Privacy Policy

Welcome to eSignRight, an e-signing platform proudly provided by OnBlick Inc. ("we," "our," or "us"). At eSignRight, we are deeply committed to protecting your privacy and handling your personal information with the utmost transparency, integrity, and care. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you access and utilize our e-signing platform, eSignRight (the "Service").

We encourage you to read this Privacy Policy carefully to understand our practices regarding your information and how we will treat it. By accessing or using the Service, you signify your acceptance of the terms outlined in this Privacy Policy. If you do not agree with these terms, please do not use the Service.

1.About OnBlick Inc. and eSignRight

OnBlick Inc. is the parent company and provider of the eSignRight platform. Our mission is to provide a secure, efficient, and legally compliant solution for electronic signatures and document management. This Privacy Policy applies to all information collected through eSignRight and any related services provided by OnBlick Inc.

2.Collection of Personal Information

To provide you with our comprehensive e-signing services, we collect various categories of information. The specific types of information collected depend on your interactions with the Service and the features you choose to utilize.

2.1 Information You Provide Directly to Us

We collect information that you voluntarily provide when you interact with our Service. This includes:

• Account and Profile Data: When you create an account, we collect your full name, email address, password, company name (if applicable), and contact information. You may also choose to provide additional profile details.
• Document Content Data: As an e-signing platform, the core of our Service involves processing your documents. We collect and store the content of documents you upload, send, receive, and sign through the Service. This includes all textual content, images, digital signatures, annotations, and any other data embedded within those documents. We process this data solely to facilitate the e-signing process and provide the functionality of the Service.
• Communication Data: Information you provide when you communicate with us, such as customer support inquiries, feedback, survey responses, or direct correspondence.
• Payment and Billing Data: If you subscribe to paid features or make purchases, we collect necessary billing information, such as your billing address and payment method details. For your security, full payment card numbers are processed directly by secure third-party payment processors, and we do not store them on our servers.
• Identity Verification Data (when applicable): For certain advanced security or compliance features, we may ask you to provide information necessary for identity verification, such as images of government-issued IDs, or biometric data (e.g., facial scan for live detection). This is only done with your explicit consent for specific transactions.

2.2 Information Collected Automatically (via Technology)

When you access and use the Service, our systems automatically collect certain information:

• Technical and Usage Data: Our servers automatically record information about how you access and use the Service. This includes your Internet Protocol (IP) address, browser type, operating system, unique device identifiers, referring/exit pages, access times, clickstream data, and information about the features you use and the duration of your activities. This information helps us understand user behavior to improve the Service.
• Transaction and Audit Trail Data: To ensure the legal validity, integrity, and non-repudiation of e-signatures, we collect detailed information related to e-signing transactions. This includes timestamps of actions (e.g., viewing, signing), IP addresses of participants, device information used for signing, and comprehensive audit trails that record every step of the signing process.
• Geolocation Data: For enhanced security, fraud prevention, compliance, and auditing purposes, we may collect geolocation data (e.g., precise location information based on your device’s GPS, IP address, Wi-Fi, or cellular network information) at the time of a signing event. We collect this data only with your explicit consent, typically granted through your device's location services. This data helps us verify the location of signing events and enhances the security and legal defensibility of transactions.
• Camera Access Data: To facilitate certain security or identity verification features during the signing process (e.g., capturing a photo for audit trails, visual identity confirmation, or government-issued ID verification), our Service may request camera access. We only access your camera with your explicit consent and for the specific, defined purpose of the feature you are using. Any images or videos captured are stored securely as part of the transaction audit trail or for identity verification, in accordance with applicable laws.
• Cookies and Tracking Technologies: We use cookies, web beacons, tracking pixels, and similar technologies to collect information, remember your preferences, analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our user base. For more details, please refer to our dedicated Cookie Notice.

2.3 Information from Third Parties

In certain circumstances, we may receive information about you from third parties, such as:

• Partners and Integrations: If you use third-party applications or services that integrate with eSignRight, we may receive information about you from those services as authorized by you.
• Publicly Available Sources: We may collect information from publicly accessible sources to verify identities or for marketing purposes.

3.Use and Lawful Bases for Processing Personal Information

We use the information we collect for various purposes, primarily to provide and improve our Service. Our legal bases for processing your personal information include:

• Contractual Necessity: To fulfill our obligations under the Terms of Service with you, for example, to process e-signatures, manage your account, and deliver the core functionality of eSignRight.
• Legitimate Interests: For our legitimate business interests, provided these do not override your fundamental rights and freedoms. This includes:
  • Improving, maintaining, and analyzing the performance of the Service.
  • Ensuring the security, integrity, and legal validity of transactions.
  • Preventing fraud and enforcing our terms.
  • Communicating with you about service updates, security alerts, and support.
  • Personalizing your experience on the Service.
• Consent: Where required by law, or for specific activities like sending marketing communications (if you have opted in) or collecting sensitive data (like geolocation or camera access for specific features), we will obtain your explicit consent. You have the right to withdraw your consent at any time.
• Legal Obligation: To comply with applicable laws, regulations, legal processes, or governmental requests.

Specifically, we use your information to:

• Provide and Operate the eSignRight Service: To enable you to upload, send, receive, review, and e-sign documents, and to manage your account and stored documents.
• Ensure Security and Integrity: To verify your identity, detect and prevent fraud, enforce our Terms of Service, and maintain the security and legal validity of e-signatures and documents, utilizing transaction data, IP addresses, geolocation, and camera data where applicable.
• Communicate Effectively: To send you essential service-related announcements, technical notices, updates, security alerts, and support messages. We may also send promotional communications if you have consented to receive them.
• Process Payments: To process transactions for paid subscriptions or services.
• Improve and Personalize the Service: To monitor and analyze usage and trends, conduct research, develop new features, and tailor your experience based on your preferences.
• Customer Support: To provide effective customer support and respond to your inquiries.
• Comply with Legal and Regulatory Requirements: To fulfill our legal obligations and respond to lawful requests from public authorities.

4.Disclosure of Personal Information

We may disclose your information to third parties in the following situations, always with appropriate safeguards:

• With Other Users: As inherent to an e-signing platform, your name and email address, along with certain document actions, will be visible to other participants in a signing workflow.
• Service Providers and Sub-processors: We share your information with trusted third-party vendors and service providers who perform services for us or on our behalf. These include:
  • Data hosting and cloud storage providers.
  • Payment processing services.
  • Customer support and communication platforms.
  • Analytics and marketing service providers.
  • IT and system administration service providers.
  • These service providers are contractually bound to protect your data and are restricted from using your personal information for any purpose other than providing the services requested by OnBlick Inc.
• Affiliates (OnBlick Inc. Group): We may share your information with other companies within the OnBlick Inc. group, for purposes consistent with this Privacy Policy, such as internal administration, consolidated reporting, and providing shared services.
• Legal Compliance and Protection: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: (a) comply with a legal obligation, such as a subpoena, court order, or governmental request; (b) protect and defend our rights or property, including the security and integrity of the Service; (c) act in urgent circumstances to protect the personal safety of users of the Service or the public; or (d) protect against legal liability.
• Business Transfers: In the event of a merger, acquisition, divestiture, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any such change in ownership or control of your personal information, as well as any choices you may have regarding your personal information.
• With Your Consent: We may disclose your personal information for any other purpose if we have obtained your explicit consent.
• Aggregated or De-identified Information: We may share aggregated or de-identified information that cannot reasonably be used to identify you with third parties for various purposes, including for analytics, research, and marketing.

5.International Data Transfers

As OnBlick Inc. operates globally, and our service providers may be located in various countries, your personal information may be transferred to, stored, and processed in countries outside of your country of residence, including the United States, where our primary operations are located. These countries may have data protection laws that are different from the laws of your country.

When we transfer your personal information across national borders, we implement appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs): Implementing European Commission-approved Standard Contractual Clauses for transfers from the European Economic Area (EEA), Switzerland, and the UK.
• Adequacy Decisions: Relying on adequacy decisions by the European Commission or relevant authorities, where applicable.
• Other Legal Mechanisms: Utilizing other legally permissible mechanisms for data transfer.

6.Data Security and How We Protect Your Information

We are deeply committed to protecting your personal information. We implement a comprehensive suite of administrative, technical, and physical security measures designed to help protect your data from unauthorized access, alteration, disclosure, or destruction. Our security practices include:

• Encryption: Using industry-standard encryption for data in transit (TLS/SSL) and at rest.
• Access Controls: Implementing strict access controls and authentication mechanisms to limit access to personal data to authorized personnel only.
• Regular Security Audits and Vulnerability Assessments: Conducting regular security assessments, penetration testing, and vulnerability scans to identify and address potential weaknesses.
• Employee Training: Providing ongoing privacy and security training to our employees.
• Data Minimization: Collecting only the personal data that is necessary for the purposes outlined in this policy.
• Incident Response Plan: Maintaining a robust incident response plan to address any potential data breaches promptly and effectively.
• While we strive to use commercially acceptable means to protect your personal information, it's important to understand that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. We encourage you to use strong, unique passwords for your account and to protect your account credentials.

7.Data Retention

We retain your personal data and document data for as long as necessary to fulfill the purposes for which it was collected, including for the provision of the Service, to comply with our legal and regulatory obligations, resolve disputes, enforce our agreements, and maintain accurate audit trails for e-signing transactions.

• Account Data: Retained as long as your account is active and for a limited period thereafter to allow for account reactivation or to meet legal obligations.
• Document Data: Retained as long as the documents are stored in your account. You can typically delete documents from your account. Upon deletion from active storage, backup copies may persist for a limited period in accordance with our data backup and retention policies.
• Transaction and Audit Trail Data: Retained for a period necessary to ensure the legal validity and non-repudiation of signatures, typically for longer periods as required by legal and industry standards.
• Other Data: Retained for periods necessary to fulfill the purposes described in this policy, or as otherwise required by law.

8.Your Privacy Rights and Choices

Depending on your jurisdiction and applicable data protection laws (such as GDPR, CCPA, etc.), you may have the following rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data that we hold.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal data under certain conditions (e.g., when the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent).
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data, or if the processing is unlawful).
• Right to Object to Processing: You have the right to object to our processing of your personal data under certain conditions (e.g., for direct marketing purposes or if processing is based on legitimate interests).
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions, in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where we rely on your consent to process your personal data (e.g., for marketing or specific data collection like geolocation/camera access), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority if you believe your rights have been violated.
• To exercise any of these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request in accordance with applicable laws and within a reasonable timeframe. We may need to verify your identity before fulfilling your request.

Your Choices Regarding Marketing Communications:

You can opt-out of receiving promotional emails from us by following the unsubscribe instructions provided in those emails. Please note that even if you opt-out, we may still send you non-promotional messages, such as those about your account, service updates, or our ongoing business relations.

9.Children's Privacy and Younger Users

Our Service is not intended for and is not directed at individuals under the age of 18. We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and believe that we have collected personal information from a child under the age of 18 without appropriate parental consent, please contact us immediately using the information in the "Contact Us" section, and we will take prompt steps to remove that information from our servers and records.

10.Notice to California Residents (Supplemental to General Privacy Rights)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information. These rights include:

• Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell/share.
• Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Correct Inaccurate Personal Information: You have the right to request that we correct inaccurate personal information that we maintain about you.
• Right to Opt-Out of Sale/Sharing: You have the right to opt-out of the "sale" or "sharing" (for cross-context behavioral advertising) of your personal information. eSignRight does not sell your personal information in the traditional sense.
• Right to Limit Use and Disclosure of Sensitive Personal Information: You have the right to limit the use and disclosure of your sensitive personal information (which may include geolocation or identity verification data in some contexts) to certain purposes.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
• To exercise these rights, please contact us at the email address provided in the "Contact Us" section. We will verify your request using information associated with your account, including your email address. You may also use an authorized agent to make a request on your behalf.

11.Third-Party Websites and Services

The Service may contain links to third-party websites, applications, and services of interest that are not operated by or affiliated with us. These links are provided for your convenience. Once you have used these links to leave the Service, any information you provide to these third parties is not covered by this Privacy Policy. We cannot guarantee the safety and privacy of your information when you access or interact with external sites or services. We strongly advise you to review the privacy policies and practices of any third-party websites or services before providing any information to them.

12.Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal or regulatory requirements, or for other operational reasons. We will notify you of any material changes by posting the updated Privacy Policy on this page and by updating the "Last Updated" date at the top of this Privacy Policy. We may also provide additional notification methods, such as an email to the primary email address specified in your account or an in-Service announcement. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

13.How to Contact Us

If you have any questions or comments about this Privacy Policy, our data practices, or if you wish to exercise your data protection rights, please do not hesitate to contact us at:

eSignRight Support Email: support@onblick.com

Postal Address: 400 E Royal Lane, Suite 218, Irving, TX United States.

Phone: +1 972-200-5599

Email: contact@onblick.com

‍