Effective Date: 11/30/2025
Last Updated: 10/31/2025
Trusted Signatures (“TS,” “we,” “our”) and the counterparty identified in the applicable order form (“Customer”) agree to this Data Processing Addendum (DPA), which forms part of the agreement governing Customer’s use of the Services. Capitalized terms not defined here have the meanings in the Agreement or applicable law.
Controller vs. processor.
(a) For Account, Billing, Support, and Site data, TS acts as controller/business (see our Privacy Policy).
(b) For Customer-submitted technical data processed to operate the Services (e.g., API logs, SHA-256 document digests, certificate serials/issuer, validation outcomes), TS acts as processor/service provider on Customer’s documented instructions.
TS will process Customer Personal Data only: (a) to provide, secure, and support the Services; (b) per Customer’s written instructions (including the Agreement and this DPA); or (c) as required by law (with notice to Customer unless prohibited).
Subject matter & duration. Processing of Customer Personal Data for the term of the Agreement and the retention windows in §8.
Nature & purpose. Operating PDF sealing/verification workflows; security, support, and billing.
Categories & subjects. As provided by Customer (e.g., account contacts, API users; document-verification metadata). Data subjects may include Customer’s personnel, end users, and vendors.
TS maintains appropriate technical and organizational measures, including: encryption in transit and at rest (where applicable); SSO/MFA; role-based access and least privilege; audit logging and monitoring (AWS CloudWatch); vulnerability management; secure SDLC; incident response; and HSM-backed key protection using FIPS 140-validated modules (Level 3 where applicable). See Annex II (Security Measures).
TS will ensure personnel accessing Customer Personal Data are bound by confidentiality and receive appropriate privacy/security training. Access is limited to a need-to-know basis.
Authorization & flow-down. Customer authorizes TS to use Subprocessors to provide the Services. TS will impose data-protection obligations no less protective than those in this DPA and remains responsible to Customer for each Subprocessor’s performance of those flow-down obligations (subject to the limitations in the Agreement).
Current list & notice. TS maintains a live list at: Subprocessors List. TS may update Subprocessors by updating that page (which constitutes notice). Customers may object to a new Subprocessor under the process in Annex I §D.
TS will provide reasonable assistance, proportionate to its role, with security-related obligations, DPIAs, consultations with authorities, and data-subject requests that Customer receives and directs to TS.
At termination or upon Customer request, TS will delete or return Customer Personal Data, unless retention is required for legal, security, audit, or trust-program reasons; in that case, TS will protect the data per this DPA and delete on the next standard cycle. Typical retention windows are described in the Privacy Policy.
TS will notify Customer without undue delay after becoming aware of a Personal Data Breach involving Customer Personal Data and will provide information reasonably available to assist Customer with legal notification duties and remediation.
Where Customer Personal Data is transferred to TS in the U.S. or another third country, the parties incorporate the appropriate Standard Contractual Clauses (EU 2021/914 C2P) and, as applicable, the UK IDTA/UK Addendum and Swiss addenda. If there is conflict, the SCCs/addenda control for the transfer.
TS will not: (a) sell Customer Personal Data; (b) share it for cross-context behavioral advertising; (c) process it outside the business purpose of providing the Services; or (d) combine it with personal information from other sources except as permitted for security, fraud prevention, or service operations.
The Services are not designed to receive or store PHI. Customer must not send PHI in document content, filenames, content-derived metadata, or support materials. If required, TS may execute a HIPAA Business Associate Rider (Operations-Only) that covers Operational Metadata (e.g., API logs, SHA-256 digests, certificate/validation status data) and expressly excludes document content. See our HIPAA Rider.
Upon written request (no more than annually or following a material incident), TS will make available summary reports or attestations relevant to these controls (e.g., penetration test summaries). Where additional verification is needed, the parties will agree in advance on scope, timing, confidentiality, and reasonable cost recovery.
The Agreement’s limitations and exclusions of liability (including ToS §15) apply to this DPA. If there is a conflict between this DPA and the Agreement, this DPA controls to the extent required by law; otherwise, the Agreement controls. For transfer conflicts, §10 controls.
A. Exporter (Controller/Business). Customer (entity named in the order form).
B. Importer (Processor/Service Provider). Trusted Signatures, 4 Saint Albans Rd W, Hopkins, MN 55305.
C. Data subjects. Customer employees/contractors; Customer’s vendors/end users.
D. Categories of data. Account/contact data; API/service logs (timestamps, IPs, user/tenant IDs, endpoint, status/latency); document-verification metadata (SHA-256 digests, certificate serials/issuer, validation outcomes); identity data provided for Publisher Identity onboarding (org details, authorized contacts, proofs).
E. Special categories. Not intended. Customer will not submit sensitive data unless required and lawfully justified.
F. Subprocessor notice & objections. TS will post updates at /docs/subprocessors. Within 15 days of an update, Customer may reasonably object on data-protection grounds. If unresolved in good faith, Customer may suspend the affected functionality or terminate the impacted order(s) with a pro-rata refund of prepaid, unused fees.
(a) Governance: policies, least privilege, background-checked personnel.
(b) Access control: SSO/MFA; RBAC; key rotation and secrets management.
(c) Cryptography: TLS in transit; encryption at rest where applicable; keys protected by FIPS 140-validated HSMs (Level 3 where applicable).
(d) Monitoring: centralized logs/metrics with AWS CloudWatch; alerting.
(e) Systems security: hardened images, patching, change control, segmentation.
(f) SDLC: code review, dependency scanning, CI secrets hygiene.
(g) Vulnerability management: scanning and periodic penetration testing.
(h) Incident response: runbooks, on-call, breach notification.
(i) Continuity: backups, redundancy, disaster-recovery objectives.
(j) Vendor risk: Subprocessor due diligence; SCCs/UK addendum as needed.
(k) Customer controls: API key hygiene; permission scoping; revocation tools.
References
• Subprocessors: https://trusted-signatures.com/docs/subprocessors/
• Privacy Policy: https://trusted-signatures.com/privacy/
• Terms of Service: https://trusted-signatures.com/terms/
Contacts
You may contact us at support@trusted-signatures.com, or for legal notices at Michelle@trusted-signatures.com and Brad@trusted-signatures.com. Address: 4 Saint Albans Rd W. Hopkins, MN 55305