Your Privacy Matters
This Privacy Policy explains how SignSafe Technologies Pvt. Ltd. ("SignSafe", "we", "our", or "us") collects, uses, stores, and protects your personal data and the documents you upload to our platform. We are committed to transparency and compliance with India's Digital Personal Data Protection Act (DPDP Act), 2023 and all applicable regulations.
Confidentiality Warning — Read Before Uploading
Do not upload documents containing trade secrets, attorney-client privileged communications, or information subject to a court-ordered protective order unless you have fully reviewed this policy. By uploading a document, you confirm you have the legal right and authority to share it with our service and that doing so does not violate any confidentiality obligation, non-disclosure agreement, or applicable law. SignSafe is not responsible for any breach of confidentiality arising from your voluntary upload.
1. Overview
SignSafe is an AI-powered contract analysis platform designed for Indian individuals and businesses. When you use our service, you may share personal information and sensitive business documents with us. This policy governs all such data.
We act as a Data Fiduciary under the DPDP Act, 2023 — meaning we determine the purpose and means of processing your personal data and are accountable for its lawful use.
By using SignSafe, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the service.
2. Information We Collect
We collect the following categories of data:
- • Full name (from Google OAuth or provided)
- • Email address
- • Profile photo URL (Google)
- • Authentication UID (Firebase)
- • Account creation date
- • Uploaded contract files (PDF / DOCX)
- • Extracted text content from documents
- • File metadata (name, size, type)
- • AI analysis results and risk scores
- • Pages visited and features used
- • Upload timestamps and frequency
- • Session duration and interactions
- • Device type, browser, and OS
- • IP address (anonymised after 30 days)
- • Firebase authentication tokens
- • Error and diagnostic logs
- • Referral source (UTM parameters)
3. Your Uploaded Documents — Special Protections
Your documents are treated as sensitive data
Documents you upload may contain personal data of third parties (e.g., counterparties in an agreement). By uploading, you warrant that you have obtained any necessary consents from those third parties for this processing.
- Encryption at rest: All uploaded files and extracted text are encrypted using AES-256.
- Encryption in transit: All data is transmitted over HTTPS / TLS 1.3.
- Access controls: Only you can access your documents. Our staff does not access your documents except for security incident response with your explicit consent.
- No training use by default: We do not use your uploaded documents to train our AI models without your explicit, separately-obtained consent. When and if we offer such a programme, participation will be strictly opt-in.
- Retention: See Section 6 (Data Retention) below.
4. How We Use Your Data
We process your data on the following lawful bases:
Contract Performance
To deliver the core service — analysing your uploaded documents and presenting risk reports.
Legitimate Interest
To improve platform reliability, troubleshoot errors, detect fraud, and prevent abuse.
Consent
To send you product updates, newsletters, and marketing emails. You may opt out at any time.
Legal Obligation
To comply with applicable Indian laws, court orders, or regulatory requests.
5. AI Processing & Third-Party Processors
AI Disclosure
SignSafe uses third-party AI services (including Google Gemini API) to process your contract text. By uploading a document, you acknowledge that its extracted text may be transmitted to these processors subject to their data processing agreements and our instructions. We have executed Data Processing Agreements (DPAs) with each processor requiring them to treat your data as confidential and delete it upon completion of the request.
Our third-party sub-processors include:
- Google Firebase (Authentication, database, storage) — governed by Google's DPA and Privacy Policy.
- Google Gemini API (AI contract analysis) — zero data retention policy; text is not used for model training per our API agreement.
- Vercel / cloud hosting providers — infrastructure for serving the application.
We do not sell, rent, or trade your personal data to any third party for commercial purposes, ever.
Cross-border transfers: Some processors may be located outside India. We ensure such transfers are protected by equivalent contractual safeguards (Standard Contractual Clauses or equivalent) as required under the DPDP Act and its rules.
6. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Until account deletion + 30 days | Service provision & fraud prevention |
| Uploaded documents | Deleted immediately after analysis | Temporary processing for AI review |
| AI analysis results | Until account deletion + 30 days | Historical reports & dashboard retrieval |
| Usage / log data | 90 days (anonymised after 30 days) | Security & performance monitoring |
| Payment records | 7 years | Indian tax & accounting law (GST) |
| Support communications | 3 years | Dispute resolution & compliance |
You may request earlier deletion of your documents and account at any time by contacting support@signsafe.in. We will process deletion within 30 days, except where retention is required by law.
7. Your Rights Under the DPDP Act, 2023
As a Data Principal, you have the following rights under India's Digital Personal Data Protection Act, 2023:
Right to Access
Request a summary of personal data we hold about you and how it is being processed.
Right to Correction
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data when it is no longer needed for the stated purpose.
Right to Grievance Redressal
Lodge a complaint with our Grievance Officer (see Section 11) and escalate to the Data Protection Board of India.
Right to Withdraw Consent
Withdraw consent for processing at any time where consent is the lawful basis.
Right to Nominate
Nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any right, email us at support@signsafe.in with the subject line "Data Rights Request". We will respond within 30 days (or as required by the DPDP Act).
8. Security Measures
We implement the following technical and organisational security measures:
- AES-256 encryption of documents and sensitive data at rest.
- TLS 1.3 encryption for all data in transit.
- Role-based access control — minimum necessary access for personnel.
- Regular security reviews and vulnerability assessments.
- Firebase Security Rules restricting all database and storage access to the authenticated owner only.
- Automatic session expiry and token rotation.
Data Breach Response: In the event of a personal data breach, we will notify affected users and the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by applicable law.
Despite our best efforts, no internet-based service can guarantee absolute security. You should take care to use strong, unique passwords and log out from shared devices.
10. Children's Privacy
SignSafe is intended solely for users aged 18 years and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately at support@signsafe.in and we will promptly delete the account and associated data.
11. Grievance Officer
As required by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer:
Name: Grievance Officer, SignSafe
Email: grievance@signsafe.in
Address: Bengaluru, Karnataka, India
Response time: Acknowledgement within 24 hours; resolution within 15 days.
If your grievance is not resolved within 15 days, you may escalate to the Data Protection Board of India once constituted, or to the appropriate court of jurisdiction.
12. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send an email notification to all registered users.
- Display an in-app banner for 30 days following the change.
Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.
13. Contact Us
For any questions, concerns, or requests related to this Privacy Policy:
Also read our Terms of Service
Governs your use of the SignSafe platform.