Home>MeSign Legal Info

MeSign Legal Info

  • 1. Terms of Service

    +

    Terms of Service

    Update Effective Date: August. 18, 2020 (Achieved Version)

    MeSign Technology Limited("MeSign," "our," "we," or "us"), the former name is “MeSince Technology limited” that has been changed since August 8, 2020, is registered in China Mainland, Hong Kong SAR and United Kingdom, provides an encrypted email client software and other related products and services to users around the world. Please read our Terms of Service so you can understand what is up with the use of MeSign App.

    In order to provide our Services (as defined below) through our apps, services, features, software, or website, we need to obtain your express agreement to our Terms of Service ("Terms"). You agree to our Terms by installing, accessing, or using our apps, services, features, software, or website.

    1.1 Our Services

    If you live in China Mainland, MeSign China provides the services described below to you. If you live in a country in the European Region, MeSign UK provides the services described below to you; if you live in any other country except above region, MeSign Hong Kong provides the services described below to you (collectively, "Services"):

    • Privacy and Security Principles. Respecting and protecting your privacy are the reasons why MeSign App come out. Since we started MeSign, we have built our Services with strong privacy and security principles in mind.
    • Email Client Software. MeSign App is an encrypted email client software, MeSign App is available on Windows, iOS, and Android system. MeSign App encrypt, sign, and timestamp every outgoing email as default automatically using S/MIME email certificate. At the same time, MeSign App integrates e-signature functions to provide users with electronic signature services and use digital certificate to implement digital signature and encryption of PDF documents.
    • Encrypting Certificate. MeSign automatically install an Encrypting Certificate for each email account after you have setup your email account successfully, and MeSign stores the Encrypting Certificate private key in MeSign cloud server securely, to ensure you can decrypt and encrypt messages at any time in any device once you log into your email account. It is recommended to set your certificate private key protection password to enhance the private key security, please remember this password. This certificate is the Account Encrypting Certificate for basic encryption and secure communication to servers that you can’t delete it, but you can import other certificate and set it as the Default Encrypting Certificate.
    • Signing Certificate. MeSign automatically install a V1 Signing Certificate for each email account after you have setup your email account successfully. If you have purchased the Professional Edition services, MeSign will automatically install the related identity validation level V2/V3/V4 Signing Certificate. These Signing Certificates key pair is generated and stored in local device securely, we do not backup the Signing Certificate private key in the cloud Key Management System. MeSign will issue a new Signing Certificate once you use MeSign App in new device. The V1 Signing Certificate is the Account Signing Certificate for basic encryption and secure communication to servers that you cannot delete it. And the V2/V3/V4 Signing Certificates are for certifying your identity that you also cannot delete it. But you can import other certificate and set it as the Default Signing Certificate.
    • Ways to Improve Our Services. We analyze how you make use of MeSign App, in order to improve all aspects of our Services described here.
    • MeSign Certificate Database (CerDB). CerDB is a public database of collection of public keys of Encrypting Certificates from all MeSign users and those who voluntarily submit theirs. MeSince automatically collect all incoming digitally signed email’s public key of the Encrypting Certificate and post to CerDB. This Database not only is used by MeSince when user sending encrypted email, but also opened to all third parties that they can search every email’s public key for encryption automation.
    • MeSign Certificate Database (CerDB). CerDB is a public database of collection of public keys of Encrypting Certificates from all MeSign App users and those who voluntarily submit theirs. MeSign App automatically collect all incoming digitally signed email’s public key of the Encrypting Certificate and post to CerDB. This Database not only is used by MeSign App when user sending encrypted email, but also opened to all third parties that they can search every email’s public key for encryption automation.
    • Safety and Security. We work to protect the safety and security of MeSign App by appropriately dealing with abusive people and activity and violations of our Terms. We prohibit misuse of our Services, harmful conduct towards others, and violations of our Terms and policies, and address situations where we may be able to help support or protect our community. We develop automated systems to improve our ability to detect and remove abusive people and activity that may harm our community and the safety and security of our Services. If we learn of people or activity like this, we will take appropriate action by removing such people or activity or contacting law enforcement. We share information with other affiliated companies when we learn of misuse or harmful conduct by someone using our Services.
    • Enabling Global Access to Our Services. To operate our global Service, we need to store and distribute information in data centers and systems around the world, including outside your country of residence. This infrastructure may be owned or operated by our affiliated companies.
    • Affiliated Companies. We are a subsidiary company of WoTrus CA Limited, MeSign uses WoTrus CA system and KM system to issue certificates to MeSign App users, and WoTrus is responsible for MeSign users identity validation. MeSign receives information from, and shares information with WoTrus as described in MeSign's Privacy Policy to help operate, provide, and improve our Services.

    1.2 About Our Services

    No Registration. Like other email client, you don’t have to register to use the service. After you install MeSign App, setup your email account to start using our service. The email address you used in MeSign is your MeSign Account name in our system, you can use this email address to log into MeSign website.

    Age. You must be at least 16 years old to use our Services (or such greater age required in your country for you to be authorized to use our Services without parental approval). In addition to being of the minimum required age to use our Services under applicable law, if you are not old enough to have authority to agree to our Terms in your country, your parent or guardian must agree to our Terms on your behalf.

    Devices and Software. You must provide certain devices, software, and data connections to use our Services, which we otherwise do not supply. In order to use our Services, you consent to manually or automatically download and install updates to our Services. You also consent to our sending you notifications via MeSign App from time to time, as necessary to provide our Services to you.

    Fees and Taxes. You are responsible for all carrier data plans, Internet fees, and other fees and taxes associated with your use of our Services. You can use our Basic Edition service for free, and the default account certificates (one Encrypting Certificate and one V1 Signing Certificate) are free that only validated the email control without identity info in the certificate. If you like to apply high level validation with high level validated Signing Certificate, you need to buy the Professional Edition services, then the V2/V3/V4 Signing Certificate containing the identity information will be configured automatically for free.

    1.3 Privacy Policy And User Data

    MeSign cares about your privacy. MeSign's Privacy Policy describes our information (including message) practices, including the types of information we receive and collect from you, how we use and share this information, and your rights in relation to the processing of information about you. The Privacy Policy sets out the legal bases for our processing of personal information about you, including the collection, use, processing, and sharing of such information, as well as the transfer and processing of such information to China and other countries globally where we have or use facilities, service providers, affiliated companies, or partners, regardless of where you use our Services.

    1.4 Acceptable Use of Our Services

    Our Terms and Policies. You must use our Services according to our Terms and Policies. If you violate our Terms or Policies, we may take action with respect to your account, including disabling or suspending your account and, if we do, you must not create another account using the same email without our permission.

    Legal and Acceptable Use. You must access and use our Services only for legal, authorized, and acceptable purposes. You will not use (or assist others in using) our Services in ways that: (a) violate, misappropriate, or infringe the rights of MeSign, our users, or others, including privacy, publicity, intellectual property, or other proprietary rights; (b) are illegal, obscene, defamatory, threatening, intimidating, harassing, hateful, racially or ethnically offensive, or instigate or encourage conduct that would be illegal or otherwise inappropriate, including promoting violent crimes; (c) involve publishing falsehoods, misrepresentations, or misleading statements; (d) impersonate someone; (e) involve sending illegal or impermissible communications, such as bulk messaging, auto-messaging, auto-dialing, and the like; or (f) involve any non-personal use of our Services.

    Harm to MeSign Or Our Users. You must not (or assist others to) directly, indirectly, through automated or other means access, use, copy, adapt, modify, prepare derivative works based upon, distribute, license, sublicense, transfer, display, perform, or otherwise exploit our Services in impermissible or unauthorized manners, or in ways that burden, impair, or harm us, our Services, systems, our users, or others, including that you must not directly or through automated means: (a) reverse engineer, alter, modify, create derivative works from, decompile, or extract code from our Services; (b) send, store, or transmit viruses or other harmful computer code through or onto our Services; (c) gain or attempt to gain unauthorized access to our Services or systems; (d) interfere with or disrupt the safety, security, or performance of our Services; (e) create accounts for our Services through unauthorized or automated means; (f) collect the information of or about our users in any impermissible or unauthorized manner; (g) sell, resell, rent, or charge for our Services in an unauthorized manner; (h) create software or APIs that function substantially the same as our Services and offer them for use by third parties in an unauthorized manner.

    Keeping Your Account Secure. You are responsible for keeping your device and your MeSign account safe and secure, and you must keep your certificate file in a safe place if you export your certificate. And you must notify us promptly of any unauthorized use or security breach of your certificate or our Services.

    1.5 Licenses

    Your Rights. MeSign does not claim ownership of the information that you submit for your MeSign account or through our Services. You must have the necessary rights to such information that you submit for your MeSign account or through our Services and the right to grant the rights and licenses in our Terms.

    MeSign's Rights. We own all copyrights, trademarks, domains, logos, trade dress, trade secrets, patents, and other intellectual property rights associated with our Services. You may not use our copyrights, trademarks, domains, logos, trade dress, patents, or other intellectual property rights unless you have our express permission.

    Your License to MeSign. In order to operate and provide our Services, you grant MeSign a worldwide, non-exclusive, royalty-free, sublicensable, and transferable license to use, reproduce, distribute, create derivative works of, display, and perform the information (except the email content) that you upload, submit, store, send, or receive on or through our Services. The rights you grant in this license are for the limited purpose of operating and providing our Services.

    MeSign's License to You. We grant you a limited, revocable, non-exclusive, non-sublicensable, and non-transferable license to use our Services, subject to and in accordance with our Terms. This license is for the sole purpose of enabling you to use our Services in the manner permitted by our Terms. No licenses or rights are granted to you by implication or otherwise, except for the licenses and rights expressly granted to you.

    1.6 Disclaimers

    WE WILL USE REASONABLE SKILL AND CARE IN PROVIDING OUR SERVICES TO YOU AND IN KEEPING IT A SAFE, SECURE, AND ERROR-FREE ENVIRONMENT, BUT WE DO NOT GUARANTEE THAT MESIGN WILL ALWAYS FUNCTION WITHOUT DISRUPTIONS, DELAYS, OR IMPERFECTIONS. YOU USE OUR SERVICES AT YOUR OWN RISK AND SUBJECT TO THE FOLLOWING DISCLAIMERS. WE ARE PROVIDING OUR SERVICES ON AN "AS IS" BASIS WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NON-INFRINGEMENT, AND FREEDOM FROM COMPUTER VIRUS OR OTHER HARMFUL CODE. WE DO NOT WARRANT THAT ANY INFORMATION PROVIDED BY US IS ACCURATE, COMPLETE, OR USEFUL, THAT OUR SERVICES WILL BE OPERATIONAL, ERROR FREE, SECURE, OR SAFE, OR THAT OUR SERVICES WILL FUNCTION WITHOUT DISRUPTIONS, DELAYS, OR IMPERFECTIONS. WE DO NOT CONTROL AND ARE NOT RESPONSIBLE FOR, CONTROLLING HOW OR WHEN OUR USERS USE OUR SERVICES OR THE FEATURES, SERVICES, AND INTERFACES OUR SERVICES PROVIDE. WE ARE NOT RESPONSIBLE FOR AND ARE NOT OBLIGATED TO CONTROL THE ACTIONS OR INFORMATION (INCLUDING CONTENT) OF OUR USERS OR OTHER THIRD PARTIES. YOU RELEASE US, OUR SUBSIDIARIES, AFFILIATES, AND OUR AND THEIR DIRECTORS, OFFICERS, EMPLOYEES, PARTNERS, AND AGENTS (TOGETHER, THE "MESIGN PARTIES") FROM ANY CLAIM, COMPLAINT, CAUSE OF ACTION, OR CONTROVERSY (TOGETHER, "CLAIM") AND DAMAGES, KNOWN AND UNKNOWN, RELATING TO, ARISING OUT OF, OR IN ANY WAY CONNECTED WITH ANY SUCH CLAIM YOU HAVE AGAINST ANY THIRD PARTIES. YOUR RIGHTS WITH RESPECT TO MESIGN ARE NOT MODIFIED BY THE FOREGOING DISCLAIMER IF THE LAWS OF YOUR COUNTRY OF RESIDENCE, APPLICABLE AS A RESULT OF YOUR USE OF OUR SERVICES, DO NOT PERMIT IT.

    1.7 Limitation of Liability

    OUR AGGREGATE LIABILITY RELATING TO, ARISING OUT OF, OR IN ANY WAY IN CONNECTION WITH OUR TERMS, US, OR OUR SERVICES SHALL BE LIMITED TO LOSSES THAT ARE A REASONABLY FORESEEABLE CONSEQUENCE OF SUCH BREACH (EXCEPT IN RELATION TO DEATH, PERSONAL INJURY, OR FRAUDULENT MISREPRESENTATION) AND WILL NOT EXCEED THE AMOUNT YOU HAVE PAID US IN THE PAST TWELVE MONTHS.

    YOUR RIGHTS WITH RESPECT TO MESIGN ARE NOT MODIFIED BY THE FOREGOING LIMITATION IF THE LAWS OF YOUR COUNTRY OF RESIDENCE, APPLICABLE AS A RESULT OF YOUR USE OF OUR SERVICES, DO NOT PERMIT IT.

    1.8 Indemnification

    If anyone brings a claim ("Third Party Claim") against us related to your actions, information, or content on MeSign, you will, to the extent permitted by law, indemnify and hold the MeSign Parties harmless from and against all liabilities, damages, losses, and expenses of any kind (including reasonable legal fees and costs) relating to, arising out of, or in any way in connection with any of the following: (a) your access to or use of our Services, including information provided in connection therewith; (b) your breach of our Terms or of applicable law; or (c) any misrepresentation made by you. You will cooperate as fully as required by us in the defense or settlement of any Third-Party Claim. Your rights with respect to MeSign are not modified by the foregoing indemnification if the laws of your country of residence, applicable as a result of your use of our Services, do not permit it.

    1.9 Dispute Resolution

    Governing Law. The laws of the Hong Kong SAR, China and United Kingdom govern our Terms, as well as any Disputes, whether in court or arbitration, which might arise between MeSign and you, without regard to conflict of law provisions.

    1.10 Availability and Termination of Our Services

    Availability of Our Services. We are always trying to improve our Services. That means we may add or remove our Services, features, functionalities, and the support of certain devices and platforms. Our Services may be interrupted, including for maintenance, repairs, upgrades, or network or equipment failures. We may discontinue some or all of our Services, including certain features and the support for certain devices and platforms, at any time after a notice period of 30 days, where possible. Events beyond our control may affect our Services, such as events in nature and other force majeure events.

    Termination. Although we hope you remain a MeSign user, you can terminate your relationship with MeSign anytime for any reason by deleting your account. For instructions on how to do so, please visit: Deleting your account.

    We may also modify, suspend, or terminate your access to or use of our Services anytime for suspicious or unlawful conduct, including for fraud, or if we reasonably believe you violate our Terms or create harm, risk, or possible legal exposure for us, our users, or others. Your email will be in the blacklist and you will not be able to use MeSign, please uninstall APP. But the following provisions will survive any termination of your relationship with MeSign: "Licenses," "Disclaimers," "Limitation of Liability," "Indemnification," "Dispute Resolution," "Availability and Termination of our Services," and "Other." If you believe your account's termination or suspension was in error, please contact us. To protect your privacy, please send us encrypted email.

    We may terminate your MeSign account if you repeatedly infringe the intellectual property rights of others.

    Other

    • Unless a mutually executed agreement between you and us states otherwise, our Terms make up the entire agreement between you and us regarding MeSign and our Services and supersede any prior agreements.
    • We reserve the right to designate in the future that certain of our Services are governed by separate terms (where, as applicable, you may separately consent).
    • Our Services are not intended for distribution to or use in any country where such distribution or use would violate local law or would subject us to any regulations in another country. We reserve the right to limit our Services in any country.
    • Any amendment to or waiver of our Terms requires our express consent. You have the right to terminate your relationship with MeSign at any time by deleting your account.
    • We may amend or update these Terms. We will issue a notice to the website and APP for the update of the legal information such as the Terms of Service and Privacy Policy and display the effective date of the update at the top of this page. Please review the revised Terms of Service and Privacy Policy when you are free. Please note that we may not be able to provide such notice for changes to these Terms that are required to address technical evolutions of our Services or for changes made for legal reasons, both of which will become effective immediately. Your continued use of our Services following the notice period of planned changes confirms your acceptance of our Terms, as amended. We hope you will continue using MeSign App, but if you do not agree to our Terms, as amended, you must stop using our Services by deleting your account.
    • All of our rights and obligations under our Terms are freely assignable by us to any of our affiliates or in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner. In the event of such an assignment, these Terms will continue to govern your relationship with such third party. We hope you will continue using MeSign App, but if you do not agree to such an assignment, you must stop using our Services by deleting your account.
    • You will not transfer any of your rights or obligations under our Terms to anyone else without our prior written consent.
    • Nothing in our Terms will prevent us from complying with the law.
    • Except as contemplated herein, our Terms do not give any third-party beneficiary rights.
    • If we fail to enforce any of our Terms, it will not be considered a waiver.
    • If any provision of these Terms is found to be unlawful, void, or for any reason unenforceable, then that provision shall be deemed severable from our Terms and shall not affect the validity and enforceability of the remaining provisions of our Terms, and the remaining portion of our Terms will remain in full force and effect.
    • We reserve all rights not expressly granted by us to you. In certain jurisdictions, you may have legal rights as a consumer, and our Terms are not intended to limit such consumer legal rights that may not be waived by contract. Also, in certain jurisdictions, you may have legal rights as a data subject, and our Terms are not intended to limit such rights that may not be waived by contract.
    • We always appreciate your feedback or other suggestions about MeSign App and our Services, but you understand that you have no obligation to provide feedback or suggestions and that we may use your feedback or suggestions without any obligation to compensate you for them.

    Accessing MeSign's Terms in Different Languages

    To access our Terms in certain other languages, change the language setting for your session. If our Terms are not available in the language you select, we will default to the English version.

  • 2. Privacy Policy

    +

    Update Effective Date: Oct. 22, 2020 (Achieved Version)

    Respect for your privacy is coded into our DNA. Since we started to develop MeSign App, we have aspired to build our Services with a set of strong privacy principles in mind.

    MeSign is an encrypted email client software that encrypt all messages using S/MIME email certificates, provides a technology tool to protect the private information conveniently for worldwide users. At the same time, MeSign App is also an e-signature tool software. It uses digital certificate to digitally sign and encrypt PDF documents to provide users with a tool to implement e-signatures locally, so that users do not need to upload the files to be signed to the e-signature service platform. Complete the electronic contract signing and PDF document digital signature on the user's computer. Our Privacy Policy helps explain our information (including message) practices. For example, what information we collect and how this affects you. We also explain the steps we take to protect your privacy.

    When we say “MeSign,” “our,” “we,” or “us,” we’re talking about MeSign Technology Limited. This Privacy Policy (“Privacy Policy”) applies to all our apps, services, features, software, and website (together, “Services”) unless specified otherwise.

    Please also read MeSign’s Terms of Service (“Terms”), which describes the terms under which you use our Services.

    2.1 Information We Collect

    MeSign must receive or collect some information to operate, provide, improve, understand, customize, support, and market our Services, including when you install, access, or use our Services. The types of information we receive and collect depend on how you use our Services.

    2.1.1 Information You Provide
    • Your Account Information. Your email address used in MeSign is your username of the MeSign account. We store your email address, name, phone number, organization name, website URL and other similar information if you add this info on “My name card” so that this info can syn to another device using MeSign App.
    • Your Contact. Your sent email’s email address will add to “Contact” automatically, you can create contact into “Contact” manually. We store your Contacts and Groups information to our cloud server (encrypted using your certificate) so that you can have your Contact in all your devices using MeSign App.
    • Your settings on blacklist and whitelist. We store your blacklist and whitelist setting in our cloud server so that all settings will syn to all your device using MeSign App.
    • Your Email Content. We do not store your email content to our cloud server, all messages are encrypted and stored in your mail server and your devices using MeSign App. If a message cannot be delivered immediately (for example, if you are offline), it will in the Outbox or “Outbox_MeSign” folder that we will try to deliver it once the network is available. We offer end-to-end encryption using your own certificate, which is on by default. End-to-end encryption means that your messages are encrypted to protect against us and third parties from reading them.
    • Your Document Content. When you use E-signature service provided by MeSign App, MeSign App will not upload your document to be signed to the cloud e-Signing Service System, but only post the HASH of the document to be signed to the cloud system to obtain the digital signature data, then the digital signature is completed locally by MeSign App in user’s device. And we do not require users to upload the signed documents to any system for signature validation, users can directly use Adobe Reader to open the signed documents to complete signature validation. Our Contract E-signature service also does not provide contract custody service, you need to keep your completed electronic contract by yourself, the signed contract documents is in your mailbox by encrypted email. This is for protecting your document privacy and business secrets that no chance for us to have your documents to be signed.
    • Customer Support. You may provide us with information related to your use of our Services, including copies of your messages, and how to contact you so we can provide you customer support. For example, you may send us an email with information relating to our APP performance or other issues.
    • Identity Validation Service. If you have purchased the Personal Pro Edition services, you will need to provide your personal name and two different identity documents for identity validation; if you have purchased the Business Pro Edition services, you will need to provide business registration documents such as the business license, and you will need to provide an authorization letter and validate your organization email domain control, as well as maybe the employee’s personal identity documents if you have purchased employee identity validation. You must explicitly consent to the collection and use of such information and supporting documentation.
    2.1.2 Automatically Collected Information
    • Usage and Log Information. We collect information about your activity on our Services, like service-related, diagnostic, and performance information. This includes information about your activity (including how you use our Services, your Services settings, how you interact with others using our Services, and the time, frequency, and duration of your activities and interactions), log files, and diagnostic, crash, website, and performance logs and reports.
    • Device and Connection Information. We collect device and connection-specific information when you install, access, or use our Services. This includes information like hardware model, operating system information, app version, browser information, and mobile network, language and time zone, and IP, device operations information, and identifiers like device identifiers. We collect the number of emails you sent and received per day for statistics.
    • Cookies. We use cookies to operate and provide our Services, including to provide our Services that are web-based, improve your experiences, understand how our Services are being used, and customize our Services. For example, we use cookies to provide MeSign for web and desktop and other web-based services. We may also use cookies to understand which of our FAQs are most popular and to show you relevant content related to our Services. Additionally, we may use cookies to remember your choices, like your language preferences, to provide a safer experience, and otherwise to customize our Services for you.
    • Public Key Certificate. When we process the received mail, we will automatically upload the public key certificate attached to the mail to our cloud server. This public key certificate will be automatically delivered to other user Contact (if your email address is in his/her Contact). This allows the user to automatically send encrypted mail to you with your public key without the need to exchange public keys in advance. In order to ensure that you can decrypt encrypted mail on different devices, the certificate encryption will use the multiple public key certificates we collected to encrypt the mail at the same time, so that you can decrypt it with any Encrypting Certificate.
    • Spam Email Address. The SPAM email address you report is not only automatically included in the SPAM blacklist of your local device, but also uploaded to the cloud server and automatically synced to your other device's MeSign App. At the same time, we will set a global blacklist based on the number of times a user reports an email address and synchronize to all user’s Cloud-Blacklist.
    • Mail Server Configuration Parameters. After you successfully login to the mailbox, MeSign will automatically upload the server configuration parameters to the cloud server for analysis and processing, so that other users with the same domain name can automatically configure the approved mail server parameters.
    • Mail Attachments and URL in Email. In order to secure the email attachment and secure the URL in the email, we will upload the hash value of the attachment and the URL in the email to the cloud service to check if the attachment is a malicious file and whether the URL is a malicious website.
    2.1.3 Third-Party Information
    • Information Others Provide About You. We receive information about you from other users and businesses. For example, when other users or businesses you know use our Services, they may provide your email to us when they use MeSign to send email to you, just as you may provide theirs, or they may send you a message, send messages to groups to which you belong. We require each of these users and businesses to have lawful rights to collect, use, and share your information before providing any information to us.
    • Third-Party Service Providers. We work with third-party service providers and Our parent companies to help us operate, provide, improve our Services. For example, we work with companies to improve user-facing features, distribute our apps, provide our infrastructure, delivery, and other systems, supply location, map, and places information, process payments, and help with customer service. These companies may provide us information about you in certain circumstances; for example, app stores may provide us reports to help us diagnose and fix service issues.

    2.2 How We Use Information

    We use the information we have (subject to choices you make) to operate, provide, improve, understand, customize, support, and market our Services. Here's how:

    • Our Services. We use the information we have to operate and provide our Services, including providing customer support, and improving, fixing, and customizing our Services. We understand how people use our Services and analyze and use the information we have to evaluate and improve our Services, research, develop, and test new services and features, and conduct troubleshooting activities. We also use your information to respond to you when you contact us.
    • Automated Email Encryption. As described in the Terms of Service, we issue an Encrypting Certificate for every user and maintain the MeSign Certificate Database for all collected public keys of these Encrypting Certificates. Automated Email Encryption for each email send by every MeSign user and by some third-party service providers may rely on this database.
    • Personalization and synchronization. We maintain your blacklist and whitelist settings, mail sorting rule, profile and contacts on our server to ensure that every time you use MeSign in a new device, all information will be synchronized to the new device.
    • Safety and Security. We verify accounts and activity, and promote safety and security on and off our Services, such as by investigating suspicious activity or violations of our Terms, and to ensure our Services are being used legally.
    • Communications About Our Services. We use the information we have to communicate with you about our Services and features and let you know about our terms and policies and other important updates. We may provide you marketing for our Services.
    • No Third-Party Banner Ads. We still do not allow third-party banner ads on MeSign App. We have no intention to introduce them, but if we ever do, we will update this policy.
    • Cloud-based Blacklist. If one email address is reported by many people as SPAM, we will add it into our Cloud-based Blacklist, and all MeSign users will have this list for SPAM protection.
    • Open Service for CerDB. We provide Mail API to third parties, like all kinds of service providers, other email client developers to get your Encrypting Certificate public key that it can be used to send encrypted email to you easily to protect your service information privacy like phone bill, bank statement, insurance statement etc.
    • Identity Validation Service. If you have purchased the Professional services, we will use the identity proof documents submitted by you and the government and third-party authoritative databases to validate your identity. Your personal and organizational information and associated identification materials are limited to confidential identity validation and are restricted to authorized employees for use in internal office systems.

    2.3 Information You and We Share

    You share your information as you use and communicate through our Services, and we share your information to help us operate, provide, improve, understand, customize, support, and market our Services.

    • Send Your Information to Those You Choose to Communicate With. You share your information (including messages) as you use and communicate through our Services.
    • Account Information. Your email address, profile information, about information, may be available to anyone that you send email to.
    • Public Key Certificate. We share your public key certificate with your contacts or other service providers to facilitate them to send you encrypted mail. Just like your contact's public key certificate has been shared with you, so that you can send an encrypted email to your contact.
    • Your Contacts and Others. Users and businesses with whom you communicate may store or reshare your information (including your phone number or messages) with others on and off our Services.
    • Third-Party Service Providers. We work with third-party service providers and our parent companies to help us operate, provide, improve, understand, customize, support, and market our Services. When we share information with third-party service providers and the parent companies in this capacity, we require them to use your information on our behalf in accordance with our instructions and terms.
    • Third-Party Services. When you use third-party services or our parent companies Products that are integrated with our Services, they may receive information about what you share with them. For example, the default certificates issuance and time stamp service are provided by our parent companies that they will receive information you share with them. If you interact with a third-party service linked through our Services, you may be providing information directly to such third party. Please note that when you use third-party services or our parent companies Products, their own terms and privacy policies will govern your use of those services.
    • Google APIs: MeSign App use and transfer to any other APP of information received from Google APIs will adhere to Google API Services User Data Policy including the Limited Use requirements.

    2.4 How We Work With Our Parent Company

    We are a subsidiary company of WoTrus CA Limited, WoTrus provide the default CA, default KM, default time stamp service and identity validation service. MeSign receives information from, and shares information with WoTrus. For example, Issuing V1 Signing Certificate need to post your email address to CA validation system to validate your email control. If you have purchased the Professional Services, then WoTrus CA employee can access your identity information and proof documents for identity validation. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings. This includes helping improve infrastructure and delivery systems, understanding how our Services or theirs are used, helping us provide a way for you to connect with businesses, and securing systems. We also share information to fight spam, threats, abuse, or infringement activities and promote safety and security across the parent companies’ Products. However, we will minimize the scope for sharing information except it must share in order to provide service for you, but the scope don’t include Gmail API restricted scopes.

    2.5 Assignment, Change of Control, And Transfer

    All of our rights and obligations under our Privacy Policy are freely assignable by us to any of our affiliates, in connection with a merger, acquisition, restructuring, or sale of assets, or by operation of law or otherwise, and we may transfer your information to any of our affiliates, successor entities, or new owner.

    2.6 How The General Data Protection Regulation Applies To Our European Region Users

    Our Legal Bases For Processing Information

    We collect, use, and share the information we have as described above:

    • as necessary to fulfill our Terms;
    • consistent with your consent, which you can revoke at any time;
    • as necessary to comply with our legal obligations;
    • occasionally to protect your vital interests, or those of others;
    • as necessary in the public interest; and
    • as necessary for our (or others') legitimate interests, including our interests in providing an innovative, relevant, safe, and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
    How You Exercise Your Rights

    Under the General Data Protection Regulation or other applicable local laws, you have the right to access, rectify, port, and erase your information, as well as the right to restrict and object to certain processing of your information. This includes the right to object to our processing of your information for direct marketing and the right to object to our processing of your information where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can access or port your information using the in-app feature - My name card. You can access tools to rectify, update, and erase your information directly in-app setting. If we process your information based on our legitimate interests or those of a third party, or in the public interest, you can object to this processing, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons. You can also object to our processing of your information. Where we use your information for direct marketing for our own Services, you can always object and opt out of future marketing messages using the unsubscribe link in such communications.

    2.7 Managing And Deleting Your Information

    We store information until it is no longer necessary to provide our services, or until your account is deleted, whichever comes first. This is a case-by-case determination that depends on things like the nature of the information, why it is collected and processed, and relevant legal or operational retention needs.

    If you would like to manage, change, limit, or delete your information, we allow you to do that through the following tools:

    • Services Settings. You can change your Services settings to manage certain information available to other users. You can manage your contacts, groups, or use our blacklist feature to manage the users with whom you communicate.
    • Permissions. If you want to revoke the permission you have agreed to, you can cancel the permissions directly in your phone, but this may result in a feature being unusable and you may be able to re-permit it if need.
    • Changing Your Mobile Phone Number, Profile Name and Picture, And About Information. You can review, modify or empty the information in “My name card” at any time.
    • Deleting Your MeSign Account. You may delete your MeSign account at any time by logging into your MeSign account in MeSign website. Uninstall your APP doesn’t mean you have deleted your account. Your email will be in the “unsubscribed list” that other MeSign users can’t get your Encrypting Certificate and can’t send encrypted email to you after you delete your account. MeSign will delete your account data and revoke all certificates within 5 work days after you submit the account deletion request.
    • Please note: After your account is deleted, you will not be able to log in to your MeSign account and you will not be able to use MeSign. Please uninstall the installed APP. Since the Encrypting Certificate has been revoked, you may not be able to decrypt the encrypted message using other S/MIME email client software.
    • If you want to continue using the MeSign service after deleting your account, you will need to visit MeSign website FAQ - "Account Management" to re-register your MeSign account. A new Encrypting Certificate is automatically configured after successful registration, but the new certificate cannot decrypt the encrypted email that used the deleted Encrypting Certificate.

    2.8 Law And Protection

    We collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to: (a) respond pursuant to applicable law or regulations, to legal process, or to government requests; (b) enforce our Terms and any other applicable terms and policies, including for investigations of potential violations; (c) detect, investigate, prevent, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of our users, MeSign, our parent companies, or others, including to prevent death or imminent bodily harm.

    2.9 Our Global Operations

    MeSign have two database centers, one in Beijing China, one in Los Angeles USA. MeSign China provide services for China users, MeSign UK provide services for UK and EU users, MeSign HK provide services for worldwide users except above region. MeSign shares information globally, both internally within the company group, and externally with our partners and with those you communicate around the world in accordance with this Privacy Policy. Information will be transferred or transmitted to, or stored and processed, in China Mainland, Hong Kong SAR, UK, USA or other countries outside of where you live for the purposes as described in this Privacy Policy. These data transfers are necessary to provide the Services set forth in our Terms and globally to operate and provide our Services to you. By using MeSign, you consent to the data transfer as outlined in this section. We will take every step reasonably necessary like https and encryption to ensure that your data is treated securely and in accordance with this policy.

    2.10 Updates to Our Policy

    We will notify you in MeSign App once we make changes to this Privacy Policy, please read it carefully once you have time.

    2.11 Contact Information

    If you have questions about our Privacy Policy, please contact us. To protect your privacy, please send us encrypted email, thanks.

    MeSign Technology Limited

    Address: 502#, Block A, Shekou Technology Building II, Nanshan District, Shenzhen, China

    Privacy Officer and compliant: +86-755-26027849, Email: moc.ngisem@spc

  • 3. How We Process Your Information

    +

    How We Process Your Information

    Under European law, companies must have a legal basis to process data. You have particular rights available to you depending on which legal basis we use, and we've explained these below. You should know that no matter what legal basis applies, you always have the right to request access to, rectification of, and erasure of your data under the General Data Protection Regulation (the "GDPR"). To exercise your rights, see our Privacy Policy.

    For all people who have legal capacity to enter into an enforceable contract, we process data as necessary to perform our contracts with you (the Terms of Service, the "Terms"). We describe the contractual services for which this data processing is necessary in Our Services section of the Terms and in the additional informational resources accessible from our Terms. The core data uses necessary to provide our contractual services are:

    • To provide, improve, customize, and support our Services as described in "Our Services";
    • To promote safety and security;
    • To transfer, transmit, store, or process your data outside the EEA, including to within China and other countries; and
    • To communicate with you, for example, on Service-related issues.

    These uses are explained in more detail in our Privacy Policy, under How We Use Information and Our Global Operations. We'll use the data we have to provide these services; if you choose not to provide certain data, the quality of your experience using MeSign may be impacted.

    When we process data you provide to us as necessary to perform our contracts with you, you have the right to port it under the GDPR. To exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.

    The other legal bases we rely on in certain instances when processing your data are:

    Your Consent:

    • For collecting and using information you allow us to receive through the device-based settings when you enable them (such as access to your camera, or photos), so we can provide the features and services described when you enable the settings.
    • When we process data you provide to us based on your consent, you have the right to withdraw your consent at any time and to port that data you provide to us, under the GDPR. To exercise your rights, visit your device-based settings, your in app-based settings like your in-app storage control, and the How You Exercise Your Rights section of the Privacy Policy.

    Our legitimate interests or the legitimate interests of a third party, where not outweighed by your interests or fundamental rights and freedoms ("legitimate interests"):

    For people under the age of majority (under 18, in most EU countries) who have a limited ability to enter into an enforceable contract only, we may be unable to process personal data on the grounds of contractual necessity. Nevertheless, when such a person uses our Services, it is in our legitimate interests:

    • To provide, improve, customize, and support our Services as described in Our Services;
    • To promote safety and security; and
    • To communicate with you, for example, on Service-related issues.

    The legitimate interests we rely on for this processing are:

    • To create, provide, support, and maintain innovative Services and features that enable people under the age of majority to express themselves, communicate, discover, and engage with information and businesses relevant to their interests, build community, and utilize tools and features that promote their well-being;
    • To secure our platform and network, verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, and keep our Services and all of the products free of harmful or inappropriate content, and investigate suspicious activity or violations of our terms or policies and to protect the safety of people under the age of majority, including to prevent exploitation or other harms to which such individuals may be particularly vulnerable.

    For all people, including those under the age of majority:

    • For providing marketing communications to you. The legitimate interests we rely on for this processing are:
      • To promote MeSign Products and issue direct marketing.
    • To share information with others including law enforcement and to respond to legal requests. See our Privacy Policy under Law and Protection for more information. The legitimate interests we rely on for this processing are:
      • To prevent and address fraud, unauthorized use of the MeSign Products, violations of our terms and policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), our users or others, including as part of investigations or regulatory inquiries; or to prevent death or imminent bodily harm.
    • To share information with our parent companies to promote safety and security. See our Privacy Policy under "How We Work with Our Parent Company" for more information. The legitimate interests we rely on for this processing are:
      • To provide free encrypting certificate and signing certificate, to provide high trusted signing certificate after completing identity validation, to provide free time stamp service for each outgoing email, so that you can use these certificates for email encrypting and signing to protect your privacy.
      • To secure systems and fight spam, threats, abuse, or infringement activities and promote safety and security.
    • You have the right to object to, and seek restriction of, such processing; to exercise your rights, visit How You Exercise Your Rights section of the Privacy Policy.
    • We will consider several factors when assessing an objection including: our users' reasonable expectations; the benefits and risks to you, us, other users, or third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort. Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
    • If you are under the age of majority in your country and have a limited ability to enter an enforceable contract, we will take particular account of the fact that you are below the age of majority and adjust our assessment of our legitimate interests and the balancing of your interests and rights accordingly.

    Compliance with a legal obligation:

    • For processing data when the law requires it, including, for example, if there is a valid legal request for certain data. See our Privacy Policy under Law and Protection for more information.

    Protection of your vital interests or those of another person:

    • The vital interests we rely on for this processing include protection of your life or physical integrity or that of others, and we rely on it to combat harmful conduct and promote safety and security, for example, when we are investigating reports of harmful conduct or when someone needs help.

    Tasks carried out in the public interest:

    • For undertaking research and to promote safety and security, as described in more detail in our Privacy Policy under How We Use Information, where this is necessary in the public interest as laid down by European Union law or Member State law to which we are subject.
    • When we process your data as necessary for a task carried out in the public interest, you have the right to object to, and seek restriction of, our processing. To exercise your rights, go to How You Exercise Your Rights section of the Privacy Policy. In evaluating an objection, we'll evaluate several factors, including: reasonable user expectations; the benefits and risks to you and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportional effort.
    • Your objection will be upheld, and we will cease processing your information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
  • 4. Intellectual Property Policy

    +

    MeSign Technology Limited ("MeSign," "our," "we," or "us") is committed to helping people and organizations protect their intellectual property rights. Our users agree to our Terms of Service ("Terms") by installing, accessing, or using our apps, services, features, software, or website (together, "Services"). Our Terms do not allow our users to violate someone else's intellectual property rights when using our Services, including their copyrights and trademarks.

    As explained in more detail in our Privacy Policy, we do not store our users' email content in our Services. We do, however, host our users' account information, including our users' profile picture, profile name, and the Account Certificate.

    4.1 Copyright

    To report copyright infringement and request that MeSign remove any infringing content it is hosting, please contact us. To protect your privacy, please send us encrypted email, thanks.

    Before you report a claim of copyright infringement, you may want to send a message to the relevant MeSign user you believe may be infringing your copyright. You may be able to resolve the issue without contacting MeSign.

    4.2 Trademark

    To report trademark infringement and request that MeSign remove any infringing content it is hosting, please contact us. To protect your privacy, please send us encrypted email, thanks.

    Before you report a claim of trademark infringement, you may want to send a message to the relevant MeSign user you believe may be infringing your trademark. You may be able to resolve the issue without contacting MeSign.

  • 5. CA Policy

    +

    MeSign use our parent company – WoTrus CA Limited’s CA system and KM system to issue email certificate for MeSign users, this certificate is used to encrypt and decrypt the email content using S/MIME standard. MeSign CA system comply with its CPS (Certificate Policy & Practice Statement) and related industry standard.

    5.1 MeSign CPS

    This current version is V2.0, released on August 18, 2020. You can download it at here.

    5.2 MeSign Root Certificates

    MeSign root certificate is included in MeSign App, and you do not need to do anything. The following information is just for your informed, but if you need to use MeSign certificates in other email client software, you need to install the following Root CA certificate and the related intermediate CA certificate in the software. Please visit MeSign Root Certificate for more details.

  • 6. MeSign Browser Terms of Service