
Legal
Plain-language transparency first, then the full legal text. Nothing here is boilerplate — every access below is what the eGuard apps actually do.
Effective date · July 13, 2026
This Privacy Policy governs how Capricorn Infotech (India) Pvt. Ltd. (“Company”, “eGuard”, “we”) collects, uses, stores, and protects information across the eGuard website, desktop app, mobile app, APIs, and related services. By using the Services you acknowledge this policy. It forms part of our Terms & Conditions.
Every permission the eGuard Android app requests is listed below, with the real reason it is needed. Anything marked “Optional” can be declined; the app still signs.
Internet
RequiredConnect to eGuard's servers over the end-to-end encrypted relay to receive signing requests and send your approvals back.
USB access (OTG)
RequiredCommunicate with your USB DSC token so it can sign on-device. Scoped to recognised DSC tokens only (a filter list) — never your earphones, hubs, or chargers.
Foreground service (connected device / data sync)
RequiredKeep the token session and the relay connection alive while a signing request is being handled, so a sign doesn't drop midway.
Notifications
OptionalAlert you the instant a signing request arrives so you can approve or reject it in time. Decline it and the app still signs — you'll just see requests only when the app is open.
Biometric / fingerprint
OptionalOptional app-lock — unlock eGuard with your fingerprint or face instead of a passcode. Nothing biometric ever leaves your device.
Ignore battery optimisation
OptionalUsed only to keep the background service alive so signing-request notifications actually reach you when your screen is off. You can decline it — nothing is forced.
Vibrate
OptionalHaptic feedback for notifications.
The eGuard host app runs on the signing PC. Here is exactly what it reads and relays:
Summary of what the Android app declares on Google Play:
Summary of the App Store privacy details for the iOS companion:
You can delete your eGuard account and associated Personal Data at any time:
Full policy
“Account” = your registered user account. “Applicable Law” = all laws that apply to the Services, including the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000. “Device” = any computer, phone, tablet, or server used to access the Services. “Digital Signature Certificate (DSC)” = a valid certificate issued by a licensed Certifying Authority. “Document Hash” = a cryptographic digest that uniquely represents a document without revealing its contents. “Personal Data” = information that can identify you directly or indirectly. “Processing” = any operation performed on Personal Data (collection, storage, use, transmission, deletion, etc.).
This Privacy Policy applies to all information collected through the eGuard website, desktop app, mobile app, APIs, customer support, sales enquiries, subscriptions, downloads, demonstrations, newsletters, and all other interactions with us relating to the Services. It does not apply to third-party websites or services linked through the Services.
We process Personal Data in accordance with the Digital Personal Data Protection Act, 2023; the Information Technology Act, 2000; the IT (Reasonable Security Practices) Rules where applicable; our contractual obligations; and any other laws governing electronic signatures, digital identity, cybersecurity, or privacy. Where local laws impose additional requirements, those apply to the extent legally required.
Depending on how you use the Services, we may collect:
eGuard is architected so that your signing secrets stay with you. We do not:
Your private keys remain inside your USB token at all times.
During signing, ordinarily only the document's cryptographic hash is processed, and the original document generally stays on your device. Where preview is supported, the document is encrypted before transmission, sent only to your registered mobile device, used solely for approval, and not permanently retained. Preview availability depends on the originating application and technical limits.
We process information to provide the Services; verify identity; authenticate users and devices; enable secure digital signatures; maintain audit logs; prevent fraud and detect unauthorized activity; improve performance and cybersecurity; respond to enquiries and provide support; comply with legal obligations; enforce contractual rights; run internal analytics; process subscription payments; and maintain business continuity. We do not sell Personal Data.
We process Personal Data only where lawful — your consent; performance of a contract with you; compliance with legal and regulatory obligations; our legitimate business interests (where these don't override your rights); and protection against fraud, cyber threats, and misuse. Where consent is required, you may withdraw it at any time, subject to legal and contractual limits.
Our website may use cookies, local storage, and similar technologies to authenticate users, keep sessions secure, remember preferences, analyze traffic, measure usage, identify technical issues, and enhance security. Most browsers let you disable cookies, though some features may then not work.
We do not sell, rent, or commercially exploit Personal Data. We may disclose it only to: (a) trusted service providers (cloud hosting, payment processing, support, analytics, monitoring, email delivery) who receive the minimum needed and are bound by confidentiality; (b) a successor entity in a merger, acquisition, restructuring, or asset sale, remaining bound by similar obligations; (c) authorities where required by law, court order, or lawful request; and (d) where reasonably necessary to protect our or users' rights and platform security.
Your Personal Data may be processed or stored in jurisdictions outside your country of residence where legally permitted. Where cross-border transfers occur, we apply appropriate contractual, technical, and organizational safeguards to ensure adequate protection consistent with applicable privacy laws.
We retain Personal Data only for as long as reasonably necessary to provide the Services, maintain records, comply with legal obligations, resolve disputes, defend claims, maintain audit records, detect fraud, and enforce agreements. When retention periods expire, data is securely deleted, anonymized, or destroyed unless the law requires otherwise. Digital-signature audit logs may be retained longer where required for regulatory, compliance, or evidentiary purposes.
We maintain administrative, technical, and physical safeguards, including where appropriate:
No electronic transmission or storage can be guaranteed completely secure, so we cannot warrant absolute security.
Subject to applicable law, you may request access to your Personal Data; correction of inaccurate data; deletion; withdrawal of consent; restriction of or objection to processing; information about the categories processed; and you may lodge a complaint with the appropriate regulator. We may require reasonable identity verification, and some requests may be refused where retention or processing is required by law or legitimate business interests. See “Account & data deletion” above for how to make a request.
The Services are intended for business, governmental, institutional, and professional users, and are not directed at individuals under 18. We do not knowingly collect Personal Data from minors, and will delete such data within a reasonable period if we become aware of it.
The Services may link to third-party websites, software, or services. We do not control and are not responsible for their privacy practices, security, content, or policies. Please review their privacy policies before sharing data with them.
eGuard is designed to preserve the confidentiality of your signing credentials: the private key stays within the USB token's hardware boundary; your PIN is entered only on your authorized device; we cannot recover, view, decrypt, reconstruct, or reproduce your private key; and we cannot sign on your behalf. You remain responsible for safeguarding your DSC, USB token, authentication device, and credentials.
We may amend this Privacy Policy at any time. Material changes take effect on publication on our website unless the law requires otherwise. Continued use of the Services after publication constitutes acceptance of the revised policy. Please review it periodically.
Nothing here creates any obligation beyond what applicable law requires. To the maximum extent permitted by law, we are not liable for indirect, incidental, consequential, punitive, exemplary, or special damages arising from the collection or processing of Personal Data.
This Privacy Policy is governed by the laws of India, with jurisdiction in the courts of Delhi. For any privacy question or request, contact Capricorn Infotech (India) Pvt. Ltd., G-5, Vikas Deep Building, Plot No. 18, Laxmi Nagar District Centre, Delhi 110092, India — sales@Certificate.Digital.
Our team is happy to walk you through exactly what eGuard does and doesn't collect. Reach out any time.
Contact us