Skip to main content

Privacy Policy

Last updated: April 18, 2026

SignQuick ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform. Please read this policy carefully. By using SignQuick, you consent to the practices described herein.

1. Information We Collect

Information You Provide

  • Account information: name, email address, and password when you create an account
  • Profile information: organization name, role, and avatar if provided
  • Documents: files you upload for signing, including any personal data contained within them
  • Signature data: drawn signatures, typed names, and initials
  • Payment information: billing details processed through Stripe (we never store your full card number)
  • Communications: messages you send to us via email or the contact form

Information Collected Automatically

  • Usage data: pages visited, features used, and actions taken within the Service
  • Device information: browser type, operating system, and screen resolution
  • Network information: IP address, approximate geographic location, and referring URL
  • Audit trail data: IP addresses, timestamps, and user-agent strings of signers for legal compliance

Information We Do Not Accept

SignQuick is a general-purpose e-signature service and is not configured, certified, or contractually positioned for regulated data. You must not upload or transmit through the Service any information that is governed by specialized regulatory regimes, including (but not limited to) Protected Health Information (PHI/ePHI) subject to HIPAA, cardholder data subject to PCI DSS, classified or export-controlled information, and biometric identifiers regulated under laws such as the Illinois Biometric Information Privacy Act (BIPA). A full list and the consequences of breach appear in Section 8 of our Terms of Service. SignQuick does not sign Business Associate Agreements (BAAs) and is not HIPAA-compliant.

Signing Location

When you sign a document, we capture both your IP address (always, used for fraud detection and audit-trail evidence) and — if your browser permits — your precise geolocation coordinates (latitude/longitude with an accuracy radius), recorded with explicit consent at the time of signing. You can decline the geolocation prompt without affecting your ability to sign. Captured geolocation is stored alongside the signed document and included in the audit-trail PDF.

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under the following legal bases:

  • Contract performance: processing necessary to provide the Service you requested (account management, document processing, signature delivery)
  • Legitimate interests: improving and securing the Service, preventing fraud, and communicating service updates
  • Legal obligation: maintaining audit trails and records as required by electronic signature laws
  • Consent: where you have given explicit consent, such as opting in to marketing communications

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain our e-signature service
  • Send documents for signing and deliver completion notifications
  • Create and maintain audit trails for legal compliance
  • Process payments and manage your subscription
  • Send service-related communications (e.g., team invitations, document status updates)
  • Respond to your inquiries and provide customer support
  • Detect, prevent, and address technical issues and security threats
  • Improve and optimize the Service
  • Comply with legal obligations

We do not use your documents or signature data for advertising, profiling, or any purpose unrelated to delivering the Service.

4. Document Storage & Security

Documents are stored securely using industry-standard encryption (AES-256 at rest, TLS 1.2+ in transit). We use Supabase for data storage with row-level security policies ensuring users can only access documents belonging to their organization. Signed documents are stored with tamper-evident audit trails including signer IP addresses, timestamps, and browser fingerprints.

5. Third-Party Services

We share your information with the following third-party service providers, solely as necessary to operate the Service:

  • Supabase (database, authentication, and file storage) — U.S.-based
  • Stripe (payment processing) — we never store your full card number; see Stripe's Privacy Policy
  • Resend (transactional email delivery) — U.S.-based
  • Vercel (application hosting) — U.S.-based, with global edge network
  • Google (optional OAuth authentication) — see Google's Privacy Policy

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. International Data Transfers

SignQuick is based in the United States, and our primary infrastructure is hosted in U.S. data centers. If you access the Service from outside the United States, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. For users in the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards to ensure adequate protection of your data.

7. Data Retention

We retain your documents and account data for as long as your account is active. Audit logs are retained for a minimum of seven (7) years for legal compliance purposes. Upon account deletion, we will delete your personal data within thirty (30) days, except where retention is required by law or necessary to resolve disputes.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Correction: request that we correct inaccurate or incomplete data
  • Deletion: request deletion of your personal data (subject to legal retention requirements)
  • Portability: export your documents at any time through the Service
  • Restriction: request that we restrict processing of your data in certain circumstances
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: you may request the categories and specific pieces of personal information we have collected about you
  • Right to Delete: you may request that we delete your personal information
  • Right to Opt-Out of Sale: we do not sell your personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link
  • Right to Non-Discrimination: we will not discriminate against you for exercising your privacy rights

To submit a CCPA request, contact [email protected]. We may need to verify your identity before processing your request.

9. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we discover that we have collected personal information from a child under the applicable age, we will promptly delete that information. If you believe a child has provided us with personal data, please contact us at [email protected].

10. Cookies

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not respond to "Do Not Track" browser signals because we do not engage in cross-site tracking.

11. Data Breach Notification

In the event of a data breach that compromises the security of your personal information, we will notify affected users via email without unreasonable delay and no later than seventy-two (72) hours after becoming aware of the breach, as required by applicable law. We will also notify relevant regulatory authorities where legally required.

12. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or through a prominent notice within the Service at least thirty (30) days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions, concerns, or to exercise your data rights, contact us at:

SignQuick Privacy Team

Email: [email protected]