PRIVACY AND LIABILITY AGREEMENT FOR USE OF THE SITE

Last modified: 05/22/2025

1. Brief description

D4Sign values the privacy of its users and has created this Privacy Policy to demonstrate its commitment to protecting your privacy and personal data, in accordance with the General Data Protection Law and other relevant laws, as well as to describe how your privacy is protected by D4Sign when collecting, processing, and storing your personal information.

The defined rights of use are owned by the company D4S Serviços em Tecnologia LTDA ME, a private legal entity, registered under CNPJ/MF no. 23.691.353/0001-80, with headquarters at Av. Paulista, no. 1439, Bela Vista neighborhood, São Paulo/SP, CEP: 01311-200, hereinafter referred to by its trade name D4Sign, and includes the domains d4sign.com.br and doc4sign.com.br.

Accepting the Privacy Policy Acceptance Term implies full acceptance of all conditions described below:

1.1. Definitions

Free account - a non-charged account modality, it will remain open indefinitely and can be canceled at the user's request (i) allows the user to electronically sign any document sent to them, (II) makes available to users the sending of up to 05 (five) documents, which must occur within 30 (thirty) days from the account registration date, after 30 (thirty) days, the right to 05 (five) sends is lost, without prior notice.

Paid account - a paid account modality, intended for sending and receiving documents to be electronically signed (I) the number of document sends per month is defined by the service package contracted by the user (II) the number of sends is not cumulative, unused sends will not be computed to the balance of sends for the subsequent month; (III) when sharing vaults with other users, the sends made by these users will be debited from the balance of the user who shared the account (IV) documents will be encrypted and securely and privately stored for a period of 05 (five) years; (V) in the event of default for more than 05 (five) days, the Paid Account will be migrated to a Free Account.

  • 1- The paid account generates recurring charges;
  • 11 Your subscription (paid account) can be canceled at any time;
  • III - In case of subscription cancellation (paid account), already added credits will remain available in the account and no further charges will be made in subsequent months.

User: all natural persons who will use or visit the Website(s) and/or Application(s), aged 18 (eighteen) or older or emancipated and fully capable of performing acts of civil life, or those absolutely or relatively incapable duly represented or assisted.

Personal Data: means any information collected by D4Sign, by any means, even if public, that: (1) identifies, or that, when used in combination with other processed information, identifies an individual;

Purpose: objective, the purpose that D4Sign wishes to achieve from each act of processing personal information.

Necessity: justification for why it is strictly necessary to collect personal data to achieve the purpose, avoiding excessive collection.

Legal bases: legal basis that legitimizes the processing of personal data for a specific prior purpose by D4Sign.

Consent: express and unequivocal authorization given by the User, owner of the personal data, for D4Sign to process their personal data for a previously described purpose, in which the legal basis necessary for the act requires the express authorization of the data subject.

1.2. Application and acceptance of terms of use

This policy generally applies to all Users and potential Users of the services offered by D4Sign, including Users of websites or other means operated by D4Sign.

D4Sign may collect, produce, receive, classify, use, access, reproduce, transmit, distribute, process, archive, store, delete, evaluate or control information, modify, communicate, transfer, disseminate or extract collected data, including personally identifiable information, in accordance with applicable legal bases and all current privacy and data protection laws.

By accessing and/or using the D4Sign website, the User declares to be at least 18 (eighteen) years old and to have full and express capacity to accept the terms and conditions of this Privacy Policy and the Consent Term for all legal purposes.

If the User does not fit the description above and/or does not agree, even in part, with the terms and conditions contained in this Privacy Policy, they should not access and/or use the services offered by D4Sign, as well as the websites and services operated by it.

2. Guidelines

2.1. Laws and Regulations

D4Sign, headquartered in São Paulo, operates in compliance with data privacy regulatory requirements, the General Data Protection Law (LGPD) (Law no. 13.709/18) and Law no. 12.965/14 (Brazilian Civil Rights Framework for the Internet).

2.2. Data Policy

Any data provided to D4Sign, through our cloud platform or website, is considered privileged information. Your data will never be sold or shared with third parties.

All personal data processing is carried out in accordance with privacy rights and regulations (LGPD). According to LGPD, Brazilian citizens and residents have the following rights:

  • Right to access your personal data;
  • Right to correct personal data we hold about you;
  • Right to request the deletion of your personal data;
  • Right to transfer your personal data to you or to third parties;
  • Withdraw consent for the processing of your Personal Data.

If you wish to exercise any of the rights described above, please contact us at dpo@d4sign.com.br.

2.3. Data Collection

The User is aware that they provide information consciously and voluntarily through registrations, or through websites operated by D4Sign.

When the User registers and/or fills out forms offered by D4Sign, including on its operated websites, the requested data will be kept confidential and will be used only for the purpose that motivated the registration.

To ensure the security of the digital signature, the veracity of the data provided during registration will be verified with the Federal Revenue Service. In the event of incorrect or untrue data, the system will display information on the user's screen, indicating that the data is incorrect, and it will not be possible to proceed with the registration. The user is responsible for correcting the information and is aware that no type of compensation or reimbursement will be due in case of incomplete or incorrect information.

Our prevailing policy is to collect the minimum possible information from the user, in order to ensure greater privacy and anonymization in the use of our services.

D4Sign's data collection is limited to the following activities:

  • Account creation: Necessary registration data such as name, email, CPF (Brazilian individual taxpayer ID), and date of birth;
  • Account activity: Access date and time, IP address and device used, in addition to records of system operations such as queries, registrations, and edits are stored in internal logs;
  • Document signature: User authentication will be carried out by email, password, access code, IP address, geolocation, on-screen signature, CPF, full name, date of birth, and/or other means previously defined by D4Sign, according to the options available on the platform, the principle of data minimization, and the purposes provided in current legislation. All information collected during the authentication process will be permanently registered and linked to the signed document.
  • Communications with D4Sign: Your communications with sales and support requests, error reports, or feature requests will be saved by our team. Our customer support team operates through the Hubspot tool.
  • Requests for proposals and similar: We store the information filled out and provided in the forms on our websites by the user themselves, and then the information is sent to the Commercial department for contact;
  • Sending informative emails: We send email communications to customers and interested parties in our services through the Activecampaign platform, where we store the email address, name, and phone number, if provided by the user. Activecampaign may have access to your data, which can be deleted by unsubscribing from our list;
  • Website navigation: Number of visits, pages accessed, regional access location, time spent, among other information stored by the Google Analytics tool, all devoid of any means that could identify the data subject;

2.4. Data Usage

D4Sign does not have any type of advertising on its website. All collected data is used internally by D4Sign for the purpose of providing services within the contracted scope, including the analysis and improvement of our services, being previously devoid of any personal information that could identify its owner. Sharing with third parties is restricted to the purpose of service provision, and is detailed in the item "Data Disclosure".

Your email address will only be used to contact you with news and updates about D4Sign, to send you notices regarding system operations, and to conduct satisfaction surveys about our services.

2.5. Data Storage

D4Sign is the developer of the signature platform it commercializes. The services provided are delivered through the AWS Cloud platform of Amazon Web Services, Inc. The AWS Cloud holds numerous security and compliance certifications such as ISO 9001, ISO 27001, and ISO 27018, in addition to guaranteeing an SLA (Service Level Agreement) of up to 99.9% availability, according to its service model.

The servers are owned and operated by Amazon, with data storage occurring in Brazil and the United States.

All information of our clients is considered confidential, stored in the AWS Cloud and encrypted, being released only upon a valid and legal order from a governmental or regulatory body.

2.6. Data Retention

a) Personal Data:

Regardless of the contracted modality, D4Sign adopts the following data retention guidelines, even after eventual account inactivation by the user:

  • User registration data: maintained while the account is active and, after its inactivation, are preserved until the data subject formally requests deletion, except in cases where legislation requires their retention for a determined period (such as access logs provided in the Brazilian Civil Rights Framework for the Internet);
  • Signatory data: stored to guarantee the legal validity of electronic signatures. Even with account termination, this data is kept for up to 20 (twenty) years, based on the prescriptive period of Art. 205 of the Civil Code.

D4Sign may retain your Personal Data after receiving your deletion request if necessary to comply with legal obligations, resolve disputes, maintain security, prevent fraud and abuse, and ensure contract compliance.

b) Documents sent for signature

The documents sent are encrypted and stored securely, according to criteria defined by D4Sign. The storage period varies according to the contracted account modality:

  • Free account: documents are available for up to 30 (thirty) days after sending. After this period, documents may be automatically deleted, without prior notice to the user.
  • Paid account: documents are stored for up to 05 (five) years, even after eventual account inactivation, as provided in the service agreement. After this period, they will be securely discarded, respecting the guidelines of the Information Classification Policy.

2.7. Data Disclosure

D4Sign does not provide Personal Data collected on its websites to email list brokers without your express consent.

D4Sign may share collected Personal Data with third parties in the following situations and within the limits required and authorized by law:

  • a) With suppliers and partners for the execution of services contracted with D4Sign, including payment information operated by a third party;
  • b) With companies and individuals contracted for the performance of certain activities and services on behalf of D4Sign;
  • c) When necessary due to legal obligation, determination by a competent authority, or judicial decision.

In cases of sharing Personal Data with third parties, all subjects mentioned above must use the shared Personal Data consistently and in accordance with the purposes for which they were collected (or with which the User previously consented) and in accordance with what was determined by this Privacy Policy, other website or country privacy statements, and applicable privacy and data protection laws.

3. User obligations and responsibilities

User obligations and responsibilities include:

  • a) Whenever requested, provide true, accurate, updated, and complete information, especially during registration on the SITE.
  • b) Use the SITE solely and exclusively for lawful purposes and intents, with any other use being prohibited, especially those unrelated to its original purpose, being aware that the identification of evidence of illicit acts may result in the suspension or cancellation of registration, without prior notice.
  • c) The preparation of documents to be electronically signed, even when using templates provided by the platform, should only be used as a reference, with the user being responsible for adjustments according to their needs and for all information contained therein.
  • d) Properly upload the document to be electronically signed.
  • e) Correctly register all signatories of the document to be electronically signed. Given that D4Sign is not responsible for sending the document to an erroneously registered signatory.
  • f) Carefully read the document to be electronically signed, as D4Sign has no responsibility for the content of the document.
  • g) Not violate any industrial and intellectual property rights of D4Sign and third parties in the use of the SITE, including applying reverse engineering, disassembly, decompilation, or any other attempt to discover the respective source codes, in whole or in part.
  • h) Not use the SITE to store, distribute, transmit, or reproduce any materials that: violate third-party rights; are unlawful, defamatory, violent, pornographic, discriminatory, or contrary to morals and good customs; are contrary to the honor, reputation, intimacy, and privacy of any person; have drug-related content, or cause difficulties to the normal functioning of the SITE, not limited to these.
  • i) Not use the SITE to commit and/or attempt to commit acts aimed at: altering the content of the SITE; obtaining unauthorized access to another computer, server, or network; interrupting service, servers, or computer network through any illicit method.
  • j) Safeguard access credentials, being aware that they are for the exclusive, personal, and untransferable use of the user who registered, being responsible for their custody, secrecy, and security, as well as for their undue use by third parties.
  • j) Not circumvent any authentication or security system; aiming to access confidential information of third parties, of any nature.
  • k) Respect all and any current Brazilian legislation applicable to the use of the SITE and the user's acts within it, as well as any applicable norm or law in the country from which the user's access originates.
  • l) Respect all conditions established in this instrument.

4. Security Measures

D4Sign adopts high technical and operational standards to ensure the continuity and availability of its platform.

Under the terms of the service provision agreement, D4Sign undertakes to maintain, in each calendar month, a Service Level Agreement (SLA) with a minimum availability of 99.50%, ensuring access to the platform 24 (twenty-four) hours a day, 07 (seven) days a week, except in cases of scheduled maintenance, force majeure, or third-party failures.

In addition, D4Sign maintains a Service Level Objective (SLO) of up to 04 (four) hours for analysis and correction of critical access failures, counted from the formal notice sent to the support channel (suporte@d4sign.com.br).

This commitment to platform stability is an essential part of the contractual relationship and aims to ensure reliability, continuity, and security for the services provided.

D4Sign adopts security measures to ensure the confidentiality, integrity, and availability of information through internal Policies, awareness, and confidentiality terms with employees and third parties.

5. Account cancellation

Account cancellation may occur at any time, with applicable fines and penalties defined in the contract. The Paid Account may also, at the user's request, be converted to the Free Account modality, at which time it will be regulated by the terms of contracting the Free Account, including with regard to document storage.

6. Privacy Policy Review

Should D4Sign modify this Privacy Policy, such changes will be visibly published on the D4Sign website. If the User has any questions regarding the website's privacy policies, please contact us using the contact channels provided on our website.

7. Data Protection Officer

D4Sign provides means for you to contact us to exercise your data subject rights.

If you have any questions about this Privacy Policy or about the personal data we process, you can contact our Data Protection Officer, Fábio Oliveira, at dpo@d4sign.com.br.

D4Sign.com.br © 2025