Privacy Policy

1. Information We Collect

Account Information

• Name and email address (via Google OAuth or direct registration)
• Profile information from OAuth providers
• Billing information (processed securely by payment providers)

Document Information

• PDF documents you upload to our Service
• Signature fields and form data you create
• Electronic signatures and completion data
• Email addresses of document recipients

Technical Information

• IP addresses and device information
• Browser type and version
• Usage patterns and feature interactions
• Error logs and performance metrics

2. How We Use Your Information

• Service Delivery: To provide electronic signature functionality
• Legal Compliance: To maintain audit trails required by ESIGN Act
• Account Management: To manage your subscription and billing
• Communication: To send service updates and notifications
• Improvement: To analyze usage and improve our Service
• Security: To detect and prevent fraud or abuse

3. Legal Basis for Processing

We process your personal data based on:

• Contract: To fulfill our Terms of Service
• Legal Obligation: To comply with electronic signature laws
• Legitimate Interest: To improve and secure our Service
• Consent: When explicitly provided for optional features

4. Data Security and Storage

Data Retention

• Active Accounts: Data retained while your account is active
• Cancelled Accounts: Documents available for download for 30 days
• Legal Requirements: Audit trails retained for 7 years as required by law
• Anonymized Analytics: May be retained indefinitely

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information only:

With Your Consent

• When you explicitly authorize sharing
• When you send documents to recipients for signing

Service Providers

• AWS: Cloud hosting and file storage
• Neon: Database hosting
• Resend: Email delivery services
• Stripe: Payment processing (billing data only)

Legal Requirements

• To comply with valid legal requests or court orders
• To protect our rights, property, or safety
• To prevent fraud or abuse

6. Your Privacy Rights

Access and Control

• Account Access: View and update your profile information
• Data Export: Download your documents and data
• Account Deletion: Permanently delete your account
• Email Preferences: Opt out of non-essential communications

Additional Rights (Where Applicable)

Depending on your location, you may have additional rights under GDPR, CCPA, or other privacy laws:

• Right to rectification of inaccurate data
• Right to data portability
• Right to restrict processing
• Right to object to processing

7. International Data Transfers

Your data is primarily stored in the United States. If you access our Service from outside the US, your information may be transferred to and stored in the US. We ensure appropriate safeguards are in place.

8. Cookies and Tracking

• Essential Cookies: Required for login and core functionality
• Analytics: We use minimal analytics to improve our Service
• No Third-Party Advertising: We do not use advertising cookies
• Control: You can manage cookies through your browser settings

9. Children's Privacy

SigPen is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware of such collection, we will delete the information immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications for significant changes
• Providing in-app notifications when you next log in

11. Contact Us

For privacy-related questions or requests, contact us at:
Email: privacy@sigpen.com

We will respond to privacy requests within 30 days. For urgent security concerns, please contact us immediately.

Last updated: March 3, 2026