General terms and conditions of use

Effective as of 17/09/2025

Service publisher: UGOSIGN.COM SAS, share capital 5 750,00 €, 980 359 343 R.C.S. Bordeaux, registered office: 7 Allée de Chartres, 33000 Bordeaux, FR17980359343.

Contact: contact@ugosign.com | DPO: dpo@ugosign.com

Article 1 – Purpose – Scope – Acceptance

These CGU (Terms of Use) govern access to and use of the UGOSIGN.COM SaaS service (the “Service”). The Service is intended exclusively for business customers (B2B).

Use of the Service implies unconditional acceptance of the CGU and of their Privacy Policy).

The CGU are available in French and English. In the event of any discrepancy, the French version prevails.

Article 2 – Service description

UGOSIGN.COM is a SaaS platform for electronic signatures compliant with Regulation (EU) No 910/2014 (eIDAS) offering the following levels:

SES (Simple Electronic Signature);
AES (Advanced Electronic Signature);
QES (Qualified Electronic Signature): not offered to date.

Main features: creation and sending of signature requests, document templates, workflows, dynamic fields, automatic reminders, timestamping, certificates and sealing of PDFs, legal proof of electronic signature, API and webhooks, secure storage and export of signed documents (digitally signed PDF, tamper protection).

Scope & technical limits:

Supported format:
- Dynamic contract: HTML content;
- PDF; max size per document: 50 MB;
Up to 100 signers per envelope;
Other limitations (volume, storage, features): according to the subscription plan (see Pricing page).

The Client remains solely responsible for choosing the signature level (SES/AES) suitable for its uses, legal constraints and sector requirements.

Article 3 – Account creation – Roles – Security

Eligibility: business Client with legal capacity.
Account opening: creation by an owner; email verification.
Roles: owner, administrator (same as owner except owner exclusion), representative (may appear as the company’s representative on signed contracts), member.
The Client must protect its credentials, enable the security measures provided, and notify without delay any security incident to support@ugosign.com.
UGOSIGN may suspend access in case of abusive use, suspected compromise or non-payment (see Art. 12).

Article 4 – eIDAS compliance

UGOSIGN supports SES and AES as defined by the eIDAS Regulation. QES is not offered.

For SES, identification and the link with the signer rely on standard mechanisms (e.g. secure invitations, technical proofs and timestamps).
For AES, UGOSIGN provides strong authentication factors and exclusive control of the signature creation data, configurable by the Client according to its needs.
The legal proof of electronic signature records key events (timestamps, declared identities, technical metadata, authentication factors used, etc.) and is exported with the signed document.

The Client chooses and configures the signature level (SES or AES) on a case-by-case basis and ensures it is legally sufficient for the intended use. UGOSIGN does not provide legal advice.

Article 5 – Acceptable use

The Ugosign API and platform are intended for normal professional use, in accordance with the documentation and applicable laws. The following examples constitute prohibited uses (non-exhaustive list):

Illegal content or content contrary to public order;
Infringements of third-party intellectual property rights or personal data;
Storage or transmission of sensitive data not necessary for use of the Service;
Distribution of malware, spam, or phishing attempts;
Circumventing security measures or technical limits;
Unauthorized load testing or benchmarking;
Abusive scraping or unapproved automation;
Violation of regulations relating to export, international sanctions, or the GDPR.

In case of inappropriate use (including but not limited to the examples above), Ugosign reserves the right to suspend or terminate access immediately and without notice, with no obligation to refund.

Article 6 – Intellectual property

UGOSIGN retains all rights in the platform, software, trademarks, logos and related content.
The Client retains ownership of its documents and data; it grants UGOSIGN a non-exclusive license to host, process and display solely for the purposes of providing the Service.
Client feedback may be used freely by UGOSIGN to improve the Service, without obligation.

Article 7 – Personal data – GDPR – DPA

Roles:

For account/billing data: UGOSIGN is the controller.
For documents, envelopes, signers, logs: UGOSIGN acts as the Client’s processor.

Sub-processors:

Stripe (payments)
Crisp (chat)
Vonage (SMS)
Scaleway (hosting/infrastructure)
Infomaniak (email, drive, collaborative tools).

Phone numbers and email addresses used for OTP mechanisms
Location: hosting in Europe (Paris/EU); no transfers outside the EU (as of today).
GDPR rights: access, rectification, erasure, objection, portability, restriction – via dpo@ugosign.com.
Data Processing Agreement (DPA): see privacy policy.
Privacy policy: see the dedicated page

Article 8 – Security

Measures implemented (“best practices” level): encryption of contract content at rest, TLS 1.2+, WAAP intermediary, multi-site EU backups with versioning, logging, dependency analysis, tests at each release.

Security incidents: notification by email to affected Clients as soon as practicable after detection.

Article 9 – Pricing – Invoicing – Payment

Plans and their limits are shown on the Pricing page; billing monthly or annually at your choice.
30-day trial without commitment.
Tacit renewal; termination takes effect at the end of the current cycle (notice aligned with the cycle).
Payments: Bank Card or SEPA transfer.
No penalties; in case of non-payment, UGOSIGN may restrict access until regularization.
UGOSIGN may revise prices with notice (30 days); the Client may terminate before entry into force.

Article 10 – Availability – Maintenance – Support (SLA)

Target availability: 99.9% (indicative, without contractual guarantee).
Planned maintenance: 48-hour prior notice by email (where possible).
Planned interventions outside business hours (9 a.m. to 7 p.m.)
Support:

Starter & Pro: email, response ≤ 48 business hours;
Business: priority chat, response ≤ 24 business hours.

Article 11 – Retention & reversibility

Retention by UGOSIGN as long as the account is active.
In the absence of activity, deletion of the account and data after 5 years (subject to higher legal obligations).
Export of documents and logs by the Client before termination; reversibility assistance on quotation.
Probative archiving: optional service on quotation.

Article 12 – Suspension – Termination

The Client may terminate at any time; effect at the end of the current billing cycle. Resumption possible later.
UGOSIGN may suspend/terminate in case of non-payment, violation of the CGU, security risk or legal obligation.
In case of substantial modification of the CGU or pricing, a notice is sent by email; the Client may refuse and terminate before entry into force.

Article 13 – Warranties – Liability – Force majeure

The Service is provided “as is” apart from specific SLA commitments.
Limitation of liability: UGOSIGN’s total liability, all causes combined, is capped at the amounts paid by the Client during the last twelve (12) months.
Excluded: indirect damages (loss of opportunity, loss of data, business interruption, lost profits, etc.).
Legal exceptions: gross negligence, fraud, bodily injury.
Force majeure: unforeseeable/irresistible/external events (massive cyber-attack, widespread network outages, disasters, administrative decisions, etc.) suspend obligations.

Article 14 – API & integrations

API access reserved for Clients, according to the subscribed plan. API keys are secrets; rotation recommended.
Fair use; prohibited: reverse engineering, load tests without written consent, technical circumvention.
Third-party integrations (email, SMS, identity, cloud, etc.) provided “as-is”.

Article 15 – Changes – Notifications – Contractual hierarchy

UGOSIGN may amend the CGU and any appendices; notification by email and/or via the interface.
In case of substantial change (e.g. price, scope), 30-day notice; right to terminate before effect.
Hierarchy: Purchase Order/Specific Agreement (where applicable) > CGU > appendices > documentation.

Article 16 – Governing law – Jurisdiction

The CGU are governed by French law. Any dispute falls under the exclusive jurisdiction of the courts of Bordeaux (Commercial Court), subject to mandatory rules.

Article 17 – Evidence & electronic signature of the CGU

Creating a UGOSIGN account constitutes acceptance of the CGU. UGOSIGN may retain logs evidencing such acceptance.

Signature levels & Authentication factors

1 Proposed levels

SES: basic level under eIDAS; suitable for low/moderate risks according to the Client’s analysis.
AES: advanced level; requires a unique link with the signer, an identification and exclusive control of the signature data
Whatever the signature level used, we add tamper detection features for the PDF document afterwards as well as a timestamp.

2 Authentication factors

SES: secure invitation link, email authentication (with optional SMS).
AES: secure invitation link, email authentication with identity verification ensuring exclusive control by the signer.

The signature level (SES or AES) is indicated in the interface and logged in the legal proof of electronic signature at the end of the PDF document and is replicable for evidentiary purposes.

3 Proofs retained

Dated events (creation and sending, viewing, consent, signature), file fingerprints, technical identifiers, authentication factors used (without storing secrets), IP addresses, timestamps, summary of the chosen level (SES/AES).
Export: Signed PDF + legal proof of electronic signature with tamper-detection features.

4 Responsibilities

The Client assesses its risks, selects SES or AES and configures the available authentication factors. UGOSIGN provides the technical means and the legal proof of electronic signature; the Client bears the legal qualification of its uses (internal compliance, sector rules, or contractual stipulations).