Legal
for the cloud-based service Signivo
Last updated: March 20, 2026
Note: This is a convenience translation of the German Data Processing Agreement (Auftragsverarbeitungsvertrag, AVV). The German version is the legally binding document. In case of any discrepancy, the German version shall prevail.
Table of content
Subject Matter and Duration of Processing
Nature and Purpose of Processing
Types of Personal Data
Categories of Data Subjects
Obligations of the Processor
Obligations of the Controller
Sub-Processors
International Data Transfers
Technical and Organizational Measures (TOMs)
Deletion and Return of Data
Audit Rights of the Controller
Liability
Final Provisions
Annex 1 — Technical and Organizational Measures (TOMs)
Annex 2 — Sub-Processors
This Data Processing Agreement (hereinafter “DPA”) supplements the contractual relationship between the Customer (hereinafter “Controller”) and
MonsJovis Holding UG (haftungsbeschränkt)c/o AurichEichenallee 3714050 Berlin, Germany
Commercial Register: Amtsgericht Charlottenburg, HRB 214851 BManaging Director (Geschäftsführer): Markus Aurich
(hereinafter “Processor” or “Signivo”)
The Controller uses the cloud-based service Signivo for centralized email signature management for Google Workspace (hereinafter “Service”). In the course of providing the Service, the Processor processes personal data on behalf of and under the instructions of the Controller. This DPA governs the rights and obligations of the parties in connection with this data processing.
By accepting this DPA (via the button at signivo.io/dpa or by signing), this DPA becomes an integral part of the main agreement between the parties (Terms of Service of Signivo, hereinafter “Main Agreement”).
(1) The Processor processes personal data on behalf of the Controller exclusively for the purpose of providing the Service, i.e., for the centralized management and deployment of email signatures for the Controller’s Google Workspace.
(2) The duration of the processing corresponds to the term of the Main Agreement. After termination of the Main Agreement, the provisions of § 10 of this DPA shall apply.
The processing comprises the following activities:
The following categories of personal data are processed under this DPA:
Directory data (from Google Directory API, read-only access):First and last name, email address, job title, department, phone number(s), profile photo URL, manager email address, organizational unit membership (OU path), Google Groups (name, email, members)
Gmail settings (read and write access):Email signatures, Send-As aliases
Administrator-entered data:Company name, website URL, phone number, address, legal notices (disclaimer), social media links, uploaded files (e.g., company logos)
Activity logs:User ID, email address, name, action type, timestamp
Not processed:Email content, subject lines, metadata, attachments, contacts, Google Drive files, calendar entries, or any other Workspace data not related to email signature management.
(1) The Processor shall process personal data exclusively on the basis of documented instructions from the Controller pursuant to Art. 28(3)(a) GDPR. Instructions are derived from this DPA, the Main Agreement, and the configurations made by the Controller within the Service (e.g., signature templates, assignment rules, sync settings). Additional individual instructions may be issued in writing or in text form (email).
(2) If the Processor is of the opinion that an instruction from the Controller violates the GDPR or other data protection provisions, the Processor shall inform the Controller without undue delay. The Processor is entitled to suspend the execution of the instruction in question until confirmation or amendment by the Controller.
(3) The Processor shall ensure that persons authorized to process personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (Art. 28(3)(b) GDPR).
(4) The Processor shall assist the Controller, taking into account the nature of the processing, by appropriate technical and organizational measures, insofar as possible, in fulfilling the Controller’s obligations under Art. 12–22 GDPR (data subject rights) and Art. 32–36 GDPR (security of processing, data protection impact assessment, prior consultation).
(5) The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach (Art. 33(2) GDPR). The notification shall include at least a description of the nature of the breach, the categories and approximate number of data subjects and data records concerned (to the extent known), the likely consequences, and the measures taken or proposed.
(1) The Controller is responsible for compliance with data protection regulations within the scope of this DPA, in particular for the lawfulness of data processing and the protection of the rights of data subjects (its employees and Workspace users).
(2) The Controller shall issue all instructions relating to data processing. The Controller is responsible for assessing the permissibility of the processing pursuant to Art. 6(1) GDPR.
(3) The Controller shall inform the Processor without undue delay if it identifies errors or irregularities in the processing.
(1) The Controller hereby grants the Processor general written authorization to engage additional processors (sub-processors) pursuant to Art. 28(2) GDPR.
(2) The sub-processors engaged at the time of conclusion of this DPA are listed in Annex 2. By concluding this DPA, the Controller approves the engagement of these sub-processors.
(3) The Processor shall inform the Controller at least 7 days before any intended change (addition or replacement of a sub-processor) by email to the administrator email address stored in the Signivo account. The current list of sub-processors is available at all times at signivo.io/privacy (Section 7 of the Privacy Policy).
(4) The Controller may object to the change in writing within 7 days of notification for legitimate data protection reasons. In the event of a legitimate objection, the Processor shall endeavor to offer a reasonable alternative solution. If this is not possible, the Controller shall have a special right of termination as of the date of the planned engagement of the new sub-processor. The Controller shall receive a pro rata refund of fees already paid in this case.
(5) The Processor shall contractually ensure that the sub-processors are subject to at least the same data protection obligations as set forth in this DPA (Art. 28(4) GDPR). The Processor shall be liable to the Controller for compliance with data protection obligations by its sub-processors.
(1) The core infrastructure of the Service (database, application server, file storage) is operated in the EU (Frankfurt region, Germany).
(2) To the extent that sub-processors process personal data in third countries (outside the EEA), the transfer shall be based exclusively on one of the following mechanisms:
(3) Details on the individual sub-processors and the transfer mechanisms applied are set out in Annex 2.
(1) The Processor shall implement the technical and organizational measures described in Annex 1 pursuant to Art. 32 GDPR to ensure a level of security appropriate to the risk.
(2) The Processor is entitled to adapt the technical and organizational measures during the term of the contract, provided that the contractually agreed level of protection is not reduced.
(1) After termination of the Main Agreement, the personal data processed on behalf of the Controller shall be retained for 30 days to give the Controller the opportunity to back up data or reactivate.
(2) After expiration of the 30-day period, all personal data processed on behalf of the Controller shall be deleted from production systems. The deletion includes: the workspace and its settings, all memberships and invitations, all signatures and signature versions, all publications and logs, all uploaded files, and the encrypted OAuth tokens. To the extent that data temporarily remains in encrypted, automated backups of the infrastructure providers, it will be overwritten after the regular backup retention period expires and will not be productively used or restored in the interim.
(3) Before deletion, published Gmail signatures will be automatically removed for all affected users, provided that the corresponding Google permissions still exist at that time.
(4) The Controller can trigger immediate deletion at any time by manually deleting the workspace in the Signivo console (Settings → Delete Workspace).
(5) Directory data is overwritten with each synchronization cycle; historical snapshots are not stored. Activity logs are automatically deleted after a maximum of 24 months.
(1) The Controller has the right to verify compliance with the provisions of this DPA (Art. 28(3)(h) GDPR).
(2) The Processor shall make available to the Controller upon request all information necessary to demonstrate compliance with its obligations. This includes, in particular, the provision of current certifications, audit reports, security documentation, and written information.
(3) On-site audits by the Controller or an auditor appointed by the Controller are possible with reasonable advance notice (at least 30 days) and taking into account the operational concerns of the Processor. The costs of an on-site audit shall be borne by the Controller, unless the audit reveals a material breach of this DPA by the Processor.
The contractual liability of the parties is otherwise governed by the provisions of the Main Agreement (Terms of Service). Mandatory liability provisions under the GDPR, in particular under Art. 82 GDPR, shall remain unaffected.
(1) Amendments and additions to this DPA require text form (Textform).
(2) Should any provision of this DPA be or become invalid, the validity of the remaining provisions shall not be affected. The parties undertake to replace an invalid provision with a valid provision that most closely reflects the economic purpose of the invalid provision.
(3) The laws of the Federal Republic of Germany shall apply. The place of jurisdiction shall be Berlin, to the extent permitted by law.
(4) In the event of conflicts between this DPA and the Main Agreement, this DPA shall prevail to the extent that the processing of personal data is concerned.
Physical Access Control:The infrastructure is operated by Google Cloud Platform and Supabase in certified data centers (Frankfurt region, EU). The Processor does not operate its own physical servers. Physical access control of the data centers is the responsibility of the respective operators (Google: SOC 2, ISO 27001; Supabase: SOC 2).
System Access Control:Authentication via Supabase Auth (email/password with hashed storage or Google OAuth). Access to the Service exclusively via JWT bearer tokens with limited validity.
Data Access Control:Row Level Security (RLS) on all database tables — authenticated users can only see data within their own workspace. Sensitive columns (in particular OAuth tokens) are excluded from client queries. Role-based permission model (Owner, Admin, Member).
Separation Control:Logical tenant separation via workspace IDs. Data of different Controllers is processed in the same database but strictly separated by RLS policies.
Transfer Control:All data transfers are conducted over TLS/SSL. Google OAuth tokens are stored encrypted with AES-256-GCM (scrypt key derivation, randomly generated 16-byte initialization vector, GCM authentication tag for tampering protection).
Input Control:Activity logs (user ID, email, action, timestamp) enable traceability of all significant processing operations. Retention period: maximum 24 months.
Availability Control:The infrastructure is operated on Google Kubernetes Engine (GKE) with auto-scaling and Redis caching. Supabase provides automatic backups and point-in-time recovery. The operators of the infrastructure components ensure industry-standard availability.
Resilience:The cloud-based architecture (GKE) allows capacity to be automatically scaled during peak loads.
Regular database backups via Supabase. Directory data can be re-synchronized from the Controller’s Google Workspace at any time.
Regular review of security measures as part of ongoing operations. Persons involved in data processing are committed to confidentiality.
| Provider | Purpose | Location | Data Processed | Google User Data | Transfer |
|---|---|---|---|---|---|
| Google Cloud Platform (Google Ireland Ltd.) | Infrastructure (GKE, Redis) | Frankfurt, EU | Application data, directory data, encrypted tokens | Yes | — (EU) |
| Supabase, Inc. | Database, authentication, file storage | Frankfurt, EU | Account data, workspace data, directory data, encrypted tokens | Yes | — (EU) |
| Google APIs (Google Ireland Ltd.) | Directory Sync, Gmail signatures | EU / USA | Directory data, signature HTML, OAuth tokens | Yes (source) | DPF (Art. 45 GDPR) |
| Provider | Purpose | Location | Data Processed | Transfer |
|---|---|---|---|---|
| PostHog, Inc. (EU instance) | Product analytics, feature management, error analysis | EU | Pseudonymized user/workspace IDs, event names | — (EU) |
| Anthropic, PBC | AI-powered company information extraction (onboarding) | USA | Customer domain (text string) | SCC (Art. 46 GDPR) |
| Stripe, Inc. | Payment processing | USA | Payment data (reference IDs, payment status) | DPF (Art. 45 GDPR) |
| Brevo (Sendinblue GmbH) | Transactional emails, newsletter | EU (Germany) | Email addresses | — (EU) |
The current list of sub-processors is available at all times at: signivo.io/privacy (Section 7 of the Privacy Policy)
This DPA takes effect upon acceptance by the Controller.
