GetSigned is a Canadian e-signature service. Here is a plain-language account of where your data lives and how it is handled.
GetSigned is built and operated as a Canadian service under PIPEDA (the federal Personal Information Protection and Electronic Documents Act). Signed documents and signer data are stored in Canada. Keeping this data in-country is intended to simplify privacy assessments for Canadian organizations and public-sector buyers who require Canadian data residency.
To deliver the service we rely on a small set of third-party providers. Some of them — for example email delivery, error monitoring, analytics, IP geolocation, and trusted timestamping — may process limited technical data (such as an email address, an IP address, or a document hash) on infrastructure outside Canada. We do not consider these to hold the substance of your signed documents, which remain stored in Canada. The full list is on our subprocessors page.
Document retention follows a configurable policy. After the retention window passes, the sealed PDF file is purged from storage, while the document record and the hash-chained audit log are kept so the executed record stays verifiable. Where supported, parties are emailed the sealed copy (or a tokenized download link) before purge. See the security page for the underlying integrity model.
GetSigned targets PIPEDA-defensible electronic signatures and US ESIGN/UETA. It is not designed for strict data-localization regimes outside Canada and the US, and it does not issue qualified/eIDAS signatures. If your jurisdiction imposes data-localization rules we cannot meet, GetSigned may not be the right fit. For specific residency commitments, contact us before relying on the service.
This page summarizes our practices for convenience and may be updated as our infrastructure evolves. The privacy policy governs in case of any conflict.