Privacy Policy

1. Introduction

SignOnline ("we," "our," or "us"), operated by IGNITE, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform and related services (the "Service").

By using SignOnline, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, company name, job title
• Authentication data: passwords (encrypted), SSO credentials via WorkOS
• Document data: uploaded PDFs, recipient information, signature data, form choices
• Payment information: processed securely through Stripe (we do not store card details)
• Team information: team names, member details, custom branding assets
• Communication data: messages included with signing invitations, support inquiries

2.2 Information Collected Automatically

• Usage data: features used, documents created, signing workflows completed
• Device information: IP address, browser type, operating system
• Analytics data: page views, user interactions, session recordings via PostHog
• Cookies and similar technologies for authentication and preferences
• Activity logs: document actions, login/logout events, timestamp data

2.3 Information from Third Parties

• SSO provider data: profile information from WorkOS (name, email, organization)
• Payment processor data: subscription status from Stripe

3. How We Use Your Information

We use collected information to:

• Provide and maintain our electronic signature service
• Process documents, signatures, and form submissions
• Send signing invitations and notifications
• Authenticate users and manage accounts
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Generate audit trails and verification certificates
• Improve our Service through analytics and usage patterns
• Comply with legal obligations and enforce our terms
• Send service updates and optional marketing communications

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

4.1 Service Providers

• Supabase: Database hosting and file storage
• WorkOS: Authentication and SSO services
• Stripe: Payment processing
• AWS SES: Email delivery
• PostHog: Analytics and usage tracking

4.2 Document Recipients

When you send documents for signature, recipient information is shared as necessary to complete the signing process.

4.3 Legal Requirements

We may disclose information to comply with legal obligations, court orders, or government requests.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred to the successor entity.

4.5 Consent

We may share information with your explicit consent.

5. Data Security

We implement technical and organizational measures to protect your information:

• Encryption in transit using HTTPS/TLS
• Secure authentication with JWT tokens and httpOnly cookies
• Database-level row security in PostgreSQL
• Unique verification IDs and tamper-proof document stamping
• Regular security audits and monitoring
• Access controls and employee training

While we strive to protect your information, no method of transmission over the internet is 100% secure.

6. Data Retention

We retain your information for as long as necessary to provide our Service and comply with legal obligations:

• Account data: Retained while account is active plus reasonable period afterward
• Documents: Stored indefinitely unless deletion is requested
• Activity logs: Maintained for audit and legal compliance purposes
• Analytics data: Aggregated and anonymized after 90 days

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your account information through your dashboard.

7.2 Data Portability

You may request a copy of your data in a structured, machine-readable format.

7.3 Deletion

You can request deletion of your account and associated data, subject to legal retention requirements.

7.4 Communication Preferences

You can manage email notifications and marketing communications in your account settings.

7.5 Cookie Management

You can control cookies through your browser settings, though this may impact Service functionality.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where required.

9. GDPR Compliance (EEA Residents)

If you are in the European Economic Area, you have additional rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with supervisory authorities

Our legal bases for processing include consent, contract performance, and legitimate interests.

10. California Privacy Rights (CCPA)

California residents have the right to:

• Know what personal information we collect, use, and share
• Delete personal information (with exceptions)
• Opt-out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising privacy rights

11. Children's Privacy

SignOnline is not intended for use by children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by updating the "Last Updated" date and, for significant changes, providing additional notice through email or the Service.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: