VaseSignby Stars in a Vase Digital Trust
FeaturesIndustriesAI reviewEvidenceFeature ShopPartnersTrust CenterConnect
✦ Sign For Free. Forever.
Sign inStart signing

Trust Center

Privacy & POPIA-aligned controls

How VaseSign approaches personal information handling, minimisation, retention, data-subject requests, and cross-border transfers — aligned to POPIA where configured for your workspace.

  • Overview
  • Legal alignment
  • Signature levels
  • Evidence pack
  • Security
  • Privacy & POPIA
  • Subprocessors
  • Data residency
  • Data retention
  • Incident response
  • Availability
  • Enterprise assurance
  • Vulnerability disclosure
  • Contact
VaseSignby Stars in a Vase Digital Trust

VaseSign by Stars in a Vase Digital Trust helps teams prepare, review, send, sign, verify and evidence important documents with ECTA-aware workflows, POPIA-aligned controls where configured, and optional higher-assurance paths through configured providers.

Product

  • Features
  • AI document review
  • Evidence-backed signing
  • Feature Shop
  • Partner Network
  • Marketplace
  • Developers
  • Trust Center

Industries

  • Legal & conveyancing
  • Property & rentals
  • HR & onboarding
  • Banking & insurance
  • Government & SMEs

Company

  • About & trust
  • Contact
  • OEM partners
  • White label
  • Partner portal
  • Careers

Legal

  • Trust Center
  • Privacy Policy
  • Terms of Service
  • POPIA (Trust)
  • ECTA alignment

2026 Stars in a Vase Digital Trust. All rights reserved. | ✦ Sign For Free. Forever.

Built in South Africa|ECTA-aware · POPIA-aligned where configured

POPIA-aligned handling

VaseSign is built so organisations can process personal information with controls that align to the Protection of Personal Information Act (POPIA) when policies, workspace configuration, and subprocessors are chosen deliberately. VaseSign provides technical and organisational measures; your information officer remains accountable for lawful processing basis, notices, and governance.

Data minimisation

Product flows collect data necessary for signing, identity steps you enable, billing where applicable, and support. Integrations may introduce additional categories — each connector should be assessed against your privacy programme.

Retention controls

Retention periods and deletion behaviour depend on workspace rules, legal holds, integration behaviour, and backup cycles. Enterprise agreements may specify minimum or maximum retention; operational execution is documented in your deployment schedule. See also Data retention.

Data subject requests

Individuals wishing to exercise access, correction, deletion, or objection rights should contact the organisation that controls their data (typically the VaseSign customer). Where VaseSign acts as operator on behalf of that organisation, requests are coordinated through the customer's administrator or support@vasesign.co.za with enough context to locate the workspace — responses may require customer approval when VaseSign does not independently decide processing purposes.

Cross-border transfers

Where subprocessors or signers process personal information outside South Africa, transfers should be justified under POPIA Chapter 9 conditions — for example consent, binding corporate rules, customer-approved contracts, or adequacy decisions — as assessed by your counsel. VaseSign documents categories of recipients in the Subprocessors register; detailed transfer mechanisms are supplied during enterprise onboarding.

Account-level disclosures appear in the Privacy Policy. Data processing terms for enterprise customers are shared under NDA — see Enterprise assurance.