1. What We Collect
1.0 Legal Basis for Processing Your Data
Privacy laws say we need a good reason before we use your data. Here's the short version: we only use your data to run the service you asked for, keep things secure, and follow the law. The table below shows our specific reason for each type of data.
| Data Type | Legal Basis (GDPR Art. 6) | What This Means |
|---|---|---|
| Contract text (during analysis) | Contract performance (Art. 6(1)(b)) | We read your document because that's what you asked us to do |
| Account information | Contract performance (Art. 6(1)(b)) | We need your email and password to create and manage your account |
| Payment data | Contract performance (Art. 6(1)(b)) | We handle payment info to complete your purchase |
| Security logs | Legitimate interest (Art. 6(1)(f)) | We log security events to protect our service and your data |
| Anonymous usage statistics | Legitimate interest (Art. 6(1)(f)) | We look at combined, anonymous usage trends to make the service better |
| Newsletter email | Consent (Art. 6(1)(a)) | We send marketing emails only when you explicitly subscribe |
| Optional clause sharing | Consent (Art. 6(1)(a)) | We use anonymous clause data for research only if you turn this on |
| Legal compliance records | Legal obligation (Art. 6(1)(c)) | We keep certain records because tax and financial laws say we must |
You can take back your "yes" anytime for newsletters and clause sharing. Just change your settings. Taking it back doesn't undo anything that already happened.
1.1 Your Contracts (Here and Gone)
When you upload a contract:
- We read it β Our AI extracts text and analyzes document structure
- We analyze it in real-time β Processing begins within seconds of upload
- We delete it within 60 seconds β Once we finish your analysis, we erase your document. We never save it to permanent storage. It only exists in temporary memory while we work on it.
Technical detail: Your document only lives in temporary memory (RAM) while we work on it. We never save it to a hard drive, database, or backup. Once the analysis is done and we send you the results, we clear the memory.
Lost your contract? We cannot retrieve it. This is by design.
1.2 Your Account Info
If you make an account, we keep:
- Your email (so we can contact you)
- Your name (only if you give it to usβit's optional)
- Your password (encryptedβeven we can't read it)
- Whether you're subscribed to Pro
1.3 Your Preferences
You can tell us about yourself to get better results:
- Who you are β Are you a senior? A creator? This helps us explain risks in ways that matter to you
- Where you live β Your state, so we can point out laws that protect you
We save these with your scans to make future analyses even better. We never share them.
1.4 Newsletter Sign-up
If you join our "Weekly WTF" newsletter, we collect:
- Your email (to send the newsletter)
- Where you signed up (so we know what's working)
- Whether you want to contribute anonymous data (totally optional)
Don't want it anymore? Every email has an unsubscribe link. One click and you're out.
1.5 How You Use the App
We track anonymous stuff like:
- How many scans you do
- What types of contracts ("car loan", "gym") β NOT what's in them
- How fast the app runs
- Which features you use
This helps us make SignSafe better. We can't tie this back to you personally.
1.6 About Your Device
Basic stuff:
- What kind of phone/computer you're using
- Which version of the app you have
- Your general location (country or regionβNOT your address)
2. What We Do With Your Info
Here's a clear breakdown of every type of data we touch, why we need it, and when we get rid of it.
| Data Type | Purpose | Retention Period | Deletion Method |
|---|---|---|---|
| Your contract document | To analyze it | Deleted within 60 seconds of analysis completion | Automatic memory clearing; no permanent copy ever exists |
| Analysis results | To show you the report | Stored on your device only (not our servers) | Controlled by your device storage settings |
| User preferences | To personalize your analysis | Until account deletion + 30-day grace period | Automatic after grace period expires |
| Account information | To log you in and manage your subscription | Until account deletion + 30-day grace period | Automatic after grace period expires |
| Newsletter email | To send the newsletter | Until you unsubscribe (deleted within 7 days of unsubscribe) | Automatic upon unsubscribe confirmation |
| Anonymous usage statistics | To make the service better | 12 months from collection date | We automatically delete data older than 12 months every month |
| Security/access logs | To prevent fraud and keep things secure | 90 days | We automatically delete logs older than 90 days every day |
| Payment transaction records | Required by tax and financial laws | 7 years (the law requires this) | We automatically delete records after the required period ends |
2.1 Backups and Redundancy
Documents: We never back up your uploaded contracts because we never save them to permanent storage. There's nothing to back up.
Account data: We include your account info in encrypted backups. We keep backups on the same schedule as live data. When you delete your account, we remove your data from active systems right away and from backups within 30 days.
3. What We DON'T Collect
We do NOT collect:
- Copies of your contracts (deleted within 60 seconds of analysis)
- Your bank account or credit card numbers (payment handled by processor)
- Your Social Security number
- Financial amounts from your contracts
- Your precise GPS location
- Your contacts or photos
- Your browsing history on other sites
- Data from other apps on your device
4. Who We Share Data With
4.1 AI Processing Partners
When you upload a contract, we send the text to AI services that help us analyze it. These partners are bound by strict contracts:
- They read the text and send back analysis results
- They delete the data right after processing β no permanent storage
- Our contracts ban them from using your data to train AI models
- All data is encrypted while it travels using TLS 1.3
Your data is never used to train AI models.
Our contracts with all AI partners ban them from using your data to train their models. This is a binding legal requirement β not just a promise. To request copies of these contracts, email legal@sign-safe.app with subject "AI DPA Request".
Service Providers (Companies That Help Us Run SignSafe)
We use other companies to help run parts of SignSafe. Each one:
- Only does what we tell them to do with your data
- Has signed contracts that require them to keep your data private
- Cannot use your data for their own purposes
- Must delete or return your data when we ask
| Category | Purpose | Data Accessed | Location |
|---|---|---|---|
| AI Processing | Reading and analyzing your contracts | Document text (temporary memory only, deleted within 60 seconds) | United States |
| Cloud Hosting | Running our servers and storing account data | Account data and preferences (encrypted) | United States, EU |
| Payment Processing | Handling subscription payments | Payment details (we never store your full card number) | United States |
| Email Delivery | Transactional emails and newsletters | Email address, subscription status | United States |
| Analytics | Anonymous usage stats | Combined, anonymous usage data only | United States |
Full service provider list: For a complete list of named vendors and their specific data processing roles, email privacy@sign-safe.app with subject "Subprocessor List Request".
4.1.1 Where Your Data Goes
Your data may travel to:
- United States β where our main servers and AI partners are
- European Union β backup servers for EU users
How We Protect Cross-Border Transfers
If you're in the EU/EEA or UK and your data goes to the United States, we use these protections:
| Safeguard | What It Is | How It Protects You |
|---|---|---|
| Standard Contractual Clauses (SCCs) | Legal contracts approved by the EU for sending data across borders | Requires anyone who gets your data to protect it under EU rules |
| Data Processing Agreements | Written agreements with every company that handles your data, spelling out exactly what they can and can't do | Partners cannot use your data for anything we didn't agree to |
| Encryption in transit | TLS 1.3 encryption on all data while it travels | Stops anyone from reading your data while it's being sent |
| Encryption at rest | AES-256 encryption on any data we store | Keeps your data safe even if someone breaks into our storage |
| Zero document storage | Your contracts are deleted within 60 seconds everywhere | Almost nothing to protect because we don't keep your documents |
Want copies of these contracts? Email legal@sign-safe.app with subject "Transfer Safeguards Request."
4.1.2 How Our AI Makes Decisions (GDPR Art. 22)
SignSafe uses AI to analyze contracts. Here's exactly what it does and doesn't do:
What Our AI Does
- Reads contract text β Extracts and processes the words in your document
- Identifies clauses β Spots common contract sections (like arbitration, liability limits, and cancellation terms)
- Flags risks β Points out language that may be bad for you
- Explains things β Turns legal language into plain English
What Our AI Does NOT Do
- Does NOT make legal decisions β What we tell you is for information only, not legal advice
- Does NOT approve or deny anything β We don't decide if you get a job, a loan, housing, insurance, or anything else that affects your life
- Does NOT create profiles β We don't build profiles about you or make predictions about you as a person
- Does NOT share findings β Your analysis results are never sent to anyone else
Your Rights Regarding AI Processing
| Right | What It Means | How to Exercise |
|---|---|---|
| Human review | Ask a real person to look at your analysis | Email support@sign-safe.app with your request |
| Explanation | Ask us to explain how our AI reached its conclusion | Email support@sign-safe.app with the analysis you're asking about |
| Say no to AI | Ask us not to use AI on your documents (EU/EEA residents) | Email privacy@sign-safe.app β we'll offer you other options |
| Challenge results | Tell us if you think an analysis is wrong | Email support@sign-safe.app with details β a real person will look into it |
Response time: Human review requests are processed within 5 business days.
4.2 No Sale of Personal Data
We do not sell, rent, or trade your personal data.
California law defines "selling" data broadly β it includes sharing data for money or anything else of value. We don't do any of that. We use your data only to give you the service you asked for.
4.3 Legal Disclosure
We may share your info when the law says we must β like if we get a court order or a valid government request. But since we don't keep your contract documents after processing, we can't hand over documents that no longer exist.
5. How We Keep Your Data Safe
We use the same security tech that banks use:
- Encrypted in transit β When data travels between your device and us, it's locked with TLS 1.3 (the newest, strongest encryption)
- Encrypted at rest β Anything we do store (like your account) is protected with AES-256 encryption
- Limited access β Only a few people at SignSafe can access data, and only when they really need to
- Regular checkups β We test our security often to find and fix any weak spots
5.1 Data Breach Response
If someone gets unauthorized access to your data, here's what we do and how fast we do it.
How Fast We Act
| Action | Timeline | Recipient |
|---|---|---|
| Report to the government privacy agency (GDPR requires this) | Within 72 hours of finding the problem | The agency in your country that enforces privacy laws |
| Tell affected California residents (CCPA) | As quickly as possible | You, by email and in-app message |
| Tell affected EU/EEA residents (if high risk) | As quickly as possible | You, by email and in-app message |
| State-specific notices (US) | As required by your state's law (usually 30β60 days) | You, by email β and the state attorney general if the law requires it |
What We Will Tell You
If your data is affected, we'll tell you:
- What happened: What went wrong and when
- What data was involved: Which types of info may have been affected
- What we're doing about it: Steps we've taken or will take to fix things
- What you can do: Actions you can take to protect yourself
- How to reach us: Contact info so you can ask questions
Steps You Can Take
If we tell you about a breach, here's what you should do:
- Change your SignSafe password immediately
- Change passwords on any other accounts where you used the same password
- Monitor your accounts for unusual activity
- Consider placing a fraud alert with credit bureaus if financial info was involved
Why the Risk Is Limited
We don't store your contract documents β they're deleted within 60 seconds. So even in a breach, your contracts can't be stolen. They don't exist on our systems after we process them. The most that could be exposed is account info like your email.
5.2 Audits & Insurance
We regularly test our own security. We also carry insurance in case something goes wrong. If your company uses SignSafe and wants to see our security docs, just email enterprise@sign-safe.app.
5.5 Cookies and Tracking Technologies
Cookies are small files saved on your device. We use them to run SignSafe. Here's exactly what we use and how you control it.
Cookie Categories
| Category | Purpose | Consent Required? | Examples |
|---|---|---|---|
| Strictly Necessary | The site won't work without these | No (required to function) | Login session, security token, fraud protection |
| Functional | Remember your settings | No (required to function) | Dark/light mode, language, your cookie choice |
| Analytics | Help us see how people use the site (anonymous) | Yes (you choose) | Page views, which features get used, how fast the site loads |
We do not use: Advertising cookies, cross-site tracking cookies, or third-party marketing cookies.
Consent Mechanism
Web (sign-safe.app)
- First visit: A consent banner appears with two options: "Accept All" or "Essential Only"
- Essential Only: Analytics cookies are not set until you change your preference
- Accept All: Analytics cookies are enabled
- Change later: Click "Cookie Settings" in the footer, or visit the Privacy Portal
Mobile App
- First launch: A consent prompt appears during onboarding
- Change later: Go to Settings > Privacy > Analytics Preferences
- Phone settings: We also follow iOS "Ask App Not to Track" and Android "Opt out of Ads Personalization" settings
Managing Your Preferences
| Action | Web | Mobile App |
|---|---|---|
| View current settings | Footer > Cookie Settings | Settings > Privacy |
| Opt out of analytics | Cookie Settings > Essential Only | Settings > Privacy > Toggle off Analytics |
| Delete all cookies | Browser settings > Clear site data | Device settings > Clear app data |
| Reset consent | Privacy Portal > Reset Cookie Preferences | Settings > Privacy > Reset Consent |
Note: Blocking strictly necessary cookies will prevent login and core functionality from working.
5.6 The Weekly WTF Newsletter
Every week, we send out "The Weekly WTF"βa newsletter about the craziest contract clauses we've seen. Here's how it works without exposing anyone:
When You Sign Up
We keep:
- Your email (to send the newsletter, obviously)
- Whether you confirmed your email
- A special code so you can unsubscribe with one click
- Where you signed up (just for our records)
Want out? Every email has an unsubscribe link. Click it and you're done. No tricks.
Contributing Clause Data (Optional)
You can help us find bad clauses by sharing anonymous data from your scans. If you turn this on, we might use:
- Types of risky clauses (like "arbitration clause")
- Industry type (like "gym" or "streaming service")βNOT company names
- How risky each clause is
- Quotes with all personal info removed
How We Make Data Anonymous
Before we use any data in the newsletter, we scrub it clean:
- Company names β "[COMPANY]"
- "$47,500" β "$10K-$50K" (ranges only)
- Names, emails, phone numbers, addresses β All removed
- Must appear 5+ times β We only publish patterns that show up in multiple contracts
- Can't trace back to you β Everything gets scrambled IDs that aren't connected to your account
What We NEVER Put in the Newsletter
- Your name, email, or account info
- Real company names
- Exact dollar amounts or dates
- Your location (beyond country)
- Anything that could identify you or your contracts
You're Always in Control
- Off by default β You have to turn on clause sharing. It's not automatic.
- Stop anytime β Change your mind? Just turn it off in settings.
- Newsletter is separate β You can get the newsletter without sharing data, or share data without getting the newsletter.
- No penalties β Opting out doesn't affect your SignSafe access.
What's in the Newsletter
Every week you'll see:
- WTF of the Week β The worst clause we found
- Industry trends β Which industries have the worst contracts
- Stats β Data about risky clause types
- Explanations β Why certain clauses are bad for you
It's educational and (we hope) entertaining. Nobody's private info ever gets exposed.
6. Your Privacy Rights
Self-Service Privacy Portal
You can use most of your privacy rights right now through our Privacy Portal: see your data, download a copy, or delete your account. No waiting.
6.1 See Your Data
Want to know what we have on you? Visit our Privacy Portal and download everything in one click. You'll get a file with all your account info.
6.2 Delete Everything
Want to leave? Delete your account through the Privacy Portal or in the app settings:
- You have 30 days to change your mind
- After 30 days, everything is permanently gone
- No tricks, no "are you sure?" gauntlets
6.3 Turn Off Tracking
Don't want us collecting anonymous usage stats? Turn it off in the Privacy Portal or app settings. Easy.
6.4 California Residents (CCPA 2026)
California Privacy Law Update (January 2026)
California just made its privacy law even stronger. Here's what you can do.
What You Can Do
If you live in California, you have these rights:
| Your Right | What It Means | How To Do It |
|---|---|---|
| See your data | Ask us what info we have about you. You can go back to January 2022βno limits! | Privacy Portal or email us |
| Delete your data | Tell us to erase everything. (A few exceptions exist for legal reasons.) | Privacy Portal β one click! |
| Fix mistakes | If we got something wrong about you, we'll fix it. | Account settings or email us |
| Stop data sales | Tell us not to sell your info. Good news: we don't sell data anyway! | Already done for you |
| Limit sensitive info | Control how we use sensitive data about you. | Privacy Portal |
| Ask for a human | Want a person to review what our AI said? Just ask. | Email support@sign-safe.app |
| No punishment | We won't treat you worse for using these rights. Same service, same prices. | Automaticβwe just do this |
What Info Do We Actually Collect?
California law says we have to list every type of data we gather. Here's the full picture:
| Type of Data | Examples | We Collect? | We Sell? |
|---|---|---|---|
| Basic identifiers | Email, username, IP address | Yes | NEVER |
| Purchase info | Subscription status, what you bought | Yes | NEVER |
| How you use the app | Usage logs, which features you click (anonymous) | Yes | NEVER |
| Rough location | Country or region onlyβnot your address | Yes (rough) | NEVER |
| Your preferences | User type, if you told us | Only if you tell us | NEVER |
| What we figure out | Like what types of contracts you analyze | Very little | NEVER |
| Sensitive stuff | Might be in your contracts (but we delete it!) | Processed, not stored | NEVER |
| Biometrics | Fingerprints, face scans, etc. | NO | NEVER |
| Photos/Audio | Contract photos you upload | Processed, not stored | NEVER |
What Counts as "Sensitive" Info?
California law has a list of extra-protected data. Here's what we DON'T collect:
- β Brain data β We're not in your head
- β Kids' data β You must be 18+ to use SignSafe
- β Social Security numbers β Nope
- β Bank account info β We don't store that
- β Your exact location β Just country/region
- β Race or ethnicity β We don't ask
- β οΈ Health info β Might be in your contracts, but we delete it immediately
About Our AI
Our AI just reads contracts and tells you what it finds.
It does NOT:
- Decide if you get approved for anything
- Affect your job, housing, credit, education, or healthcare
- Make any decisions that affect your life
It just gives you information. That's it.
Want to know more about our AI? You can:
- Ask us how it works (email us!)
- Get a human to review any analysis (just ask)
- Opt out of AI analysis (we'll find another way to help)
No Sneaky Tricks
California banned "dark patterns"βthat's when companies use sneaky design to trick you. We promise:
- β Opting out is just as easy as opting in
- β No giant "YES" buttons next to tiny "no" links
- β Closing a popup doesn't mean you agreed to anything
- β No guilt trips or "Are you SURE you don't want privacy?"
- β No fake countdown timers
- β Everything is written in plain English
Your Browser Can Talk to Us
If your browser sends privacy signals, we listen:
- Global Privacy Control (GPC) β If your browser sends this, we automatically opt you out
- Do Not Track (DNT) β We respect this too
- Confirmation β When you opt out, we'll confirm within 15 business days
How Fast Do We Respond?
- We'll say we got it: Within 10 business days
- We'll finish the job: Within 45 days (sometimes 90 for complicated stuff)
- We'll make sure it's you: We verify identity before giving out data
Someone Else Doing It For You?
Want to send someone else to handle your privacy request? They can, but they need:
- Your written permission
- To prove who they are
- To email privacy@sign-safe.app with the paperwork
We Don't Pay You For Your Data
Some companies offer discounts if you give up privacy. We don't do that. Your data isn't for saleβperiod.
"Shine the Light" Law
California also has another law letting you ask if we share data with marketers. We don't. End of story.
How to Use Your California Rights
- Easy way: Privacy Portal β instant, no waiting
- Email: privacy@sign-safe.app
- Speed: Usually under a week. Max 45 days by law.
6.5 European Residents (GDPR)
If you're in Europe (EU or EEA), you have these rights:
- See your data β Get a copy of everything we have on you
- Fix mistakes β Tell us to correct wrong info
- Be forgotten β Ask us to delete everything
- Limit what we do β Tell us to stop using your data in certain ways
- Take your data with you β Download it in a format other services can read
- Say no β Object to how we use your data
- Change your mind β Take back any permission you gave us
- File a complaint β Report us to your country's privacy agency
We respond within 30 days. Email privacy@sign-safe.app.
Our EU Contact
European users can contact our EU representative:
- Email: eu-representative@sign-safe.app
- Address: Email privacy@sign-safe.app to request
Our Data Protection Officer
Got data protection questions?
- Email: dpo@sign-safe.app
- Response: Within 5 business days
Want to Complain?
You can report us to your country's privacy authority. Find yours at the EDPB Members Directory. Common ones:
- Ireland: dataprotection.ie
- Germany: Your regional DatenschutzbehΓΆrde
- France: cnil.fr
- Netherlands: autoriteitpersoonsgegevens.nl
6.6 UK Residents
The UK has its own privacy law (UK GDPR). You have the same rights as EU residents listed above. Email privacy@sign-safe.app.
6.7-6.20 Other U.S. States With Privacy Laws
Many states now have their own privacy laws. If you live in one of these states, you have extra rights:
- Virginia, Colorado, Connecticut, Utah β Privacy laws since 2023
- Texas, Oregon, Montana β Privacy laws since 2024
- Delaware, Iowa, New Jersey, New Hampshire, Tennessee β Privacy laws since 2025
- Indiana β Privacy law starting 2026
In all these states, you can:
- β See what data we have
- β Fix wrong info
- β Delete your data
- β Download your data
- β Opt out of targeted ads (we don't do targeted ads, but still!)
- β Opt out of data sales (we don't sell data anyway)
We also follow Global Privacy Control (GPC) signals. If your browser sends one, we automatically do what it says.
To use your rights: Email privacy@sign-safe.app with "Privacy Rights Request" and tell us your state. We usually respond within a week β 45 days max by law.
Full State-by-State Legal Details (Click to Expand)
Your core rights are the same in every state: see your data, fix mistakes, delete your data, download your data, and opt out. Here are the small differences:
Virginia: All core rights, plus you can appeal if we deny a request
Colorado: All core rights, plus we must honor universal opt-out signals
Connecticut: All core rights
Utah: See, delete, download, and opt out (no correction right)
Texas: All core rights, plus appeal rights
Oregon: All core rights, plus we must list who we share data with
Montana: All core rights
Delaware: All core rights, plus third-party sharing list
Iowa: See, delete, download, and opt out
New Jersey: All core rights, plus appeal rights
New Hampshire: All core rights
Tennessee: All core rights
Indiana: All core rights
7. Age Requirements
7.1 Minimum Age by Region
SignSafe is built for adults who need to review contracts. How old you need to be depends on where you live:
| Region | Minimum Age | Legal Basis |
|---|---|---|
| United States | 18 years | You must be a legal adult to sign contracts in the US |
| European Union / EEA | 16 years | EU privacy law sets 16 as the minimum for digital services |
| United Kingdom | 16 years | UK privacy law matches the EU threshold |
| All other regions | 18 years | Standard legal adult age |
7.2 How We Check Your Age
- When you sign up: You must confirm you're old enough
- Payment: Having a credit card is another sign you're an adult
- If we have concerns: If we think an account holder might be underage, we pause the account until we can confirm
7.3 Children's Privacy (COPPA β United States)
We follow the Children's Online Privacy Protection Act (COPPA). We never knowingly collect info from children under 13 in the United States.
Think a child under 13 made an account?
- Email privacy@sign-safe.app immediately
- Include the account email or username if known
- We'll delete all their data within 24 hours once we confirm
7.4 EU Parental Consent (Ages 13β15)
In the EU/EEA, users ages 13β15 need a parent's permission to use SignSafe.
- If we find out someone in this age group signed up without a parent's OK, we pause the account.
- We then email the address on file to ask a parent to verify.
7.5 Special Types of Data
Some contracts have extra-sensitive information. Here's what you should know:
7.5.1 Medical Contracts (HIPAA)
We're NOT a healthcare company. We're not set up to handle medical records. Our advice:
- Don't upload contracts with detailed medical info
- If you need to analyze health contracts, remove patient names and medical record numbers first
- If your healthcare company needs a HIPAA agreement, email enterprise@sign-safe.app
Good news: We delete everything right away, so any health info is gone right after analysis.
7.5.2 Financial Contracts
Got contracts with financial info?
- We analyze it but don't store it
- We don't share financial info with anyone
- If you can, remove account numbers and SSNs before uploading
7.5.3 Biometric Data (Illinois BIPA)
We don't touch biometric data:
- β No facial recognition
- β No fingerprints
- β No voice analysis
- β No eye scans
We just read text. That's it. Illinois residents: you're covered.
7.5.4 Lawyer-Client Privilege
Heads up: Uploading private conversations with your lawyer to any outside service could affect your legal protection. Ask your attorney before uploading anything privileged. We delete it right away, which helps β but the choice is yours.
8. Links to External Sites
SignSafe may have links to other websites. When you click a link that takes you away from SignSafe, our privacy policy no longer covers you. Check the other site's privacy policy before sharing your info.
9. Changes to This Policy
We may update this policy when our practices change or the law requires it. When we do:
- The updated policy will be posted at this URL
- The "Last Updated" date at the top will be revised
- For material changes, we will notify you by email
- We may display a notice within the app
Big changes that affect your rights: If we start collecting more data or limit your rights, we'll warn you 30 days before the change kicks in. Don't like the change? You can delete your account before it takes effect.
10. Our Commitments
These are real promises backed by this contract β not just nice words:
SignSafe Privacy Commitments
- You can go to court β You keep the right to sue us in a real court. No forced arbitration.
- Class actions are OK β You can join a group lawsuit if we mess up.
- We never sell your data β We don't sell, rent, or trade your personal data. Period.
- Free data export β Download a copy of your data anytime through the Privacy Portal. No charge.
- Delete means delete β When you delete your account, we remove your data from active systems right away and from backups within 30 days. The 30-day window lets you change your mind and recover your account.
- No sneaky design β Leaving is just as easy as joining. Opting out takes the same number of clicks as opting in.
- We'll explain anything β If any part of this policy is confusing, email privacy@sign-safe.app and we'll clear it up.
Cancellation & Refunds
We don't trap you:
- Cancel anytime β No fees, no penalties, one click
- 14-day refund β Changed your mind? Full refund, no questions asked
- After 14 days β You still get back the unused portion
- We warn you before renewal β Email reminder 7 days before we charge you
If Something Goes Wrong
Most companies limit what they owe you to $0. We think that's wrong.
- Our limit: What you paid us in the last 12 months, OR $100 β whichever is more
- No limit: If we mess up your security, act really badly, or break privacy laws
- Fair: You're only on the hook for your own mistakes, not ours
This policy has been reviewed using SignSafe's own analysis tools.
If We Disagree
- Sue us where you live β Or in Delaware. Your choice.
- Small claims court β Always an option
- Class actions β Totally allowed
- Talk first β Let's try to work it out for 30 days before going to court
11. Contact Information
Have questions about this policy or want to use your privacy rights? Here's how to reach us:
- Privacy questions: privacy@sign-safe.app
- Data protection officer: dpo@sign-safe.app
- Legal/compliance: legal@sign-safe.app
- How fast we respond: We'll confirm we got your message within 5 business days. Full response within 30 days (45 days if it's complicated)
Version History
Complete history of changes to this policy:
- v5.0 (Feb 4, 2026): GDPR Art. 22 Better AI explanations, added legal basis table, clearer data timelines, cross-border protections, age rules, service provider details, cookie controls, and breach notification steps
- v4.0 (Jan 21, 2026): CCPA 2026 California's new privacy law compliance
- v3.0 (Jan 13, 2026): Enterprise features, more state laws, HIPAA/BIPA awareness
- v2.2 (Jan 12, 2026): Added TL;DR summary, refund rights, liability cap
- v2.1 (Jan 12, 2026): Newsletter privacy details
- v2.0 (Jan 9, 2026): Major GDPR/CCPA update
- v1.0 (Dec 2025): First version
Remember: SignSafe helps you understand contracts. It's not legal advice. For important decisions, talk to a real lawyer.
Achievement Unlocked: Policy Reader
You read our entire privacy policy. Only 1% of users do this. You're now in the elite club of people who actually know what they're agreeing to.
Pro tip: Did you try running this policy through SignSafe? We did. It's... actually pretty good. No dark patterns detected. You're welcome.