Privacy Policy

Last updated: 2 June 2026

This Privacy Policy explains how Asas Labs Ltd (company no. 517341970), registered office at 27 Al-Wurud, Tamra 3081100, Israel (“Asas Labs”, “we”, “us”), collects, uses, shares and protects personal data in connection with the QalamSign service at qalamsign.com (the “Service”).

We process personal data in accordance with the Protection of Privacy Law, 5741-1981 and its regulations, including the framework as amended by Amendment 13 (in force since 14 August 2025), and — where applicable — the EU General Data Protection Regulation (GDPR).

For personal data of your recipients and signers that you process using the Service, you are the controller and we act as your processor; that relationship is governed by our Data Processing Addendum (DPA). This Policy describes our own processing as a controller (for example, of your account data).

1. Personal data we collect

Data you provide

  • Account and profile data: name, email address, password (stored hashed), company name, phone number, locale and saved signature/initials images.
  • Billing data: where you subscribe to a paid plan — billing contact details, billing email and records of payments received. Payments are handled manually (for example by invoice or bank transfer); we do not collect or store payment-card numbers.
  • Communications: messages you send to support and your preferences.

Document and signer data

Documents you upload and the personal data of recipients and signers (names, email addresses, phone numbers, signatures, and the contents of the documents). For this data you are the controller and we process it on your behalf under the DPA.

Data collected automatically

When you use the Service we automatically collect technical data. Under Amendment 13, this data is treated as personal data. It includes IP addresses, approximate location derived from IP, device and browser identifiers, log and usage data, and timestamps — including the technical metadata recorded in document audit trails.

2. How and why we use personal data

PurposeLegal basis
Providing and operating the Service, including sending and signing documentsPerformance of a contract with you
Creating and securing your account, authentication and fraud/bot preventionPerformance of a contract; our legitimate interest in security
Sending service and transactional messages (e.g. verification, signature requests)Performance of a contract
Billing and collecting paymentPerformance of a contract; compliance with a legal (tax/accounting) obligation
Maintaining audit trails and complying with legal obligationsCompliance with a legal obligation; legitimate interest in evidentiary integrity
Improving and securing the ServiceLegitimate interest, balanced against your rights
Marketing communications, where permittedYour consent, which you may withdraw at any time

3. Cookies and tracking

We use cookies and similar technologies that are strictly necessary to deliver the Service — for example to keep you signed in, to protect against cross-site request forgery, and for bot protection (Cloudflare Turnstile). These essential technologies do not require consent.

We do not currently use non-essential analytics, advertising or session-replay trackers. If we introduce such technologies in the future, we will request your explicit, opt-in consent through a consent banner before they run, and update this Policy.

4. Sharing and sub-processors

We do not sell personal data. We share personal data only with service providers (sub-processors) that process it on our behalf to provide the Service, and only under contracts that impose confidentiality and data-protection obligations. Our sub-processors include providers of cloud database, file storage, email delivery, SMS delivery, hosting and bot protection. A current list is maintained in our Data Processing Addendum.

We may also disclose personal data where required by law, to comply with legal process, to enforce our Terms, or to protect the rights, safety and security of Asas Labs, our users or the public.

5. International data transfers

Some of our sub-processors store or process data outside Israel, including in countries that do not have an adequacy decision recognised by the Israeli Privacy Protection Authority. Where we transfer personal data outside Israel, we rely on an appropriate transfer mechanism under the Privacy Protection (Transfer of Data to Databases Abroad) Regulations, 5761-2001 — primarily a data transfer agreement imposing data-protection obligations equivalent to those required under Israeli law, and where relevant your informed consent.

6. Data retention

  • Account data is retained for as long as your account is active and for a limited period after closure (by default, up to 30 days) to allow for recovery and to address disputes, after which it is deleted or anonymised.
  • Completed documents and their audit trails may be retained for longer where necessary to comply with legal obligations or to preserve evidentiary records, and in any case in accordance with your instructions as controller under the DPA.
  • Billing and tax records are retained for the period required by applicable accounting and tax law.
  • We delete or anonymise personal data when it is no longer needed for the purposes described in this Policy.

7. Data security

We apply technical and organisational security measures appropriate to the nature of the data and to the security level applicable to our database under the Protection of Privacy (Data Security) Regulations, 5777-2017. These include encryption of data in transit, hashing of passwords, access controls, logging, and backups. No system is completely secure, and we cannot guarantee absolute security.

8. Your rights

Subject to applicable law, you have the following rights regarding your personal data:

  • Access (inspection): to receive a copy of personal data we hold about you (Section 13 of the Protection of Privacy Law).
  • Correction: to request correction of data that is inaccurate, incomplete, unclear or out of date (Section 14).
  • Removal from a direct-mailing database, where applicable (Section 17F).
  • Withdrawal of consent: where we rely on your consent, you may withdraw it at any time, as easily as it was given (Section 8C, as amended by Amendment 13).

To exercise these rights, contact us at admin@asaslabs.com. We will respond within 30 days as required by law. If you are not satisfied with our response, you may complain to the Israeli Privacy Protection Authority or apply to a Magistrate’s Court. Where we act as a processor for a customer, we will refer your request to the relevant controller.

9. Marketing and direct messages

We will send marketing or promotional messages only where you have given consent or where otherwise permitted under Section 30A of the Communications (Telecommunications and Broadcasting) Law, 5742-1982. Every marketing message includes a simple way to opt out, and you can withdraw your consent at any time at admin@asaslabs.com.

10. Children and minors

The Service is intended for users aged 18 and over and is not directed at children. We do not knowingly collect personal data from individuals under 18 as account holders. If you believe a minor has provided us with personal data without appropriate consent, please contact us so we can take appropriate action.

11. Data security incidents

If we become aware of a security incident affecting personal data that poses a risk to data subjects’ rights, we will notify the Israeli Privacy Protection Authority within 72 hours of becoming aware of it, and will notify affected individuals without undue delay where the incident is likely to result in a high risk to their rights, as required under Amendment 13. Where we act as a processor, we will notify the relevant controller without undue delay so that it can meet its own obligations.

12. Changes to this Policy

We may update this Policy from time to time. We will post the updated version with a new effective date and, where the change is material, provide additional notice.

13. Contact us

For any privacy question or to exercise your rights, contact Asas Labs Ltd, 27 Al-Wurud, Tamra 3081100, Israel, or email admin@asaslabs.com.