Privacy policy

Compliant with Regulation (EU) 2016/679 (GDPR) and applicable data protection laws.

1. Data controller

Main.llc — 100 SE 2nd Street, Suite 2000, Miami, FL 33131, USA. Contact: support@certifeurope.com.

2. Data collected

Within the scope of the service, Certif Europe collects:

• Identity: last name, first names, date of birth, nationality, ID document number and image;
• Contact: email, phone number, postal address;
• Document to sign: the PDF uploaded by the Customer (only for the duration of service);
• Technical data: IP address, browser, operating system, connection logs;
• Payment data: processed exclusively by Stripe — Certif Europe stores no card numbers.

3. Purposes

• Issuance of the qualified electronic signature certificate and document signing;
• Identity verification compliant with eIDAS requirements and Article R123-5 of the French Commercial Code;
• Billing and accounting obligations (10-year retention, Articles L. 102 B et seq. of the French Tax Procedures Book);
• Audience measurement and service improvement (anonymized Google Analytics 4);
• Anti-fraud and anti-money-laundering controls.

4. Legal bases

• Contract execution (Art. 6.1.b GDPR) for data strictly necessary to the service;
• Legal obligations (Art. 6.1.c) for accounting retention and anti-fraud;
• Consent (Art. 6.1.a) for non-strictly-necessary audience measurement cookies.

5. Retention periods

• Signed document: 30 days after delivery, unless extension requested;
• ID document: minimum eIDAS regulatory period (10 years after certificate issuance);
• Billing data: 10 years (accounting obligation);
• Technical logs: 12 months.

6. Recipients

Data is processed by: Main.llc (data controller), the partner Qualified Trust Service Provider established in the European Union (subprocessor or joint controller depending on operations), Stripe (payment), Brevo (transactional emails), Vercel (hosting). All signing operations and personal data storage take place at the EU-based QTSP partner; any transfer to Main.llc (data controller, USA) is governed by the European Commission's Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework.

7. Hosting

All operational data (signing, storage, transactional emails) is hosted within the European Union (France, Ireland). No operational data (signed PDF, ID document, certificate) is transferred outside the EU for signing operations.

8. Your rights

You have the rights of access, rectification, erasure, restriction, objection, and portability provided in Articles 15 to 22 of the GDPR. You can exercise these rights by writing to support@certifeurope.com. You may also lodge a complaint with the CNIL (cnil.fr) or any other supervisory authority of your EU member state of residence.

9. Cookies

The site uses:

• Strictly necessary cookies: session, cart, preferences (no consent required);
• Audience measurement cookies: Google Analytics 4 (anonymized), with prior consent;
• Advertising conversion cookies: Google Ads, with prior consent.

You can withdraw consent at any time via the cookie management bar present on the site.

Last updated: May 5, 2026.