SignSphere

1. Introduction and Scope

SignSphere, LLC ("we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect information when you use our electronic signature platform and related services.

This policy applies to all users of SignSphere's services, including our website, mobile applications, APIs, and any other services we provide. By using our services, you consent to the collection and use of information in accordance with this policy.

Important: We are committed to transparency and compliance with global privacy regulations including GDPR, CCPA, and other applicable data protection laws.

2. Information We Collect

We collect information you provide directly to us, information we obtain automatically when you use our services, and information from third-party sources.

Personal Information You Provide:

Account Information: Name, email address, phone number, company name, job title, and password
Profile Information: Profile picture, bio, preferences, and settings
Payment Information: Billing address, payment method details (processed securely by our payment processors)
Document Content: Documents, templates, signatures, and related metadata you upload or create
Communication Data: Messages, support tickets, feedback, and survey responses
Identity Verification: Government-issued ID, biometric data (when required for advanced authentication)

Information We Collect Automatically:

Usage Data: Pages visited, features used, time spent, click patterns, and user interactions
Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
Location Data: General geographic location based on IP address (not precise location)
Log Data: Server logs, error reports, performance metrics, and security events
Cookies and Tracking: Session cookies, preference cookies, and analytics tracking data

Information from Third Parties:

Integration partners (Google Drive, Dropbox, Salesforce, etc.)
Identity verification services
Payment processors and financial institutions
Marketing and analytics partners
Public databases and social media platforms (when you connect accounts)

3. How We Use Your Information

We use the information we collect for various purposes to provide, maintain, and improve our services:

Service Provision:

Process and facilitate electronic signatures and document workflows
Authenticate users and maintain account security
Store and manage your documents and templates
Enable collaboration and sharing features
Process payments and manage subscriptions
Provide customer support and respond to inquiries

Communication:

Send transactional emails (signature requests, completions, reminders)
Provide important service updates and security notifications
Send marketing communications (with your consent)
Respond to support requests and feedback

Improvement and Analytics:

Analyze usage patterns to improve our platform and develop new features
Conduct research and analytics to enhance user experience
Monitor and analyze performance, security, and reliability
Personalize content and recommendations

Legal and Compliance:

Ensure security and prevent fraud, abuse, and illegal activities
Comply with legal obligations and regulatory requirements
Enforce our Terms of Service and other policies
Protect our rights, property, and safety, and that of our users
Maintain audit trails and legal documentation

4. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

With Your Consent:

When you explicitly authorize us to share information
When you use integrations with third-party services
When you invite others to collaborate on documents

Service Providers:

Cloud hosting and infrastructure providers
Payment processors and financial services
Customer support and communication tools
Analytics and monitoring services
Security and fraud prevention services

Legal Requirements:

To comply with applicable laws, regulations, or legal processes
To respond to lawful requests from public authorities
To protect our rights, property, or safety
To investigate and prevent fraud or security issues

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

5. Data Security and Protection

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

AES-256 encryption for data at rest
TLS 1.3 encryption for data in transit
End-to-end encryption for sensitive documents
Secure key management and rotation
Multi-factor authentication
Regular security audits and penetration testing

Operational Safeguards

Role-based access controls
Employee background checks and training
Incident response and breach notification procedures
Regular backup and disaster recovery testing
Vendor security assessments
Compliance monitoring and auditing

Compliance Certifications:

SOC 2 Type II: Annual audits of security, availability, and confidentiality controls
ISO 27001: Information security management system certification
GDPR Compliance: European data protection regulation adherence
HIPAA Ready: Healthcare information privacy and security standards

Security Notice: While we implement robust security measures, no system is 100% secure. We encourage users to use strong passwords and enable two-factor authentication.

6. Data Retention and Deletion

We retain your personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention Periods:

Account Data: Retained while your account is active and for 3 years after closure
Document Data: Retained according to your subscription plan and legal requirements
Audit Trails: Retained for 7 years for legal and compliance purposes
Usage Analytics: Aggregated data retained indefinitely, personal identifiers removed after 2 years
Support Communications: Retained for 3 years for quality assurance and training

Data Deletion:

When data is no longer needed, we securely delete or anonymize it. You can request deletion of your personal data, subject to legal and contractual obligations. Some information may be retained in backup systems for up to 90 days after deletion.

7. Your Rights and Choices

You have several rights regarding your personal information. The availability of these rights may vary based on your location and applicable laws.

Data Subject Rights:

Access: Request a copy of your personal data and information about how it's processed
Correction: Update or correct inaccurate or incomplete information
Deletion: Request deletion of your personal data (subject to legal obligations)
Portability: Export your data in a structured, machine-readable format
Restriction: Limit how we process your personal data in certain circumstances
Objection: Object to processing based on legitimate interests or for direct marketing
Withdraw Consent: Withdraw consent for processing where consent is the legal basis

Communication Preferences:

Unsubscribe from marketing emails using the link in each email
Manage notification preferences in your account settings
Contact us to opt out of certain communications

How to Exercise Your Rights:

To exercise any of these rights, please contact us at privacy@signsphere.net or through your account settings. We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before processing certain requests.

Right to Complain: If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

8. International Data Transfers

SignSphere operates globally and may transfer your personal information to countries other than your own. We ensure appropriate safeguards are in place for international transfers:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions for transfers to countries with adequate protection
Binding Corporate Rules for transfers within our corporate group
Certification schemes and codes of conduct where applicable

We maintain data processing agreements with all service providers that handle personal data on our behalf, ensuring they provide adequate protection regardless of location.

9. Children's Privacy

SignSphere is not intended for use by children under the age of 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children under this age.

If we become aware that we have collected personal information from a child under the applicable age without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us immediately.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

Update the "Last updated" date at the top of this policy
Notify you via email if the changes are material
Post a notice on our website highlighting significant changes
Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

11. Contact Us

If you have any questions about this Privacy Policy, our data practices, or would like to exercise your privacy rights, please contact us:

Privacy Officer: privacy@signsphere.net

Address: SignSphere, LLC
Privacy Department
104 S Michigan Ave, Suite 400
Chicago, IL 60603

Phone: (773) 721-8702