Privacy Policy
Last Updated: February 2026
1. Who We Are
VirtuSign is operated by VirtuTechnologies Limited, a company incorporated in Northern Ireland under company number NI700043, whose registered office is:
Formation Works
Meadow House
22 East Bridge Street
Belfast
Northern Ireland
BT1 3NR
Email: support@virtu-sign.com
Data Protection Roles
- Data Controller: In respect of account information and platform usage data;
- Data Processor: In respect of personal data contained within documents uploaded or generated by business users.
2. Scope of This Policy
This Privacy Policy explains how we collect, use, store and protect personal data when you:
- Visit our website (https://virtu-sign.com);
- Create an account;
- Use the VirtuSign platform.
This Policy applies to business users only.
3. Categories of Data We Process
A. Account and Contact Data (Controller)
- Name
- Business email address
- Company name
- Contact details
- Billing details
B. Uploaded Document Data (Processor)
Personal data within documents you upload or generate:
- Names and Signatures
- Contractual details
- Employment or commercial information
C. Usage and Technical Data
- IP address
- Device and browser information
- Session activity
- Platform usage behaviour
D. Payment Data
Handled by Stripe. We do not store full payment card details. Stripe acts as an independent data controller.
4. AI Processing (OpenAI)
VirtuSign uses OpenAI API services to generate documents. We confirm:
- We do not use OpenAI systems to train models on user data;
- We do not use OpenAI "memory" features;
- Data sent to OpenAI is processed solely to generate requested outputs;
- We do not authorise OpenAI to retain or use user data beyond API processing.
OpenAI processes data in accordance with its own contractual and security obligations.
5. Hosting and Infrastructure
VirtuSign infrastructure is currently hosted via Vercel, with database services provided within that environment. We may migrate backend services to Amazon Web Services (AWS).
Where infrastructure providers are used, they act as data processors under contractual safeguards. We implement commercially reasonable technical and organisational measures to protect data.
6. Legal Bases for Processing (UK GDPR)
| Basis | Application |
|---|---|
| Contractual Necessity | To provide access to the Platform and perform subscription services. |
| Legitimate Interests | To improve platform functionality, monitor security, and prevent fraud or abuse. |
| Legal Obligation | To comply with applicable law. |
| Consent | For marketing communications and non-essential cookies. |
7. Data Retention
We retain data only for as long as necessary for the purposes for which it was collected:
- Account data: retained while subscription is active and for a reasonable period thereafter for legal or accounting purposes.
- Uploaded documents: retained while account is active unless deleted by user.
- Usage logs: retained for security and fraud prevention purposes.
8. International Transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including:
- UK adequacy decisions;
- Standard Contractual Clauses;
- Equivalent contractual protections.
9. Your Rights
Under UK GDPR, you have the right to:
You also have the right to lodge a complaint with the ICO:
https://ico.org.uk
10. Security Measures
- Encrypted data transmission
- Access controls
- Monitoring and logging
- Secure APIs
However, no online system can be guaranteed to be completely secure.
11. Children
The Platform is not intended for individuals under 16 years of age.
12. Cookies
Functionality
Essential for platform operation.
Analytics
Google Analytics & Session analysis.
Advertising
Meta Pixel.
You may manage preferences via our cookie banner.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via the Platform or email where appropriate. Continued use constitutes acceptance of the updated Policy.
Last Updated: February 2026