Legal

Privacy Policy

Last updated 23 June 2026

This Privacy Policy explains how ECYLAA LTD (“Ecylaa”, “we”, “us”) collects, uses, and protects personal data when you use the Ecylaa platform or visit our website. We are the data controller for the personal data described here. Our registered office is 50 Princes Street, Ipswich IP1 1RJ, United Kingdom.

1. Data we collect

  • Account data: name, work email, company, role, and team size.
  • Document data: the documents, templates, and signer details you process through the Service, handled on your behalf.
  • Signature evidence: timestamps, IP addresses, and consent records captured to make signatures legally defensible.
  • Technical data: browser type and device information.
  • Billing data: handled by our payment processors; we do not store full card numbers.

2. How we use data

  • to provide, secure, and improve the Service;
  • to generate documents and capture legally valid signatures on your instruction;
  • to communicate about your account, support, and service updates;
  • to comply with legal obligations and enforce our Terms of Service;
  • with your consent, to send product news you can opt out of at any time.

3. Legal bases

Where the UK GDPR or EU GDPR applies, we rely on: performance of a contract; our legitimate interests in operating and securing the Service; compliance with legal obligations; and consent where required.

4. We never sell your data

We never sell personal information to third parties. We share data only with sub-processors who help us run the Service (such as hosting and analytics providers), under contracts that require them to protect it, or where required by law.

5. Your GDPR rights (EEA & UK residents)

If you are located in the European Economic Area or the United Kingdom, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate data;
  • request erasure (“right to be forgotten”);
  • restrict or object to certain processing;
  • data portability in a structured, machine-readable format;
  • withdraw consent at any time; and
  • lodge a complaint with a supervisory authority, such as the UK ICO.

6. Your CCPA rights (California residents)

If you are a California resident, you have the right to:

  • know what personal information we collect and how it is used;
  • request deletion of your personal information;
  • correct inaccurate personal information;
  • opt out of the “sale” or “sharing” of personal information — though, as noted, we do not sell it; and
  • not be discriminated against for exercising your rights.

7. Children

Children under 16 — this service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

8. Data retention

We retain personal data and documents only as long as necessary to provide the Service and meet legal obligations, or as configured by you. On account closure you may export your data within 30 days, after which we delete or anonymise it in the ordinary course.

9. Security

We protect data with encryption in transit and at rest, access controls, and regular review. No method of transmission is perfectly secure, but we work continuously to safeguard your information. See our Security overview for details.

10. International transfers

Where data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses. You can choose your data residency region on eligible plans.

11. Changes & contact

We may update this Policy from time to time and will post the revised version here. For any privacy request, contact contact@ecylaa-pro.com.

Questions about this policy? Contact contact@ecylaa-pro.com. ECYLAA LTD, 50 Princes Street, Ipswich IP1 1RJ, United Kingdom.