General Information

This Privacy Policy explains how TrustLabSign collects, uses, stores and shares personal data when you use the TrustLabSign platform (TrustLabSign.pro). The policy is written to reflect real-world usage scenarios such as remote notarization of contracts, business incorporation document platform, and multi-party signature workflows. We describe concrete examples and case studies so you can understand what data is involved in each scenario, how long it is kept, and how you can exercise your rights. TrustLabSign operates from Malaysia and processes data in support of customers in Malaysia and select cross-border engagements.

09-01-2026
TrustLabSign, Business ID 211239529590, 9, Jalan Lagenda 2, Lagenda Heights, 08000 Sungai Petani, Kedah, Malaysia. Phone: +60127172160
9, Jalan Lagenda 2, Lagenda Heights, 08000 Sungai Petani, Kedah, Malaysia

Definitions

This section defines the main terms used in the policy to make it easier to relate those terms to real operational tasks on the TrustLabSign platform. Each definition is followed by a short scenario to illustrate how the term applies in practice.

Personal data: Any information relating to an identified or identifiable natural person. Example: a signer's name, email and identification number submitted during remote notarization of a sales agreement.
Processing: Any operation performed on personal data, such as collection, storage, transfer, or deletion. Example: converting a signed document to a secure archival format after all parties complete signatures.
User: A person who registers or interacts with TrustLabSign, including signers, document owners, notaries, and administrators. Example: a company HR manager uploading employment contracts for remote signature by new hires.
Service: The set of features provided via TrustLabSign.pro for preparing, notarizing, signing, and archiving documents. Example: a three-party notarization workflow with timestamped audit logs.
Cookies: Small data files stored on a user's device to support sessions, preferences and analytics. Example: a session cookie that keeps you logged in while uploading notarized documents.

What Data We Collect

We collect data required to operate notary and signature workflows, provide support, and maintain audit trails. Below we explain the main categories and give short practical cases where each type of data is used so you can see why it is needed and how it affects processes such as notarization turnaround, dispute resolution and record retention.

Data You Provide

When you use TrustLabSign, you or other users actively provide information for identity verification, document processing and transaction management. The examples below map directly to common workflows.

  • Identity details: full name, national ID or passport number, date of birth and contact details used in signer verification during a remote notarization scenario.
  • Document content: uploaded contracts, deeds, affidavits and attachments required for the notary process and subsequent archival.
  • Authentication inputs: passwords, OTP codes, biometric hashes or consent confirmations used to complete signing steps in a multi-factor scenario.
  • Business information: company registration numbers, authorized representative names and business contact details used in corporate onboarding and audit logs.
  • Communication content: messages and email correspondence with support or other parties in a signature workflow, used to resolve questions about a particular notarization case.
  • Payment and billing data: billing contact, invoicing address and payment confirmations when a paid plan or per-document fee is applied for priority notarization services.

Data Collected Automatically

Some data is collected automatically when using the platform to maintain security, measure performance, and log events needed for audit trails and dispute resolution.

  • Usage logs: timestamps for uploads, signature events, notarization completions and system acknowledgements used to build audit-ready timelines for each document case.
  • Device and browser data: IP address, browser type and device identifiers used to detect anomalous activity in a signer verification scenario.
  • Performance metrics: timing and error reports used to improve server-side processing of large document batches and to reduce delays in high-volume corporate onboarding cases.
  • Analytics events: aggregated patterns of feature use to prioritize product improvements tied to real case studies, such as bulk notarization for conveyancing agents.
  • Security events: records of failed login attempts and authentication challenges used to contribute potential fraud attempts against specific notarization workflows.
  • Audit hashes: encrypted hashes and provenance metadata generated for signed documents to preserve a tamper-evident trail for later verification.

Third-Party Data Sources

We may receive data about users from trusted third-party providers to support identity verification and payment processing while keeping a clear audit trail tied to each case.

  • Identity verification providers: verification results and reference IDs used to corroborate a signer's identity during a notarization workflow.
  • Payment processors: transaction IDs and billing confirmations required to reconcile payments for paid services such as expedited notarization.
  • Cloud infrastructure providers: system logs and storage metadata needed to host encrypted archives and to demonstrate access controls in corporate compliance reviews.

Purposes of Processing

We process data for specific operational and legal purposes tied to the practical scenarios customers use TrustLabSign for, including notarization, dispute resolution and regulatory recordkeeping.

  • Provide and operate the platform: enabling document upload, signature flows, notarization steps and secure archive access for documented cases.
  • Verify identity: confirm the identities of signers where required by a particular notary workflow or local regulatory requirement.
  • Maintain audit trails: create timestamps, event logs and encrypted evidence for each signed document to support later verification or dispute handling.
  • Support and troubleshooting: respond to support requests and contribute operational incidents reported by users involved in a specific notary case.
  • Billing and payments: process invoicing and payment records for paid plans or per-document services rendered in concrete customer engagements.
  • Compliance and legal obligations: retain records and produce audit evidence when required by law or in response to lawful requests related to particular notarization events.
  • Product improvement: analyze anonymized, aggregated usage patterns derived from real case workflows to prioritize practical feature changes.
  • Fraud prevention and security: detect and act on suspicious activity identified in specific document workflows to protect other users involved in the same case.

Legal Basis for Processing

When applicable under relevant law, we rely on appropriate legal bases to process personal data. Below we describe practical bases mapped to the typical notary and contract management scenarios encountered on TrustLabSign.

Cookies and Similar Technologies

We use cookies and similar technologies to enable sessions, remember preferences, and collect analytics that help us improve TrustLabSign based on real user scenarios. You can manage cookie settings and opt out of non-essential categories.

Types of cookies used include session cookies for login state, persistent cookies for preferences, and analytics cookies to measure feature usage across notarization cases.

Cookies are categorized as strictly necessary (session and security), functional (preferences), performance/analytics (usage patterns), and advertising (not used except when explicitly agreed for marketing).

Manage cookies via your browser settings or the cookie controls presented on TrustLabSign.pro. Disabling non-essential cookies may affect convenience features but will not prevent core notarization functions in most use cases.

See our Cookie Policy on TrustLabSign.pro for full details and tools to manage preferences.

Sharing and Disclosure

We share personal data only when necessary to support a specific operational case, to meet legal obligations, or with third-party providers who process data on our instructions. Each sharing event is logged as part of the audit trail for the related notarization.

  • Service providers: identity verification, payment processors and secure storage providers who perform services under contract and only on our instructions for a given notarization case.
  • Legal and regulatory requests: disclosures made in response to lawful requests or orders that are specific to particular documents or contribute.
  • Business transfers: in case of a merger or sale, specific records tied to ongoing notarization cases may be transferred as part of the transaction with clear notice to affected account holders.
  • Authorized recipients: parties explicitly designated by a document owner in a notarization workflow, such as signing attorneys or escrow agents who need access to case documents.
  • Aggregated insights: anonymized and aggregated usage statistics derived from multiple cases used to improve platform features without identifying individuals.
  • Security incident response: limited disclosures to forensic contribute and relevant parties when contribute incidents tied to specific notarization events.

International Data Transfers

Where data is processed outside Malaysia to support storage, identity verification, or infrastructure services, we take steps to ensure an adequate level of protection. Transfers are limited and tied to identified operational needs in specific notarization cases.

We use contractual safeguards, vetted third-party providers, and where applicable standard contractual clauses or equivalent safeguards to protect data transferred outside Malaysia in relation to particular service workflows.

Retention and Deletion

Retention periods are determined by the type of data and the practical needs of notarization workflows, regulatory requirements, and the lifecycle of the related transaction.

Account data: retained while the account is active and for a reasonable period afterwards to support record requests related to previously notarized documents or compliance inquiries tied to specific cases.

Messages and correspondence: retained for the duration necessary to resolve support issues or disputes arising from a specific notarization, typically aligned with audit and compliance requirements for that case.

Audit logs and encrypted hashes: retained according to legal and regulatory obligations relevant to notarization evidence; retention periods vary by case type and applicable law but are maintained to preserve evidentiary value.

Deletion requests for personal data tied to non-essential processing are honored where feasible, taking into account retention needs for completed notarization cases or legal obligations that require preservation of records.

Security Measures

Security is approached through a combination of technical, organizational and procedural measures that align to real operational scenarios. For example, access controls and per-case audit logs are applied when a conveyancer uploads multiple property documents, while encryption in transit and at rest protects archived notarizations used for later verification.

  • Access controls and role-based permissions that restrict document actions to authorized participants in a given notarization workflow.
  • Encryption of data in transit (TLS) and at rest, plus encrypted hashing for document integrity to support later verification in dispute scenarios.
  • Operational safeguards such as incident response playbooks, regular backups of encrypted archives, and periodic security reviews informed by actual case study findings.

Your Rights

Depending on applicable law and the specifics of your case, you have rights to access, rectify, restrict or request deletion of personal data, as well as to object to certain processing and request portability of data tied to specific notarization tasks.

  • Right of access: request a copy of personal data associated with a particular notarization case and its audit trail.
  • Right to rectification: request correction of inaccurate personal data used in an identity verification step.
  • Right to erasure: request deletion of personal data that is not required for legal retention related to a closed notarization file.
  • Right to restrict processing: ask us to limit processing of personal data in scenarios where accuracy is contested during a specific dispute.
  • Right to data portability: request a machine-readable export of personal data connected to a specific transaction or notarization workflow.
  • Right to object: object to processing based on legitimate interests where those interests are not essential for the completion of the notarization service in question.
  • Right to withdraw consent: where processing is based on consent for optional features, you can withdraw consent for future use without affecting prior lawfully processed data.
  • Right to lodge a complaint with a supervisory authority if you consider our processing in relation to a specific case is not compliant with applicable law.

How to Make a Rights Request

To exercise your rights in relation to a specific notarization case, contact our data protection representative with a clear description of the request and the relevant case or document identifiers. Include your name, account email, and any information that helps locate the particular transaction.

[email protected]

We aim to respond to valid requests regarding specific cases within a reasonable timeframe consistent with applicable law and the complexity of the request; routine requests are typically acknowledged within 14 days and completed within a further 30 days unless additional time is justified by the case complexity.

EU Data Protection (Where Applicable)

Although TrustLabSign operates from Malaysia, we may interact with users or data subject to EU rules in limited business scenarios. Where GDPR applies to a particular cross-border case, we take steps to respect the core rights and obligations outlined by that framework in relation to the specific processing activities tied to the relevant notarization transaction.

  • When GDPR applies to a specific transaction involving EU data subjects, we rely on appropriate legal bases for processing, respect data subject rights, and use contractual safeguards for transfers to non-EEA processors. Practical steps include explicit consent records or documented legitimate interest assessments for relevant notarization workflows.
  • We process personal data necessary to deliver notary and document-signing services, including identity verification data and transaction records. Processing is limited to the scope described in this policy and conducted under lawful bases such as contract performance and legitimate interest where applicable.
  • Data subjects may exercise rights such as access, rectification, restriction of processing, objection and portability. We provide clear channels to submit requests and respond within timelines required by applicable law, with identity checks to protect user accounts.
  • Personal data is retained only as long as necessary for service delivery, dispute resolution, compliance with Malaysian legal obligations, or as otherwise required by applicable retention schedules. When no longer needed, data is deleted or archived in a secure and auditable manner.
  • When third-party processors are engaged (for hosting, verification or payment processing), we require contractual commitments to protect personal data and limit processing to specified purposes. Sub-processors are assessed and monitored for security and compliance.
  • We maintain technical and organizational measures appropriate to the sensitivity of data, including encryption in transit and at rest, role-based access controls, logging and regular security reviews. Incident response procedures are in place to address data breaches promptly.

For inquiries about data protection practices or to lodge a complaint, users may contact our data protection officer. If you believe your rights under applicable data protection law have been violated, you may refer the matter to the relevant supervisory authority in Malaysia.

Marketing Communications

TrustLabSign may send periodic service updates, industry information and offers related to our notary and document management services. Communications are tailored based on your service use and stated preferences. Examples: scenario-based tips on preparing documents for notarization, case studies about cross-border transactions, and invitations to webinars on digital notarization best practices.

You can opt out of marketing emails at any time by using the unsubscribe link in messages or by contacting us. Transactional messages about your active documents or legal notices will still be sent unless you close your account and request cessation of all communications.

Children and Minors

TrustLabSign services are intended for adults and businesses. We do not knowingly collect personal data from children under the age permitted by law for contract formation. If we become aware that we have collected such data, we will take steps to delete it. For scenarios involving guardians or legal representatives, we require documentation proving authority before proceeding.

Third-Party Links

Our platform may include links to third-party sites (e.g., identity verification providers, payment gateways, or government resources). These links are provided for convenience and do not indicate endorsement. Each third party maintains its own privacy practices; review their policies before sharing information.

Changes to This Policy

We may update this privacy information to reflect changes in our services, regulations, or data processing practices. Material changes will be communicated via our platform or email with a clear effective date. For example, any change in how identity verification data is processed will be highlighted with practical examples of impact.