The short answer: Yes.
The long answer:
SignatureSatori as Data Processor
An integral part of SignatureSatori is the Personal Data of your Users (name, email, phone number etc); you are considered Controller for this data. By using SignatureSatori, you have engaged us as Data Processor to carry out certain activities on your behalf.
The GDPR establishes strict requirements for moving data outside of its scope of protection. To ensure the quality and speed of our services, we sometimes need to use the processing powers of several Sub-processors and transfer your data to them. We mainly utilize the Google Cloud for this. We carefully select our business partners and we will keep an up-to-date list of sub-processors and their Security certifications in our Terms of Service to be fully transparent about these transfers.
SignatureSatori as Data Controller
We also act as Data Controller for the Personal Data we collect about you, the user of our website and webapp.
First and foremost, we process data that is necessary for us to perform our contract with you (GDPR Article 6(1)(b)).
Secondly, we process data to meet our obligations under the law (GDPR Article 6(1)(c)) — this primarily involves financial data and information that we need to meet our accountability obligations under the GDPR.
Thirdly, we process your personal data for our legitimate interests in line with GDPR Article 6(1)(f).
What are these ‘legitimate interests’ we talk about?
Improving the app to help you reach new levels of productivity.
Making sure that your data and SignatureSatori systems are safe and secure.
Responsible marketing of our product and its features.
As the Controller for your personal data, SignatureSatori is committed to respect all your rights under the GDPR.