2. Privacy Policy
1. Scope. This policy explains how Khtoom collects, uses, discloses, and retains personal data when you use our sites, apps, APIs, or platform, or when you contact us.
2. Legal roles. When the Customer processes individuals' data through the platform within its documents, Khtoom is — in most cases — a data processor on behalf of the Customer (which is the controller). For account, billing, security, fraud-prevention, support, and anonymized analytics data, Khtoom may act as an independent controller within the limits of the law.
3. Categories of data. Identification, contact, and account data; document and transaction data; signature data, technical events, and tracking logs; billing, support, device, and connection data; and any data the Customer or Signer voluntarily uploads or provides.
4. Purposes and bases of processing. We process data to provide the Service, manage the account, execute transactions, create evidence records, provide support, improve security, detect fraud or misuse, and meet legal obligations. The legal bases, as applicable: performance of a contract, legal obligation, balanced legitimate interest, and explicit consent where the law requires it.
5. Customer responsibility. The Customer is responsible for the lawfulness of the data it uploads or processes through Khtoom, and for providing notices and obtaining consents from Signers or data subjects where required. Khtoom is not responsible for determining whether a particular document is binding or whether a signature type is suitable for every case.
6. Disclosure and participants. We may share data with trusted service providers, professional advisers, regulatory authorities, courts, or other parties where necessary to provide the Service, protect rights, comply with law, or respond to lawful requests. Khtoom requires parties that process personal data on its behalf to follow appropriate confidentiality, security, and data-protection commitments.
7. International transfer. If data is transferred outside the country where it was collected or primarily stored, Khtoom uses an appropriate legal mechanism permitted by applicable law. Transfers may take place where reasonably needed to provide, maintain, secure, or support the Service, subject to appropriate safeguards.
8. Security. Reasonable technical, administrative, and organizational measures: access control, encryption in transit and, where appropriate, at rest, logs, backups, logical separation, vulnerability management, access reviews, training, and incident response.
9. Retention and deletion. We retain account data for the term of the relationship, and documents and evidence records for the period reasonably needed to provide the Service, comply with legal obligations, resolve disputes, and maintain evidence records or until early deletion on a legitimate request, subject to any legal obligation or pending dispute. After the relationship ends, we provide a download window of at least 30 days, then delete or anonymize the data.
10. Data subject rights. Subject to applicable law: access, rectification, erasure, restriction of processing, objection, portability, and withdrawal of consent. If Khtoom processes on behalf of the Customer, we forward the request to the Customer or coordinate with it, unless the law requires us to respond directly.
11. Cookies and analytics. Khtoom may use cookies or similar technologies where needed for site operation, security, preferences, and service improvement. Where consent is required, Khtoom requests it in accordance with applicable law.
12. Contact and updates. For privacy requests: support@khtoom.com. Responsible entity: Khtoom. Business address: Khtoom's official business address, as provided in official communications or invoices. This policy is updated as needed, and material changes are notified in a legally reasonable manner.