Home

Privacy Policy for Pactly

Last updated: 24 June 2026

This Privacy Policy explains how Pactly processes personal data when you use our service.

Pactly is provided by:

CMO Partners AS

Organization number: 935 854 148

Address: Wetlesens vei 22, 0681 Oslo, Norway

Email: support@pactly.no

CMO Partners AS is the data controller for the processing of personal data described in this Privacy Policy, unless otherwise expressly agreed.

1. In brief

Pactly processes personal data to provide a digital service for creating, sending and signing agreements.

We only process personal data that is necessary to deliver the service, secure the signing process, document the signing, process payment, provide customer support and comply with legal obligations.

We do not sell personal data.

2. Personal data we process

When you use Pactly, we may process the following types of data.

2.1 Contact details

This may include:

  1. name;
  2. email address;
  3. phone number;
  4. language preference;
  5. role in the signing process, such as sender or signer.

2.2 Identity and signing data

This may include:

  1. confirmed electronic identity from an eID or signing provider;
  2. signing timestamp;
  3. signing status;
  4. signature certificate or signing evidence;
  5. technical information related to the signing;
  6. information necessary to document that signing has been completed.

Pactly does not normally store national identity numbers directly, unless this is necessary for a specific eID or signing process and permitted under applicable law. Identity verification may be carried out by external eID and signing providers.

2.3 Document data

This may include:

  1. documents you upload;
  2. agreements you create in Pactly;
  3. text and information you enter into templates or the AI assistant;
  4. document title;
  5. document metadata;
  6. completed signed documents.

Documents may contain personal data about you and other people. You should therefore avoid uploading more information than is necessary for the agreement.

2.4 Payment data

This may include:

  1. payment status;
  2. price, currency and VAT;
  3. payment timestamp;
  4. receipt information;
  5. payment reference from the payment provider.

Pactly does not normally store full card numbers. Card payment and payment processing are handled by payment providers.

2.5 Technical data

This may include:

  1. IP address;
  2. browser and device type;
  3. operating system;
  4. time of use;
  5. logs for security, troubleshooting and misuse prevention;
  6. cookies and similar technologies.

2.6 Customer support and communication

If you contact us, we may process:

  1. name and contact details;
  2. content of your request;
  3. documentation you send to us;
  4. replies and follow-up from Pactly.

3. Purposes of processing

We process personal data for the following purposes:

  1. to create and manage signing requests;
  2. to send invitations to signers;
  3. to complete electronic signing;
  4. to generate signed documents and signing evidence;
  5. to make documents available for download;
  6. to process payment and issue receipts;
  7. to provide customer support;
  8. to protect the service against misuse, fraud and unauthorized access;
  9. to improve stability, usability and quality;
  10. to comply with legal obligations;
  11. to handle claims, disputes or requests from authorities.

4. Legal basis

We process personal data based on one or more of the following legal bases.

4.1 Performance of a contract

We process data necessary to provide Pactly to you, including creating, sending and signing documents.

4.2 Legal obligation

We may process data where necessary to comply with legal obligations, such as accounting, tax rules, security requirements or legally binding requests from authorities.

4.3 Legitimate interest

We may process data where we have a legitimate interest, such as securing the service, preventing misuse, troubleshooting, documenting events, improving the service or handling claims.

4.4 Consent

We may ask for consent where required, for example for non-essential cookies, marketing or certain AI and analytics features.

You may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the consent was withdrawn.

5. AI assistant

Pactly may offer AI features that help you create or improve draft agreements.

When you use the AI assistant, the text and information you enter may be processed to generate suggestions. You should not enter sensitive personal data, confidential information, health information, national identity numbers or other information that is not necessary for the agreement.

AI-generated content may be incorrect, incomplete or unsuitable for your specific situation. You are responsible for reviewing the content before using or signing the document.

Pactly does not use your private documents for marketing. Pactly will not use your documents to train public AI models without your express consent.

If Pactly uses external AI providers, such providers will only receive information necessary to deliver the AI feature.

6. Who we share data with

We may share personal data with providers that help us deliver Pactly.

This may include:

  1. eID and signing providers;
  2. payment providers;
  3. hosting and cloud storage providers;
  4. email and SMS providers;
  5. customer support tools;
  6. analytics and error reporting tools;
  7. AI providers;
  8. security providers;
  9. accounting and administrative providers.

Providers only receive access to information necessary to deliver their part of the service.

We may also share information where necessary to comply with law, respond to requests from authorities, handle disputes or protect Pactly, users or other people against harm or misuse.

We do not sell personal data.

7. Transfers outside the EEA

Some of our providers may process personal data outside Norway or the EEA.

Where personal data is transferred outside the EEA, we will ensure that the transfer takes place in accordance with applicable data protection rules, for example through the European Commission's Standard Contractual Clauses, an adequacy decision or another valid transfer mechanism.

8. Storage and deletion

We store personal data for as long as necessary for the purposes described in this Privacy Policy.

By default, signed documents may be available for download for up to 90 days after signing is completed, unless another period is shown in the service or agreed.

After the availability period expires, documents may be deleted or made unavailable. Technical backups may be retained for a limited period before they are overwritten or deleted.

Unsigned, cancelled or expired signing requests may be deleted earlier.

Payment and accounting data is stored for as long as necessary to comply with accounting and tax rules.

Logs and security data are stored for as long as necessary for security, troubleshooting, misuse prevention and documentation.

If you have a Pactly user account or document archive, documents may be stored for as long as the account exists or until you delete them, unless another storage period applies.

9. Your rights

You have rights under data protection law. Depending on the situation, you may have the right to:

  1. access personal data we process about you;
  2. correct inaccurate or incomplete data;
  3. request deletion of personal data;
  4. restrict processing;
  5. data portability;
  6. object to processing based on legitimate interest;
  7. withdraw consent;
  8. complain to the Norwegian Data Protection Authority.

To exercise your rights, contact us at support@pactly.no.

We may ask you to confirm your identity before processing your request.

10. Cookies

Pactly may use necessary cookies and similar technologies to make the service work.

This may include cookies for:

  1. login and sessions;
  2. security;
  3. payment flow;
  4. saving user preferences;
  5. error reporting;
  6. analytics, where you have consented or another valid legal basis applies.

Non-essential cookies are only used where permitted under applicable rules.

11. Security

We use technical and organizational measures to protect personal data and documents against unauthorized access, alteration, deletion, loss or misuse.

Measures may include encryption, access control, logging, secure transmission, limited internal access, backup routines and the use of established providers.

No digital service is completely risk-free. You should protect the email account, phone, eID, passwords and devices you use to open or sign documents.

12. Children

Pactly is not directed at children. You must be at least 18 years old to use the service.

We do not knowingly process personal data about children as users of the service. If you believe we have processed data about a child in violation of this Privacy Policy, contact us.

13. Changes to this Privacy Policy

We may update this Privacy Policy. The latest version will be published on Pactly's website.

In case of material changes, we may notify you by email, in the service or in another appropriate way.

14. Contact

If you have questions about privacy or want to exercise your rights, contact us:

Pactly / CMO Partners AS

Organization number: 935 854 148

Address: Wetlesens vei 22, 0681 Oslo, Norway

Email: support@pactly.no

You also have the right to complain to the Norwegian Data Protection Authority if you believe our processing of personal data violates applicable data protection rules.