eCoC·Sign

Privacy Policy

How we handle the information you share with us via ecocsign.com.

1. Scope and controller

This Privacy Policy is issued by CertCloud Pte. Ltd., a company incorporated in Singapore ("we", "us" or "our"). It applies to ecocsign.com and its sub-paths (the "Site").

The Site exists solely for informational purposes and for booking consultation requests. It does not host user accounts, does not process online payments and is not directed at children. By using the Site you acknowledge that you have read and understood this Policy.

2. Information we collect

We only collect information that you actively submit through the /contact consultation form. The fields are:

  • Name (required)
  • Company name (required)
  • Role / title (optional)
  • Phone number or WeChat ID (required)
  • Email address (optional)
  • Annual EU export volume (optional)
  • A free-text description of your situation (required, up to 1,000 characters)
  • Your opt-in acknowledgement of this Policy

In addition, when your browser calls our /api/consultation endpoint, our server reads the client IP address from HTTP headers strictly for rate limiting — no more than three submissions per IP within a five-minute window. We do not embed analytics scripts on the Site and we do not collect browsing history, device fingerprints or advertising identifiers.

3. How we use the information

Information you submit is used only for the following purposes:

  • To let our compliance consultants reach out to you within one business day regarding the eCoC matter you described;
  • To assess fit and prepare reference material relevant to your business for the upcoming conversation;
  • Where you invite or explicitly agree, to proceed with administrative communications associated with a consulting engagement.

We do not use your contact details for unrelated product promotions, mass-mailing campaigns or secondary marketing, and we do not use your submissions to train any public model.

4. Storage and security

After form submission, your data is handled in two ways:

  • The server persists a record in a JSON Lines file (.data/leads.jsonl) as an internal fallback store;
  • A notification is pushed via a DingTalk webhook to the internal chat group of our consulting team. DingTalk is our internal workplace messaging tool and visibility is limited to the consultants involved.

All traffic to the Site is transported over HTTPS. IP addresses collected for rate-limiting live in memory or short-lived logs and are not durably linked to your submitted content.

5. Sharing of information

We do not sell, rent or trade your personal information to any third party.

The only external delivery channel is the DingTalk webhook mentioned above (operated by Alibaba / DingTalk), which allows our consultants to see the inquiry promptly. Beyond that, we disclose information only when required by applicable law, in response to a lawful request from a competent authority, or where necessary to protect our legitimate rights and interests.

6. Cookies and tracking

The Site does not load third-party analytics or advertising trackers such as Google Analytics, Meta Pixel or Baidu Tongji, and it does not serve third-party ads.

To support the Chinese / English language toggle, next-intl writes a single preference cookie named NEXT_LOCALE that records which language you selected. This cookie contains no personally identifying information and can be cleared from your browser at any time.

7. Data retention

Consultation leads are retained for no more than 24 months from the date of submission. Leads that do not convert into an engagement and show no follow-up activity for more than six months are periodically purged.

If you want your record deleted sooner, contact us using the details below and we will complete the deletion and confirm it within 30 calendar days. Records that have become part of a signed consulting engagement are retained separately in accordance with the underlying contract and applicable tax and accounting rules.

8. Your rights

You have the following rights in respect of the personal information you submit:

  • Access — obtain a copy of the record we hold about you;
  • Rectification — correct inaccurate or outdated information;
  • Deletion — request deletion of the record;
  • Withdrawal of consent — revoke the consent granted when you submitted the form.

To exercise any of these rights, email support@trustasia.com with the subject line "eCoCSign privacy request" and include the name and company you used when submitting the form so we can verify your identity.

9. Cross-border data transfer

Our service infrastructure is deployed across Mainland China and Singapore. The information you submit through the Site may be transmitted and processed across these regions depending on the hosting provider's regional configuration at the relevant time.

We apply reasonable technical and organizational measures to preserve the confidentiality and integrity of cross-border transfers. If your jurisdiction imposes additional requirements (for example EU GDPR Standard Contractual Clauses), please email us before submitting so we can evaluate appropriate supplementary measures.

10. Changes and contact

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we do, we refresh the "Last updated" date at the top of this page; material changes will additionally be highlighted in a prominent place on the Site.

For any question or complaint about this Policy, contact us via:

  • Email: support@trustasia.com
  • Controller: CertCloud Pte. Ltd. (Singapore)

Last updated: 2026-04-22