Privacy Policy
Last updated: June 2, 2026
1. What we collect
- Account data: email address used to purchase credits and authenticate.
- Document data: PDF files you upload, recipient names and email addresses you provide.
- Signature audit data: signer name, email, IP address, user agent, and timestamps for each signature event.
- Payment data: handled by Stripe; we do not store full card numbers.
- Usage data: standard server logs (request paths, timestamps, IP) for security and debugging.
2. How we use it
- To deliver signing links and notifications to your recipients.
- To generate a tamper-evident signature certificate appended to each completed document.
- To process payments and maintain your credit balance.
- To prevent fraud and abuse.
3. Sharing
We share data with sub-processors that power the Service: Supabase (database and storage), Stripe (payments), Resend (email delivery), and Cloudflare (hosting/CDN). We do not sell your personal information.
4. Retention
Documents and signature audit trails are retained while your account is active so you can download completed documents and certificates. You may request deletion by emailing support; we will delete or anonymize data within 30 days, subject to legal retention requirements.
5. Security
Data is encrypted in transit (TLS) and at rest. Access to production systems is limited to authorized personnel. Document URLs use unguessable tokens.
6. Your rights
Depending on your jurisdiction (including the EU and California), you may have rights to access, correct, export, or delete your personal data. Email james.allyn@yahoo.com to exercise these rights.
7. Children
The Service is not directed to children under 13 and we do not knowingly collect their data.
8. Changes
We will post any material changes to this Policy on this page and update the "Last updated" date.
9. Contact
Questions? Email james.allyn@yahoo.com.