Privacy Policy

Last Updated: May 26, 2025

Signiqo S.A. de C.V. ("Signiqo," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Signiqo website, services, software, and applications (collectively, the "Service"). This Privacy Policy is provided in accordance with the Mexican Federal Law on Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares - LFPDPPP) and its regulations.

Please read this Privacy Policy carefully. If you do not agree with the terms of this privacy policy, please do not access or use the Service.

1. Data Controller

The data controller for the personal data processed through the Service is:

Signiqo S.A. de C.V.
Address: [Your Company's Registered Address in Mexico]
Email for privacy inquiries: privacy@signiqo.com

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service depends on the content and materials you use, and includes:

2.1. Personal Data You Provide to Us:

  • Account Information: If you create an account or request information (e.g., for beta access, newsletter), we may collect your name, email address, and any other information you choose to provide.
  • Communication Data: If you contact us directly, we may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send us, and any other information you may choose to provide.

2.2. Biometric Information (Processed Locally):

  • Signiqo's core functionality involves the use of your device's biometric authentication features (e.g., Face ID, fingerprint scanner) or PIN. Important: Your raw biometric data (e.g., your actual fingerprint image or facial scan) is processed locally on your device within its Secure Enclave or Trusted Execution Environment (TEE). Signiqo does not receive, store, or have access to your raw biometric data. This data is transformed on your device into cryptographic keys or identifiers used by the Service.

2.3. Usage Data and Technical Information (Automatically Collected):

  • Device Information: We may collect information about the device you use to access the Service, such as hardware model, operating system and version, unique device identifiers (where applicable), and mobile network information.
  • Log Information: When you use our Service, we may automatically collect and store certain information in server logs. This may include details of how you used our service, IP address, device event information such as crashes, system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
  • Decentralized Identifiers (DIDs): The Service facilitates the creation and management of DIDs. While DIDs themselves are designed to be user-controlled, metadata related to DID interactions or usage within the Service might be processed.
  • Blockchain Data: Interactions with blockchain networks facilitated by Signiqo may result in data being recorded on public, immutable ledgers. This data is not controlled by Signiqo.

2.4. Cookies and Similar Tracking Technologies:

  • We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Service to help customize the Service and improve your experience. For more information on how we use cookies, please refer to our Cookie Policy (if separate, or detail here). You can usually choose to set your browser to remove or reject browser cookies. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Service.

3. How We Use Your Information

We use the information we collect for various purposes, in accordance with the principles of purpose, legality, and proportionality under the LFPDPPP, including to:

  • Provide, operate, and maintain our Service.
  • Improve, personalize, and expand our Service.
  • Understand and analyze how you use our Service.
  • Develop new products, services, features, and functionality.
  • Communicate with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the Service, and for marketing and promotional purposes (with your consent where required by law).
  • Process your transactions (if applicable).
  • Send you technical notices, updates, security alerts, and support and administrative messages.
  • Find and prevent fraud and abuse.
  • Comply with legal obligations and enforce our terms and policies.

The primary purposes for which we collect your personal data are necessary for the legal relationship between you and Signiqo. Secondary purposes may include marketing; you will have the option to object to these secondary uses.

4. Legal Basis for Processing Personal Data

Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from you only:

  • Where we have your consent to do so (Consent).
  • Where we need the personal information to perform a contract with you (Necessity for Contract).
  • Where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (Legitimate Interests).
  • To comply with a legal obligation (Legal Obligation).

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).

5. Sharing and Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation in Mexico.
  • Third-Party Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., hosting services, analytics providers, customer support). These third parties are obligated to protect your data and use it only for the purposes for which it was disclosed, in line with data processing agreements where applicable under LFPDPPP.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • With Your Consent: We may disclose your personal information for any other purpose with your consent. This includes explicit consent for data transfers not covered by other exceptions under LFPDPPP.
  • Aggregated or De-identified Data: We may share aggregated or de-identified information, which cannot reasonably be used to identify you.

We will not sell your personal data to third parties for their own marketing purposes without your explicit consent.

6. International Data Transfers

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of Mexico. If you are located in Mexico and choose to provide information to us, please note that we may transfer the data, including personal data, to other countries and process it there. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and the LFPDPPP, including implementing appropriate safeguards such as standard contractual clauses or ensuring the recipient country provides an adequate level of data protection.

7. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy, to fulfill our contractual obligations, or as required by applicable Mexican law (e.g., for tax or accounting purposes). We will then delete or anonymize your personal data, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

8. Your Data Protection Rights (ARCO Rights)

In accordance with the LFPDPPP, you have the following rights regarding your personal data:

  • Right of Access: You have the right to access your personal data that we possess and to know the details of its processing.
  • Right to Rectification: You have the right to request the correction of your personal data if it is inaccurate or incomplete.
  • Right to Cancellation: You have the right to request the deletion of your personal data from our records or databases when you consider that it is not being used in accordance with the principles, duties, and obligations provided by law (e.g., when it is no longer necessary for the purpose for which it was collected).
  • Right to Opposition: You have the right to object to the processing of your personal data for specific reasons.

You also have the right to revoke the consent you have given for the processing of your personal data at any time, where consent is the legal basis for processing.

To exercise your ARCO rights, or to revoke consent, please submit a written request to our Data Protection contact at privacy@signiqo.com. Your request must include:

  1. Your full name and email address or other means to communicate the response to your request.
  2. Documents proving your identity or, if applicable, legal representation.
  3. A clear and precise description of the personal data with respect to which you seek to exercise any of the ARCO rights.
  4. Any other element or document that facilitates the location of the personal data.

We will respond to your request within the timeframes established by the LFPDPPP (typically 20 working days to inform you of the decision, and 15 working days to implement it if it is deemed appropriate).

If you are not satisfied with our response, you have the right to file a complaint with the National Institute for Transparency, Access to Information and Personal Data Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales - INAI).

9. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties.

Given the non-custodial nature of Signiqo regarding your biometric data and primary cryptographic keys, the security of your information also heavily depends on your own security practices for your devices and credentials.

10. Children's Privacy

Our Service is not intended for use by children under the age of 18 (or the applicable age of majority). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18 without verification of parental consent, we will take steps to remove that information from our servers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

For material changes, we may also provide a more prominent notice (including, for certain services, email notification of Privacy Policy changes).

12. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Signiqo S.A. de C.V.
Attention: Data Protection Officer
Address: [Your Company's Registered Address in Mexico]
Email: privacy@signiqo.com