to create and manage accounts, authenticate users, save signatures, templates, settings, and similar account-based features if offered.
    Legal basis: performance of a contract (Article 6(1)(b) GDPR).
  • Billing and accounting – to process payments, manage subscriptions, issue invoices, and keep mandatory tax and accounting records if paid plans are offered.
    Legal basis: performance of a contract and compliance with legal obligations (Article 6(1)(b) and 6(1)(c) GDPR).
  • Customer support – to answer questions, investigate issues, and respond to requests.
    Legal basis: performance of a contract and legitimate interests in providing support (Article 6(1)(b) and 6(1)(f) GDPR).
  • Marketing communications – to send product updates, feature announcements, offers, or onboarding emails where permitted.
    Legal basis: legitimate interests in promoting and developing our business, or consent where required (Article 6(1)(f) or 6(1)(a) GDPR). You can opt out at any time.
  • Legal compliance – to comply with laws, regulations, court orders, and requests from public authorities.
    Legal basis: compliance with legal obligations (Article 6(1)(c) GDPR).

6. Cookies, localStorage, and sessionStorage

eDocu may use cookies, localStorage, sessionStorage, and similar technologies to operate the Service, remember preferences, maintain sessions, and measure usage.

For public product analytics, we may store a pseudonymous visitor_id in localStorage and a session_id in sessionStorage. These identifiers help us understand repeat visits and user flows without requiring an account.

You can control cookies and site storage through your browser settings. Blocking or deleting storage may reset your visitor or session identifiers and may affect some features.

7. Analytics and country detection

We may collect analytics events and technical metadata to measure how eDocu is used. We may also infer your approximate country from your IP address or from infrastructure headers provided by hosting or proxy services. This helps us understand traffic quality, product demand, and potential abuse.

We do not use analytics events to intentionally collect document content. For example, we may record that a PDF was loaded or that a download was completed, but we should not need the contents of that PDF for analytics.

8. Recipients and data sharing

We do not sell your personal data. We may share personal data with the following categories of recipients:

  • Service providers and processors – such as hosting providers, analytics tools, email delivery services, payment processors, infrastructure providers, and support tools that help us operate eDocu.
  • Professional advisers – such as lawyers, accountants, and auditors, where necessary for our legitimate interests and legal obligations.
  • Public authorities – where required by law or to protect our rights, users, or third parties.
  • Business transfers – in connection with a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred subject to appropriate safeguards.

9. International data transfers

Some of our service providers may be located outside the European Economic Area (“EEA”). Where personal data is transferred outside the EEA, we will ensure that appropriate safeguards are in place, such as an adequacy decision by the European Commission or standard contractual clauses approved by the European Commission, supplemented by additional measures where necessary.

10. Data retention

We retain personal data only for as long as necessary for the purposes described in this Policy, or as required by law.

  • Visitor, session, and analytics data: retained for a limited period needed to understand usage, improve the Service, debug issues, and prevent abuse. We may aggregate or anonymise analytics data for longer-term product analysis.
  • Account data: retained for the lifetime of your account. If you close your account or it becomes inactive, relevant data is deleted or anonymised subject to legal retention obligations.
  • Billing and payment data: retained for the period required by applicable accounting and tax laws.
  • Support and communication data: retained for as long as necessary to resolve your request and for a reasonable period thereafter for reference, dispute resolution, and service improvement.
  • Logs and security data: retained for a limited period appropriate for security monitoring and incident investigation.

11. Your rights under GDPR

If you are in the EEA, the UK, or another jurisdiction with similar rights, you may have the following rights with respect to your personal data:

  • Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy.
  • Right to rectification: to have inaccurate or incomplete personal data corrected.
  • Right to erasure: to request deletion of your personal data in certain circumstances.
  • Right to restriction: to request that we restrict processing in certain cases.
  • Right to data portability: to receive personal data you provided in a structured, commonly used, and machine-readable format.
  • Right to object: to object to processing based on our legitimate interests, including processing for direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.

You can exercise your rights by contacting us at contact@akrinum.com. We may need to verify your identity before responding to your request.

12. Complaints and supervisory authority

If you believe that we are processing your personal data in violation of data protection laws, you have the right to lodge a complaint with your local supervisory authority. In Estonia, the supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).

13. Security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. However, no online service can be completely secure, and we cannot guarantee absolute security.

14. Children

eDocu is not intended for children under 18 years of age. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us so that we can take appropriate steps.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our processing activities, legal obligations, or business practices. When we make material changes, we will update the “Last updated” date at the top of this page and may provide additional notice where appropriate.

Your continued use of eDocu after changes become effective constitutes your acknowledgment of the updated Policy.

16. Contact

If you have any questions or concerns about this Privacy Policy or our data protection practices, please contact us at contact@akrinum.com.