Skip to main content
AddSign

Privacy Policy

Last updated: January 17, 2026

1. Introduction

AddSign ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature service ("Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, phone number (optional)
  • Profile Information: Company name, job title (optional)
  • Documents: Files you upload for signing, including their contents
  • Signatures: Your electronic signature (drawn or typed)
  • Payment Information: Billing address, payment method (processed by Stripe)
  • Communications: Messages you send us via email or support channels

2.2 Information We Collect Automatically

  • Device Information: Device type, operating system, browser type
  • Usage Data: Pages visited, features used, time spent, click patterns
  • IP Address: Your internet protocol address (used for security and audit trails)
  • Cookies: Session cookies and persistent cookies for functionality and analytics
  • Log Data: Server logs including access times, errors, and referring URLs

2.3 Information from Third Parties

  • OAuth Providers: If you sign in with Google or Apple, we receive your name and email from those services
  • Payment Processors: Transaction status and payment confirmations from Stripe

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your document signing requests
  • Send transactional emails (signature requests, confirmations, reminders)
  • Authenticate your identity and secure your account
  • Create and maintain audit trails for signed documents
  • Process payments and prevent fraud
  • Respond to your inquiries and provide customer support
  • Send service updates and security alerts
  • Analyze usage patterns to improve user experience
  • Comply with legal obligations

4. How We Share Your Information

We do NOT sell your personal information. We may share your information in the following circumstances:

4.1 With Your Consent

We share documents with the signers you designate. When you send a document for signature, recipients can view the document and see your name and email address.

4.2 Service Providers

We share information with third-party vendors who help us operate the Service:

  • Supabase: Database and file storage (data encrypted at rest)
  • Vercel: Web hosting and deployment
  • Resend: Transactional email delivery
  • Stripe: Payment processing (PCI-compliant)
  • AI Service Providers: Third-party AI services for optional document analysis features (see section 4.3)

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.3 AI Document Processing

When you opt in to use AI-powered features (such as document summaries), the following applies:

  • What is shared: The text content of your document is sent to third-party AI services for processing
  • Your consent: AI processing only occurs when you explicitly request it (e.g., clicking "Show Quick Overview")
  • Data retention: Summaries are cached in our database for your convenience; you can delete them by deleting the document
  • Training data: Your documents are NOT used to train AI models - they are processed via API only
  • Sensitive documents: We recommend not using AI features on documents containing highly sensitive personal information

If you choose not to use AI features, your document content is never sent to AI service providers.

4.4 Legal Requirements

We may disclose your information if required by law, such as:

  • In response to valid legal process (subpoenas, court orders)
  • To protect our rights, privacy, safety, or property
  • To investigate suspected fraud or illegal activity
  • In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in Transit: All data is transmitted over HTTPS (TLS 1.2+)
  • Encryption at Rest: Documents and database are encrypted using AES-256
  • Secure Authentication: Passwords are hashed using bcrypt; OAuth available
  • Access Controls: Role-based access; principle of least privilege
  • Regular Backups: Automated daily backups with point-in-time recovery
  • Monitoring: Continuous security monitoring and logging

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your information as follows:

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Signed Documents: Retained for a minimum of 7 years for legal compliance
  • Audit Logs: Retained for 7 years (required for electronic signature validity)
  • Deleted Documents: Moved to trash for 30 days, then permanently deleted
  • Server Logs: Retained for 90 days

You may request deletion of your account and personal data, subject to our legal retention requirements for signed documents.

7. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

You can access your documents and account information through the Service. You can download your signed documents at any time.

7.2 Correction

You can update your account information through your profile settings.

7.3 Deletion

You can delete your account by contacting us. Note that signed documents may be retained for legal compliance.

7.4 Marketing Opt-Out

You can unsubscribe from marketing emails using the link in any marketing email. Transactional emails (signature requests, account alerts) cannot be opted out of.

7.5 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and the right to non-discrimination for exercising privacy rights.

7.6 European Residents (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with a supervisory authority.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for the Service to function (authentication, security)
  • Functionality Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.

9. Children's Privacy

The Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

AddSign
Email: privacy@addsign.io
Support: support@addsign.io

For data protection inquiries, you may also contact our Data Protection Officer at dpo@addsign.io.

Back to Sign Up|Terms of Service
AddSign Help

Hey! I'm here to help you with AddSign. Ask me anything... like 'how do I add a signature?' or just say hi!