Privacy Policy | SignMe API

1. Introduction

Golden Developer Technology Systems ("Golden Developer", "we", "us") operates the SignMe API — an AI-powered OCR service that extracts structured data from Egyptian identity documents, including National IDs, Passports, Driver Licences, and Car Licences.

This Privacy Policy explains what data we collect when you use our API, website, or portal, how we use that data, and what rights you have over it. We have designed SignMe with data minimisation in mind: we collect only what is necessary to deliver the service and nothing more.

By using SignMe API, you agree to the practices described in this policy. If you are processing end-user identity data through SignMe on behalf of your organisation, you are responsible for obtaining the appropriate consents from those individuals.

2. Information We Collect

Uploaded Document Images

When you call the SignMe API, you submit an image of an identity document. This image is transmitted securely over HTTPS, processed by our OCR engine, and then permanently deleted from our systems. We do not retain uploaded images after processing is complete.

Extracted Data

The structured data returned by the API (name, national ID number, date of birth, address, etc.) is returned to you in the API response. We do not store or log the extracted personal data of the individuals whose documents are processed.

Account Information

We collect the following when you register for a SignMe account:

Name and email address
Company name (optional)
Password (stored as a one-way hash — never in plain text)
Billing information (processed by our payment provider — we do not store card numbers)

Usage & Technical Data

To operate and improve the service, we collect technical metadata about API requests:

API call timestamps and response times
HTTP status codes and error types
Credit consumption per request
IP address and request origin (for abuse prevention)

This metadata does not include the content of processed documents.

3. How We Use Your Information

Service delivery — process API requests and return structured data
Account management — create and manage your portal account and API keys
Billing — calculate usage, generate invoices, and process payments
Security — detect and prevent abuse, fraud, and unauthorised access
Support — respond to your queries and troubleshoot issues
Service improvement — analyse aggregate usage patterns to improve accuracy and performance
Legal compliance — meet our obligations under applicable law

We do not use your data for advertising, profiling, or any purpose unrelated to operating and improving SignMe.

4. Data Retention

Uploaded images are deleted immediately after processing. They are never written to permanent storage.

For other data categories, we apply the following retention periods:

Data Type	Retention Period
Uploaded document images	Deleted immediately after processing
API request metadata (logs)	90 days, then auto-deleted
Account data	Duration of account + 30 days after deletion
Billing records	7 years (legal requirement)
Support correspondence	2 years

5. Data Security

We implement technical and organisational measures appropriate to the sensitivity of identity data:

All data in transit is encrypted via TLS 1.2 or higher
API access is authenticated via secure, revocable API keys
Account passwords are hashed using industry-standard algorithms
Production infrastructure is access-controlled and audited
Our OCR engine is developed and quality-audited under European standards

No system is completely immune to risk. In the event of a data breach that affects your personal data, we will notify you as required by applicable law.

6. Data Sharing

We do not sell your data — ever. We do not trade, rent, or broker personal data to third parties.

We share data only in the following limited circumstances:

Infrastructure providers — cloud hosting and storage providers operating under strict data processing agreements
Payment processors — to handle subscription billing; card data is processed directly by the payment provider, not by us
Legal obligations — if required by a court order or applicable law, we may disclose the minimum data necessary

All third-party processors are contractually bound to process data only as instructed by us.

7. International Data Transfers

Golden Developer Technology Systems operates with infrastructure and R&D in Italy and operations in Egypt. Data may be processed in both jurisdictions. For customers in the EU/EEA, we rely on appropriate legal mechanisms for cross-border transfers, including standard contractual clauses where applicable.

Enterprise and government clients requiring full data sovereignty may deploy SignMe On-Premise, ensuring all data stays within your own infrastructure. Contact us to learn more.

8. Your Rights

Depending on where you are located, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Ask us to correct inaccurate or incomplete information.

Deletion

Request deletion of your account and associated data.

Restriction

Ask us to restrict processing in certain circumstances.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests.

To exercise any of these rights, email us at privacy@goldendeveloper.net. We aim to respond within 30 days.

9. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

Golden Developer Technology Systems

privacy@goldendeveloper.net

Cairo, Egypt · Italy (R&D)

We take every privacy enquiry seriously and will respond promptly.