Legal

Privacy Policy

Last updated: December 2024

Easy Sign (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our electronic signature service.

1. Information We Collect

We collect information necessary to provide our electronic signature service. We minimize data collection to what is essential for service operation.

Account Information: Email address and display name when you create an account.
Document Content: PDFs and documents you upload for signature processing.
Signature Data: Electronic signatures, initials, and form field values you provide.
Usage Data: IP addresses, browser type, and timestamps for security and audit purposes.
Communication Data: Messages you send through our support channels.

2. How We Use Your Information

We use your information solely to provide, maintain, and improve our electronic signature service.

To process and deliver documents for electronic signature.
To authenticate users and protect against unauthorized access.
To generate audit trails and signature certificates.
To send service-related notifications (signature requests, completions).
To respond to support inquiries and resolve issues.
To comply with legal obligations when required.

3. Information Sharing

We do not sell, rent, or trade your personal information. We only share data in limited circumstances.

With recipients you designate to sign or view documents.
With service providers who assist in operating our platform (hosting, email delivery).
When required by law, court order, or government request.
To protect our rights, privacy, safety, or property.
In connection with a merger, acquisition, or sale of assets (with notice to you).

4. Data Retention

We retain your data only as long as necessary to provide our service. Our default retention period is 30 days.

Documents and signatures are automatically deleted 30 days after the last activity.
Documents pending signature are removed thirty days after the last activity, regardless of completion state.
Account information is retained while your account is active.
Audit logs may be retained longer for legal compliance purposes.
You should download completed documents before the retention period expires.
Deleted data cannot be recovered after the retention period.

5. Data Security

We implement appropriate technical and organizational measures to protect your information.

All data is transmitted using TLS/SSL encryption.
Documents are stored securely with access controls.
We use secure authentication and session management.
Access to personal data is limited to authorized personnel.
We regularly review and update our security practices.

6. Access Control and Authentication

Recipient links and API clients must authenticate with valid access tokens before interacting with any envelope data.

Envelope owners manage who can view, sign, or download documents through access-token protected links.
Tokens automatically expire based on issuer configuration; revoked tokens cannot be reactivated.
Service-role operations are limited to server-side workflows scoped to the envelope owner of record.

7. Your Rights

You have rights regarding your personal information. We respect and support these rights.

Access: You can request a copy of your personal data.
Correction: You can update inaccurate information in your account.
Deletion: You can delete your account and associated data.
Withdrawal: You can withdraw consent for electronic communications.
To exercise these rights, contact us through our support page.

8. Cookies and Tracking

We use essential cookies to operate our service. We do not use tracking cookies for advertising.

Authentication cookies to maintain your login session.
Security cookies to protect against unauthorized access.
We do not use third-party advertising or tracking cookies.
We do not sell your data to advertisers or data brokers.
Analytics are used only to improve service performance.

9. Third-Party Services

We use trusted third-party services to operate our platform. These providers are bound by confidentiality agreements.

Supabase: Database and authentication services.
Vercel: Web hosting and content delivery.
Resend: Email delivery for signature notifications.
Stripe: Payment processing for premium features.
Sentry: Error monitoring to improve service reliability.

10. User Responsibilities

Senders and recipients must audit their documents and signature placements prior to finalizing any envelope.

Verify that uploaded PDFs do not contain regulated personal data beyond what is necessary for signing.
Confirm that signer order, required fields, and reminders align with your organization's policies.
Download completed agreements immediately after execution to maintain your own archives.

11. Service Scope and Liability

Easy Sign is a free electronic signature workspace offered without service level guarantees, uptime commitments, or archival backups.

We do not assume liability for lost, corrupted, or misrouted files, signatures, or metadata.
We provide no implied warranties of merchantability, fitness for a particular purpose, or legal enforceability of signed documents.
External validation of agreements and compliance with local regulations remain the user's responsibility.

12. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place.

Our servers are located in North America.
We use service providers with appropriate data protection certifications.
By using our service, you consent to data processing in these locations.

13. Children's Privacy

Easy Sign is not intended for children under 18 years of age.

We do not knowingly collect information from children.
If we learn we have collected data from a child, we will delete it promptly.
Parents who believe their child has provided information should contact us.