Privacy policy

Firma, Inc. ("Firma," "we," "us" or "our") provides e-signature and document workflow services exclusively to business customers ("you," "your," or "Customer"). This Privacy Policy describes the categories of data we collect, how we use it, and your rights under applicable laws, including GDPR.

Last updated at Jun 8, 2025

1. Data We Collect

a. Personal Data

Customer Administrators & Developers
- Name, email, company, job title
- API keys, account credentials, and support tickets
End-User Signers (processed on your behalf)
- Name, email, signature data

b. Service Data

Signed documents (PDF/DOCX) and templates
Audit trails, certificates of completion
Billing & invoicing records
Usage logs (envelope creation, signature events)

2. How We Use Your Data

Provide & maintain the service (authentication, API calls, webhooks)
Process signature requests and deliver signed documents
Billing & payments (invoice creation, tax compliance)
Security & compliance (fraud prevention, audit logs)
Support & maintenance (customer questions, bug fixes)

3. Legal Bases (GDPR)

Contract Performance: to fulfill our agreement with you
Legal Compliance: to meet record-keeping obligations (eIDAS, ESIGN/UETA, tax laws)
Legitimate Interests: service improvements, security monitoring, fraud detection

4. Data Retention

Data Category	Retention Period
Personal Data	Until account closure or erasure request (see exceptions below)
Signed Documents & Audit Trails	Indefinitely, to satisfy legal & contractual obligations
Billing & Invoices	10 years (U.S. tax requirements)

5. Right to Erasure

You may request deletion of your Personal Data under GDPR Article 17. We will comply within 30 days, except for data we are legally obligated to retain, including:

Executed documents, audit trails, and certificates of completion
Billing and invoicing records
Data needed to defend legal claims

Upon erasure, we will remove account profiles, API keys, logs, and support records, unless an exception applies.

6. B2B & End-User Requests

Business Customers: Contact us directly to update, export, or erase your data.
End-User Signers: We process signer data on behalf of our Customers. Any data-subject requests from signers will be forwarded to the contracting Customer for handling.

7. Data Security

Encryption: TLS 1.2+ in transit; AES-256 at rest
Access Controls: Role-based access for Customer users; tenant isolation
Certifications (planned): SOC 2 Type II, ISO 27001
Monitoring & Audits: Real-time vulnerability scanning, bi-annual penetration tests, audit logs

8. International Transfers

We may transfer data to the U.S. or other jurisdictions. We rely on appropriate safeguards such as Standard Contractual Clauses for GDPR-compliant transfers.

9. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will post the revised policy here and update the "Last updated" date.

10. Contact Us

If you have questions or wish to exercise your rights, use our contact form on the website to email us or mail:

FAQ

Frequently asked questions

For any unanswered questions, reach out to our support team via email. We'll respond as soon as possible to assist you.

What makes Firma.dev different from other e-signature providers?
Firma.dev is built for developers and SaaS businesses—no bloated features, no complex contracts. We offer simple API integration, secure compliance, and affordable pay-as-you-go pricing at just $0.029 per envelope—often up to 10x more cost-effective than traditional e-signature providers. Get started in minutes, not days.
How easy is it to integrate Firma.dev into my app?
Very easy. Our REST API is designed for developers, with clear documentation and example code in multiple languages. Most teams integrate Firma.dev in under an hour, with no upfront setup fees or monthly minimums. You can start testing for free.
Is Firma.dev secure and compliant?
Yes. Firma.dev uses bank-grade encryption, secure data storage, and complies with ESIGN, UETA, and GDPR standards. Your documents and signatures are always encrypted in transit and at rest, ensuring security and legal enforceability.
Do I need to sign a contract or commit to a monthly plan?
No contracts, no commitments. Firma.dev is fully pay-as-you-go. You only pay for the envelopes you send—no monthly minimums, hidden fees, or surprises.

FAQ

Frequently asked questions

For any unanswered questions, reach out to our support team via email. We'll respond as soon as possible to assist you.

What makes Firma.dev different from other e-signature providers?
Firma.dev is built for developers and SaaS businesses—no bloated features, no complex contracts. We offer simple API integration, secure compliance, and affordable pay-as-you-go pricing at just $0.029 per envelope—often up to 10x more cost-effective than traditional e-signature providers. Get started in minutes, not days.
How easy is it to integrate Firma.dev into my app?
Very easy. Our REST API is designed for developers, with clear documentation and example code in multiple languages. Most teams integrate Firma.dev in under an hour, with no upfront setup fees or monthly minimums. You can start testing for free.
Is Firma.dev secure and compliant?
Yes. Firma.dev uses bank-grade encryption, secure data storage, and complies with ESIGN, UETA, and GDPR standards. Your documents and signatures are always encrypted in transit and at rest, ensuring security and legal enforceability.
Do I need to sign a contract or commit to a monthly plan?
No contracts, no commitments. Firma.dev is fully pay-as-you-go. You only pay for the envelopes you send—no monthly minimums, hidden fees, or surprises.

FAQ

Frequently asked questions

For any unanswered questions, reach out to our support team via email. We'll respond as soon as possible to assist you.

What makes Firma.dev different from other e-signature providers?
Firma.dev is built for developers and SaaS businesses—no bloated features, no complex contracts. We offer simple API integration, secure compliance, and affordable pay-as-you-go pricing at just $0.029 per envelope—often up to 10x more cost-effective than traditional e-signature providers. Get started in minutes, not days.
How easy is it to integrate Firma.dev into my app?
Very easy. Our REST API is designed for developers, with clear documentation and example code in multiple languages. Most teams integrate Firma.dev in under an hour, with no upfront setup fees or monthly minimums. You can start testing for free.
Is Firma.dev secure and compliant?
Yes. Firma.dev uses bank-grade encryption, secure data storage, and complies with ESIGN, UETA, and GDPR standards. Your documents and signatures are always encrypted in transit and at rest, ensuring security and legal enforceability.
Do I need to sign a contract or commit to a monthly plan?
No contracts, no commitments. Firma.dev is fully pay-as-you-go. You only pay for the envelopes you send—no monthly minimums, hidden fees, or surprises.