Privacy Policy

1. Data We Collect

We collect the following types of information to provide our Service:

• Account Information: We collect your name and email address when you register for an account.
• Document Data: We store the documents (PDFs, DOCX, etc.) you upload and the signed versions generated by the Service.
• Audit Data: To ensure the legal validity and forensic integrity of electronic signatures, we capture metadata such as IP addresses, timestamps, email verification statuses, and browser user agents during the signing process.

2. How We Use Your Data

We use your data for the following purposes:

• Service Provision: To facilitate the uploading, sending, signing, and storage of electronic documents.
• Security & Fraud Prevention: to monitor for suspicious activity and protect the integrity of the platform.
• Forensic Audit Trails: To generate and maintain audit logs that prove the validity of signatures, which may be relied upon in legal proceedings.
• AI & Automated Processing: We use AI for extraction and generation only. We do NOT use your data for automated profiling, credit scoring, or making significant legal decisions without human intervention.

3. Subprocessors & Data Sharing

We do not sell your personal data. We share data only with trusted infrastructure providers ("Subprocessors") necessary to deliver the Service:

• Google Cloud Platform (GCP): For secure hosting, database storage, and file storage.
• Stripe: For processing payments. We do not store your credit card details.
• Resend: For delivering transactional emails (e.g., signing requests).

4. Data Retention

• Documents: Your documents are retained in accordance with our Terms of Service (generally 12 months after your last active Service Credit expires).
• Audit Logs: We may retain forensic audit logs (IPs, timestamps, email events) for a longer period as required to maintain the legal verifiability of signed contracts, even if the underlying document is deleted from our active storage.

5. Your Rights

Under applicable data protection laws (including GDPR and UK GDPR), you have rights regarding your personal data:

• Access & Portability: You may request a copy of the personal data we hold about you.
• Deletion ("Right to be Forgotten"): You may request the deletion of your personal data. However, please note that this right is subject to our legal obligation to preserve specific audit trail data required to prove the validity of executed contracts.
• Contact: To exercise these rights, please contact our support team.
• Internal Complaints Procedure: In accordance with the Data (Use and Access) Act 2025, users must lodge formal data complaints via our support team. We will acknowledge and provide a resolution plan within 30 days before the matter may be escalated to the ICO.

6. Human-in-the-Loop Oversight

All "Significant Decisions" (as defined by Article 22C of the UK GDPR) involve meaningful human oversight. Our AI tools are designed to assist human decision-making, not replace it. You have the right to contest any automated output and obtain human review.