Firma electrónica avanzada para firmar contratos en México

Terms & Privacy

Privacy Notice

FIRMA SEGURA, S. DE R.L. DE C.V. (“Mifiel”)

Version: 3.0

Last updated: August 25, 2025

1) Controller identity and address

Controller: FIRMA SEGURA, S. DE R.L. DE C.V.

Privacy contact (ARCO requests): seguridad@mifiel.com

When Mifiel processes personal data on behalf of a client (e.g., via API integration), it acts as a Processor (Encargado). In those cases, the client’s privacy notice governs the relationship with signers/end users and Mifiel follows the client’s documented instructions.

2) Personal data we process

2.1 Identification and contact: name, surname, email, phone numbers, preferred contact means, tax ID (RFC), billing address.

2.2 Transactional and billing: tax data, CFDI details, payment references and methods.

2.3 Technical and usage: IP address, device identifiers, OS and browser, time zone, language, access logs, Site interactions, cookies and similar technologies.

2.4 Digital certificates (e.firma/FIEL): serial number, issuing certification authority, algorithm, validity period, certificate holder’s name, email, CURP, public key, and related metadata.

2.5 Document contents: where you upload documents to operate the Services (the content belongs to the user/client.)

2.6 Biometrics (sensitive data, when applicable): facial biometrics (selfie, liveness check, and match against the ID image) for simple electronic signature flows with verification.

2.7 Sources: data obtained directly from you (forms, Site usage, emails), indirectly from certification authorities, (for certificate verification) and payment providers/banks, and from technology sources (cookies, telemetry, logs).

For NOM-151 preservation certificates, Mifiel sends the document’s hash value only to the accredited Certification Service Provider (PSC)—not the document’s content.

3) Purposes of processing

Primary (necessary) purposes: user identification and account administration; provision/operation of the Services (including electronic signature and NOM-151); digital certificate verification; authentication; invoicing and collections; legal compliance; security, availability, and operational improvement (telemetry, logs, and auditing).
Secondary (non-necessary) purposes: marketing communications, surveys, and non-identified analytics to improve products.

If you do not want your data used for secondary purposes, you may object within 5 (five) business days from collection and at any time thereafter by emailing seguridad@mifiel.com. Your objection does not affect primary purposes.

4) Legal basis and consent

We process data under Mexican law in force (2025) on personal data protection. Legal bases include consent and, where applicable, other bases allowed by law (existing legal relationship, contract performance, legal obligations, defense of rights, security and fraud prevention). For biometric and other sensitive data, we obtain express consent.

5) Disclosures and service providers

Disclosures to processors/service providers (do not require consent): cloud/telecom services, security/monitoring, PSC for NOM-151 (hash only), support and billing providers.
Transfers (which may not require consent under applicable exceptions): competent authorities; law firms/auditors for the recognition, exercise, or defense of rights; and corporate transactions (merger/acquisition) with appropriate safeguards.
Where consent is required, Mifiel will request it in advance. International disclosures are made with adequate safeguards.

6) Cookies and similar technologies

We use cookies to operate the Sites, remember preferences, measure performance, and improve the Services. You can disable cookies in your browser; some features may be affected. See our Cookies Policy on the Sites for details.

7) Retention, deletion, and document removal

We keep data while the relationship exists and thereafter for legal or defense periods. At the end of such periods, we apply secure deletion or de-identification.
If you request deletion of documents uploaded to the Sites, Mifiel will handle the request according to Service functionality and applicable law; certain evidentiary records (e.g., NOM-151 certificates, audit logs) may be retained when necessary for compliance or defense.

8) Security measures

We apply administrative, technical, and physical safeguards proportionate to risk: encryption in transit and at rest, MFA, access controls, environment segregation, logging/auditing, vulnerability management, and business continuity.

9) ARCO rights and other rights

To exercise your ARCO rights (Access, Rectification, Cancellation, and Objection), revoke consent, or limit the use/disclosure of your data, email seguridad@mifiel.com.
Minimum request requirements: full name, response channel, clear description of the right you wish to exercise, elements to locate your data, and a copy of your ID.
Indicative statutory timeframes: up to 20 business days to respond and, if applicable, 15 additional business days to implement, subject to applicable law.

10) Minors

The Sites and Services are not directed to minors. If we detect processing without a valid basis, we will proceed to timely deletion.

11) Changes to this Privacy Notice

12) Interpretative notes

This Notice is issued under Mexican legislation in force (2025) for personal data protection in the private and public sectors, and in accordance with criteria and guidelines issued by the competent authority in the field. Terms such as “Controller,” “Processor,” “Transfer,” “Disclosure,” and “Sensitive Data” are interpreted per such legislation.

13) Acceptance

By using the Sites or contracting the Services, you acknowledge that you have read and understood this Notice and, where applicable, consent to the purposes described. For secondary purposes or processing of sensitive data, Mifiel will request additional/express consent when required.
All rights reserved © FIRMA SEGURA, S. DE R.L. DE C.V. Mexico, 2025.