Skip to content
SignHR

Last updated: April 28, 2026

Privacy Policy

This Privacy Policy describes how SignHR Technologies Pvt. Ltd. (“SignHR”, “we”, “us”) collects, uses, stores, and protects personal data we receive through our websites, applications, and services.

1. Who we are

SignHR is an HR management platform built and operated by SignHR Technologies Pvt. Ltd., a company incorporated in India with its registered office at Indiranagar, Bengaluru 560038. For privacy questions, write to info@signhr.io.

2. What data we collect

We collect data in three categories:

  • Account data — name, email, role, company name, and authentication tokens, provided when you sign up.
  • Workspace data — employee profiles, leave records, payroll data, attendance, documents, and other HR records you upload or generate while using SignHR. We process this on your behalf.
  • Usage and device data — IP address, browser, device type, pages visited, timestamps. Used for security monitoring, performance, and analytics.

We do not collect special categories of personal data (race, religion, biometric, etc.) unless you explicitly choose to upload them as part of an employee profile field, in which case you are responsible for the legal basis to do so.

3. How we use your data

We process personal data for the following purposes:

  • To provide, operate, and improve the SignHR service.
  • To authenticate you and secure your account.
  • To send essential transactional emails (account, billing, security alerts).
  • To send marketing emails — only with your explicit opt-in.
  • To comply with our legal and contractual obligations.
  • To investigate, prevent, and address fraud and abuse.

4. Legal basis for processing

Where the GDPR or DPDP applies, we rely on the following legal bases: contract performance for service delivery; legitimate interest for security and product improvement; consent for marketing communications; and legal obligation for tax, audit, and similar requirements.

5. Where your data is stored

Workspace data is stored in AWS data centers in your selected region — ap-south-1 (Mumbai) by default for India and APAC customers, eu-west-1 (Dublin) for EU customers, and us-east-1 (Virginia) for North American customers. We do not transfer workspace data across regions without your explicit configuration.

6. Sharing of data

We share data only with sub-processors that are contractually bound to equivalent data protection obligations. Our current sub-processors are listed at our DPA. We do not sell personal data, and we do not share it for advertising purposes.

7. Retention

We retain workspace data for the lifetime of your subscription plus 30 days after cancellation, after which we delete it from production systems and (within 90 days) from backups. Account data may be retained longer where required by law or for fraud prevention.

8. Your rights

Depending on the jurisdiction, you may have rights to access, correct, delete, or port your personal data; to object to processing; or to withdraw consent. To exercise these rights, write to info@signhr.io — we respond within 30 days.

For data we process on behalf of our customers, please contact your employer (the data controller) directly. We will assist them in responding to you.

9. Security

We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest), strict access controls, and continuous monitoring. We are SOC 2 Type II certified. For details, see our Security Annex.

10. Cookies

We use a minimal set of first-party cookies for authentication and preferences. We do not use third-party tracking cookies on our marketing site or product. Analytics is privacy-respecting and aggregate-only.

11. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to account administrators at least 30 days before they take effect. The “Last updated” date at the top reflects the most recent change.

12. Contact

Questions, concerns, or complaints? Reach our Data Protection Officer at info@signhr.io. EU residents may also lodge a complaint with their local data protection authority.