The General Data Protection Regulation (GDPR) is the European Union's landmark data privacy law, effective since May 25, 2018. It governs how personal data is collected, processed, stored, and shared for EU residents.
European Union · Enacted 2018
Requires lawful basis for processing personal data (consent, legitimate interest, contractual necessity)
Mandates data minimization — collect only what is necessary for the stated purpose
Grants data subjects rights: access, rectification, erasure, portability, and objection
Requires data protection by design and by default in all processing activities
Imposes strict requirements on international data transfers outside the EU/EEA
Non-compliance penalties up to 4% of annual global turnover or €20 million
The General Data Protection Regulation (GDPR) is the European Union's landmark data privacy law, effective since May 25, 2018. It governs how personal data is collected, processed, stored, and shared for EU residents. E-signature platforms handle sensitive personal data — names, email addresses, IP addresses, and signed documents — making GDPR compliance essential. SignForge takes a privacy-first approach to data handling. All data is stored on Hetzner infrastructure in Nuremberg, Germany, ensuring EU data residency. We use no tracking cookies — our analytics system is fully self-hosted and privacy-respecting, using session-scoped storage that clears when the browser tab closes. We practice data minimization by only collecting information necessary for the signing process. Users can request data deletion, and our Document Locker gives users full control over their stored documents.
All data hosted on Hetzner infrastructure in Nuremberg, Germany — no cross-border transfers
No tracking cookies — privacy-first self-hosted analytics with no third-party data sharing
Data minimization: only email, name, IP, and user-agent collected for legitimate signing purposes
Users can delete their accounts and documents — Document Locker provides full control
Infrastructure provider holds ISO 27001:2022 and BSI C5 Type 2 certifications
Consent-based processing for all non-essential data collection
TLS 1.3 + SHA-256
Cryptographic proof
Append-only, immutable
Certified infrastructure
SignForge follows GDPR principles: EU data residency (Hetzner, Germany), no tracking cookies, data minimization, user data deletion rights, and privacy-by-design architecture. Our infrastructure provider holds ISO 27001:2022 certification.
All data — documents, signatures, audit trails, and user information — is stored on Hetzner infrastructure in Nuremberg, Germany. There are no data transfers outside the EU/EEA.
No. SignForge uses a self-hosted, privacy-first analytics system. Session data is stored in browser sessionStorage (cleared on tab close), not cookies. No data is shared with third-party analytics providers.
Legally binding e-signatures with 256-bit encryption, cryptographic verification, and an immutable audit trail. Free forever.
Get started freeNo credit card required.