Privacy Policy

Last Updated: March 20, 2026

1. Introduction

Welcome to SignAja ("we," "our," or "us"), an enterprise platform operated by Vylera Labs. We are committed to protecting your privacy and ensuring the security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SignAja application (available at https://signaja.vyleralabs.com).

2. Google API Services Usage Disclosure

SignAja integrates with Google Workspace APIs to provide seamless document management and corporate authentication. SignAja's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Google Drive API (drive.file)

  • Access: We request the drive.file scope. This is a restricted scope that only allows SignAja to view and manage Google Drive files that you have explicitly opened or created with the SignAja app. We do not have access to your entire Google Drive.
  • Use: We use this access strictly to read the documents you wish to sign, and to securely upload the finalized, cryptographically sealed PDF back to your Google Drive.
  • Storage: We temporarily process the file contents in memory during the signature and OCR processing steps. The finalized document is stored back in your Google Drive. A textual summary (OCR) and document metadata are stored in our secure database for searchability, but the actual file payload resides solely in your Drive.
  • Sharing: We do not share your Google Drive data with any third parties. File contents are strictly processed internally to fulfill the digital signature workflow you requested.

Google Admin Directory API (admin.directory.user.readonly)

  • Access: We request the admin.directory.user.readonly scope to verify your corporate identity within your Google Workspace domain.
  • Use: We use this to establish a zero-trust single sign-on (SSO) session, ensuring that only authorized personnel within your organization can access internal documents.
  • Storage & Sharing: We securely store your basic profile information (Name, Email, and Domain) to map your user account and apply Role-Based Access Controls (RBAC). We do not sell, rent, or share your directory data with third parties.

3. Data Security & Cryptography

SignAja employs enterprise-grade security measures. Your account security is maintained via Multi-Factor Authentication (Google Authenticator), ensuring that high-risk signing actions are only performed by the authorized account holder. We do not store or process physical identification cards or face profiles.

4. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact our compliance team at legal@vyleralabs.com.