Scriboflow

Privacy Policy

Last updated: January 1, 2026

This privacy policy explains how Scriboflow collects, uses, and protects your personal information.

Scriboflow ("the Service") is a contract management and electronic signature platform.

1. Data Controller

Scriboflow is operated by:

Digital Galaxy
CVR: 42878278
Alfred Nobels Vej 21 B, 1.
9220 Aalborg Ost
Denmark

and

Dots & Dashes ApS
CVR: 45237486
Tennisskoven 13
9320 Hjallerup
Denmark

Phone: +45 71 55 68 58

For privacy-related questions, contact us at privacy@scriboflow.com.

2. Personal Data We Collect

When you use Scriboflow, we may collect:

Account Information

  • Name
  • Email address
  • Company name
  • Phone number (if provided)

Authentication Data

  • Email and password credentials
  • Google authentication data if you choose Google login

Billing Information

Payments are processed by Stripe. Scriboflow does not store full payment card information.

Contract and Document Data

  • Documents uploaded to the platform
  • Signature data
  • Contract metadata (status, participants, timestamps)

Technical Information

  • IP address
  • Browser type
  • Device information
  • Usage data related to operation of the service

Analytics

We collect aggregated usage data using Google Analytics to understand how visitors interact with our website.

3. How We Use Your Data

We use personal data to:

  • Provide and operate the Scriboflow platform
  • Create and manage user accounts
  • Enable document management and electronic signatures
  • Process subscriptions and payments
  • Improve the performance and usability of the service
  • Maintain security and prevent fraud
  • Comply with legal obligations

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we rely on:

  • Contractual necessity to provide the Scriboflow service
  • Legitimate interest to operate, secure, and improve the platform
  • Legal obligation to comply with applicable laws
  • Consent for analytics cookies where required

5. Third-Party Service Providers

We use trusted providers to operate the service:

  • Infrastructure and Hosting: Vercel, Supabase
  • Document Storage: Google Cloud
  • Payments: Stripe
  • Email Delivery: Resend
  • Analytics: Google Analytics

These providers process personal data on our behalf under appropriate data protection agreements.

6. Data Location

Scriboflow stores and processes data within the European Union whenever possible.

When providers may process data outside the EU, safeguards such as Standard Contractual Clauses (SCCs) are used to support GDPR compliance.

7. Data Retention

Personal data is retained for as long as your account remains active.

When an account is deleted:

  • Account data is removed or anonymized
  • Documents and associated data are deleted from active systems
  • Certain information may be retained where required for legal or accounting purposes

8. Security

We implement technical and organizational measures to protect personal data, including:

  • Encrypted data transmission (HTTPS)
  • Secure infrastructure providers
  • Controlled access to production systems
  • Monitoring and logging for security purposes

No internet-based service can be guaranteed to be completely secure.

9. Your GDPR Rights

Under GDPR, users in the European Economic Area have the right to:

  • Access personal data
  • Request correction of inaccurate data
  • Request deletion of personal data
  • Restrict processing
  • Object to processing
  • Request data portability

Requests can be sent to privacy@scriboflow.com.

10. Cookies

Scriboflow uses cookies necessary to operate the website and provide the service.

We also use Google Analytics cookies to understand how visitors use our website.

Where required by law, analytics cookies are only activated after user consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time.

When we do, the updated version is published on this page with a revised Last updated date.