Privacy Policy

This Privacy Policy describes how BioSignBox (“we,” “us,” or “our”) handles information when you visit our website, create an account, or use our services that involve identity verification, electronic signatures, and related workflows. By using our services, you agree to the practices described here, together with our Terms & Conditions.

1. Who we are

BioSignBox provides software and infrastructure for passwordless identity, consent capture, and cryptographically backed signing experiences. The data controller for information processed through our consumer-facing properties is BioSignBox, operating the site where this policy is posted.

2. Information we collect

Depending on how you interact with us, we may collect categories of information such as:

• Contact and account identifiers, including the phone number you provide in international (E.164) format when you request SMS messages from us.
• Technical and usage data, such as device type, browser type, approximate region derived from IP address, timestamps, and diagnostic logs needed to operate and secure the service.
• Transaction and evidence metadata associated with signatures, consents, or verification events processed through partner-configured workflows, as described in applicable partner agreements.

3. How we use phone numbers and SMS

We use phone numbers you provide to:

• Send transactional or security-related messages, such as one-time passwords (OTPs), verification codes, or time-limited links needed to continue enrollment or access your account, where you have requested that channel.

We do not sell your personal information. Phone numbers collected for SMS consent will not be shared with third parties or affiliates for marketing purposes. We may share information with subprocessors strictly as needed to deliver the service (for example, a telecommunications provider that delivers the SMS on our behalf), subject to contractual confidentiality and security obligations, and not for those parties' independent marketing use.

4. Legal bases and retention

Where applicable law requires a legal basis, we process personal data to perform our contract with you, comply with law, protect vital interests, or pursue legitimate interests in securing and improving our services, balanced against your rights. We retain information only as long as necessary for the purposes described in this policy, to meet legal or regulatory obligations, and to resolve disputes.

5. Security

We implement administrative, technical, and organizational measures designed to protect personal information against unauthorized access, loss, or misuse. No method of transmission over the Internet is completely secure; we encourage you to use unique credentials where applicable and to protect access to your devices.

6. Your choices and rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict certain processing of your personal information, or to object to processing. You may also opt out of non-essential marketing communications where we offer them. SMS opt-out instructions for program messages are described in our Terms & Conditions under "SMS Terms."

7. International transfers

If you access our services from outside the country where our servers or subprocessors are located, your information may be transferred and processed in those locations. We take steps designed to ensure appropriate safeguards where required by law.

8. Children

Our services are not directed to children under the age where parental consent is required in their jurisdiction. We do not knowingly collect personal information from such children.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated through the service or other appropriate means where required by law.

10. Contact

For privacy-related requests or questions, contact us through the support channels published on this website or the contact path your organization provides if you access BioSignBox through an enterprise partner.

This Privacy Policy is provided for transparency and compliance purposes and does not create rights beyond those available under applicable law. If you need a jurisdiction-specific addendum, consult your legal counsel or your organization's administrator.