Privacy Policy

Last updated: January 30, 2026

1. Introduction

API Sign ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform and API services.

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address
  • Organization name (if applicable)
  • Password (stored in encrypted form)
  • Payment information (processed securely by Stripe)

Document and Signature Data

When you use our Service, we collect:

  • Templates and documents you create or upload
  • Signer names and email addresses
  • Electronic signatures and signing timestamps
  • IP addresses of signers at time of signature
  • Browser and device information for audit purposes

Usage Information

We automatically collect:

  • Log data (IP address, browser type, pages visited)
  • Device information (operating system, device type)
  • API usage data (endpoints accessed, request timestamps)
  • Performance and error data

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process transactions and send related information
  • Send transactional emails (contract notifications, receipts)
  • Respond to your comments, questions, and support requests
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and fraud
  • Maintain audit trails for legal validity of signatures
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), we process your personal data based on:

  • Contract: Processing necessary to provide our Service
  • Legitimate interests: Improving our Service, security, fraud prevention
  • Legal obligation: Compliance with applicable laws
  • Consent: Where you have given explicit consent

5. Information Sharing

We do not sell your personal information. We may share information in the following circumstances:

Service Providers

We share data with third-party vendors who assist in providing our Service:

  • Stripe (payment processing)
  • Cloud hosting providers (data storage)
  • Email delivery services (transactional emails)
  • Analytics providers (usage analysis)

Legal Requirements

We may disclose information if required by law or in response to valid legal process, such as subpoenas, court orders, or government requests.

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure password hashing
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure API key management

7. Data Retention

We retain your data for as long as necessary to provide our Service and fulfill the purposes described in this policy:

  • Account data: Retained while your account is active
  • Documents and signatures: Retained for the duration of your account plus 7 years for legal compliance
  • Audit logs: Retained for 7 years to ensure legal validity of signatures
  • Usage logs: Retained for up to 2 years

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request transfer of your data
  • Objection: Object to certain processing activities
  • Restriction: Request restriction of processing
  • Withdraw consent: Withdraw previously given consent

To exercise these rights, please contact us through our support page. We will respond to your request within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns
  • Improve our Service

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our Service.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your rights

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at our support page.