Privacy Policy

Kaddye ApS is the data controller for the processing of personal data described in this policy. You can contact us at alex@kaddye.com with any questions.

This policy covers personal data for which Kaddye is the controller - primarily the data of our account holders, their authorised users, and visitors to our websites. Where we process personal data on behalf of a business customer - for example the contents of documents and the personal data of signers and recipients - we act as a data processor, and that processing is governed by our Data Processing Agreement and by the customer’s own privacy policy.

We process the following categories of personal data:

• Contact details (name, email address and, where provided, phone number)
• Company details (CVR/company number, address, country, company type and industry)
• Account and authentication data (login details, settings, workspace and role information)
• Identity verification data obtained through electronic identity schemes (e.g. MitID), which may include national identifiers
• Signing and audit data (signer and recipient details, signing method, timestamps, document hashes and audit-trail events)
• Billing data (the information needed to invoice you; card payments are handled by our payment provider and we do not store full card numbers)
• Technical data (e.g. IP address, log files, device information and usage of the service)
• Communications and support data (the content of messages you send us)

We collect personal data:

• Directly from you when you create an account, use the service or contact us
• Automatically through your use of the service (e.g. log and usage data)
• From third-party electronic identity providers when identity verification is used
• From the organisation on whose behalf you use the service

We use personal data to:

• Provide and operate our electronic signing service
• Verify signer identity and create, seal and store signatures and evidence packages
• Manage accounts, subscriptions and billing
• Communicate with you and provide support
• Secure, maintain and improve the service and prevent misuse
• Comply with legal obligations

We process personal data on the basis of:

• Performance of a contract (GDPR Art. 6(1)(b))
• Compliance with a legal obligation (GDPR Art. 6(1)(c))
• Our legitimate interests, such as securing and improving the service (GDPR Art. 6(1)(f))
• Your consent, where we ask for it (GDPR Art. 6(1)(a))

We share personal data only with:

• Our data processors, who process data on our behalf under written agreements - currently our hosting and database provider (Railway, in Amsterdam), our storage provider (Amazon Web Services, in Frankfurt), our email provider (Resend, in Ireland) and our identity-verification provider (Idura)
• Public authorities, where we are required to do so by law

We do not sell personal data.

Personal data is stored within the EU/EEA. If personal data is transferred outside the EU/EEA, we do so on the basis of a valid transfer mechanism, such as the European Commission’s Standard Contractual Clauses, together with any additional safeguards required.

We keep personal data for as long as necessary for the purposes described above or for as long as we are legally required to. Account data is generally retained for the duration of your account. Audit trails and evidence packages remain available for 12 months after cancellation, after which they are deleted, as described in our Terms of Service. After the applicable period, personal data is deleted or anonymised.

Under the GDPR you have the right to:

• Access your personal data
• Have inaccurate data corrected
• Have data erased
• Restrict processing
• Receive your data (data portability)
• Object to processing
• Withdraw consent, where processing is based on consent

Exercising some of these rights may affect your continued use of the service. To exercise your rights, contact us at alex@kaddye.com. You can also lodge a complaint with the Danish Data Protection Agency (Datatilsynet) via www.datatilsynet.dk.

Our websites use cookies and similar technologies to operate the service and understand how it is used. You can manage your preferences through the cookie banner or your browser settings.

We may update this privacy policy. Where changes are material, we will inform users. The latest version is always available on our website.

This privacy policy is effective from 31/05/2026.