SignSafeSignSafe
Privacy Policy

Your Privacy Matters

This Privacy Policy explains how SignSafe Technologies Pvt. Ltd. ("SignSafe", "we", "our", or "us") collects, uses, stores, and protects your personal data and the documents you upload to our platform. We are committed to transparency and compliance with India's Digital Personal Data Protection Act (DPDP Act), 2023 and all applicable regulations.

Last updated: 4 July 2026·Effective: 4 July 2026·Governing law: India

Confidentiality Warning — Read Before Uploading

Do not upload documents containing trade secrets, attorney-client privileged communications, or information subject to a court-ordered protective order unless you have fully reviewed this policy. By uploading a document, you confirm you have the legal right and authority to share it with our service and that doing so does not violate any confidentiality obligation, non-disclosure agreement, or applicable law. SignSafe is not responsible for any breach of confidentiality arising from your voluntary upload.

1. Overview

SignSafe is an AI-powered contract analysis platform designed for Indian individuals and businesses. When you use our service, you may share personal information and sensitive business documents with us. This policy governs all such data.

We act as a Data Fiduciary under the DPDP Act, 2023 — meaning we determine the purpose and means of processing your personal data and are accountable for its lawful use.

By using SignSafe, you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the service.

2. Information We Collect

We collect the following categories of data:

Account & Identity Data
  • Full name (from Google OAuth or provided)
  • Email address
  • Profile photo URL (Google)
  • Authentication UID (Firebase)
  • Account creation date
Document Data
  • Uploaded contract files (PDF / DOCX)
  • Extracted text content from documents
  • File metadata (name, size, type)
  • AI analysis results and risk scores
Usage Data
  • Pages visited and features used
  • Upload timestamps and frequency
  • Session duration and interactions
  • Device type, browser, and OS
Technical Data
  • IP address (anonymised after 30 days)
  • Firebase authentication tokens
  • Error and diagnostic logs
  • Referral source (UTM parameters)

3. Your Uploaded Documents — Special Protections

Your documents are treated as sensitive data

Documents you upload may contain personal data of third parties (e.g., counterparties in an agreement). By uploading, you warrant that you have obtained any necessary consents from those third parties for this processing.

  • Encryption at rest: All uploaded files and extracted text are encrypted using AES-256.
  • Encryption in transit: All data is transmitted over HTTPS / TLS 1.3.
  • Access controls: Only you can access your documents. Our staff does not access your documents except for security incident response with your explicit consent.
  • No training use by default: We do not use your uploaded documents to train our AI models without your explicit, separately-obtained consent. When and if we offer such a programme, participation will be strictly opt-in.
  • Retention: See Section 6 (Data Retention) below.

4. How We Use Your Data

We process your data on the following lawful bases:

Contract Performance

To deliver the core service — analysing your uploaded documents and presenting risk reports.

Legitimate Interest

To improve platform reliability, troubleshoot errors, detect fraud, and prevent abuse.

Consent

To send you product updates, newsletters, and marketing emails. You may opt out at any time.

Legal Obligation

To comply with applicable Indian laws, court orders, or regulatory requests.

5. AI Processing & Third-Party Processors

AI Disclosure

SignSafe uses third-party AI services (including Google Gemini API) to process your contract text. By uploading a document, you acknowledge that its extracted text may be transmitted to these processors subject to their data processing agreements and our instructions. We have executed Data Processing Agreements (DPAs) with each processor requiring them to treat your data as confidential and delete it upon completion of the request.

Our third-party sub-processors include:

  • Google Firebase (Authentication, database, storage) — governed by Google's DPA and Privacy Policy.
  • Google Gemini API (AI contract analysis) — zero data retention policy; text is not used for model training per our API agreement.
  • Vercel / cloud hosting providers — infrastructure for serving the application.

We do not sell, rent, or trade your personal data to any third party for commercial purposes, ever.

Cross-border transfers: Some processors may be located outside India. We ensure such transfers are protected by equivalent contractual safeguards (Standard Contractual Clauses or equivalent) as required under the DPDP Act and its rules.

6. Data Retention

Data TypeRetention PeriodReason
Account dataUntil account deletion + 30 daysService provision & fraud prevention
Uploaded documentsDeleted immediately after analysisTemporary processing for AI review
AI analysis resultsUntil account deletion + 30 daysHistorical reports & dashboard retrieval
Usage / log data90 days (anonymised after 30 days)Security & performance monitoring
Payment records7 yearsIndian tax & accounting law (GST)
Support communications3 yearsDispute resolution & compliance

You may request earlier deletion of your documents and account at any time by contacting support@signsafe.in. We will process deletion within 30 days, except where retention is required by law.

7. Your Rights Under the DPDP Act, 2023

As a Data Principal, you have the following rights under India's Digital Personal Data Protection Act, 2023:

Right to Access

Request a summary of personal data we hold about you and how it is being processed.

Right to Correction

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data when it is no longer needed for the stated purpose.

Right to Grievance Redressal

Lodge a complaint with our Grievance Officer (see Section 11) and escalate to the Data Protection Board of India.

Right to Withdraw Consent

Withdraw consent for processing at any time where consent is the lawful basis.

Right to Nominate

Nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any right, email us at support@signsafe.in with the subject line "Data Rights Request". We will respond within 30 days (or as required by the DPDP Act).

8. Security Measures

We implement the following technical and organisational security measures:

  • AES-256 encryption of documents and sensitive data at rest.
  • TLS 1.3 encryption for all data in transit.
  • Role-based access control — minimum necessary access for personnel.
  • Regular security reviews and vulnerability assessments.
  • Firebase Security Rules restricting all database and storage access to the authenticated owner only.
  • Automatic session expiry and token rotation.

Data Breach Response: In the event of a personal data breach, we will notify affected users and the Data Protection Board of India within 72 hours of becoming aware of the breach, as required by applicable law.

Despite our best efforts, no internet-based service can guarantee absolute security. You should take care to use strong, unique passwords and log out from shared devices.

9. Cookies & Tracking Technologies

We use the following types of cookies and local storage:

  • Strictly necessary cookies: Firebase authentication tokens stored in your browser's local storage to keep you logged in. These cannot be disabled.
  • Analytics cookies: We may use Google Analytics (with IP anonymisation enabled) to understand aggregate usage patterns. These are only set with your consent.
  • No third-party advertising trackers. We do not use Facebook Pixel, ad retargeting, or similar tracking technologies.

You can manage cookies via your browser settings. Disabling authentication cookies will prevent you from using the platform.

10. Children's Privacy

SignSafe is intended solely for users aged 18 years and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us immediately at support@signsafe.in and we will promptly delete the account and associated data.

11. Grievance Officer

As required by the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, we have appointed a Grievance Officer:

Name: Grievance Officer, SignSafe

Email: grievance@signsafe.in

Address: Bengaluru, Karnataka, India

Response time: Acknowledgement within 24 hours; resolution within 15 days.

If your grievance is not resolved within 15 days, you may escalate to the Data Protection Board of India once constituted, or to the appropriate court of jurisdiction.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Send an email notification to all registered users.
  • Display an in-app banner for 30 days following the change.

Continued use of the service after the effective date of changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests related to this Privacy Policy:

SignSafe Technologies Pvt. Ltd.

Bengaluru, Karnataka, India

support@signsafe.in
Email us

Also read our Terms of Service

Governs your use of the SignSafe platform.

View Terms