SimplySign

Privacy Policy

Last updated: December 10, 2025

1. Introduction

SimplySign ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our free electronic signature service. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you use our service:

  • Full name (as provided for contract signing)
  • Email address (for sending magic links and notifications)
  • IP address (for signature verification and legal validity)
  • Browser and device information (user agent)
  • Timestamp of signature

2.2 Contract Data

We store the contract content you create, including titles and terms. This data is necessary to provide our electronic signature service.

2.3 Cookies and Tracking

We use Google Analytics to understand how visitors interact with our website. This involves cookies that collect anonymized usage data. You can opt out of analytics tracking through our cookie consent banner.

3. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing is necessary to provide the electronic signature service you requested.
  • Consent: For analytics and non-essential cookies, we obtain your explicit consent.
  • Legitimate Interests: To maintain security, prevent fraud, and improve our services.
  • Legal Obligations: To comply with applicable laws and regulations.

4. How We Use Your Information

  • To create and manage electronic contracts
  • To send magic link emails for contract signing
  • To verify signatures with IP and timestamp data
  • To ensure legal validity of signed contracts
  • To improve our service through analytics
  • To communicate important updates about your contracts

5. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Request correction of inaccurate data.
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: Request limitation of data processing.
  • Right to Data Portability: Receive your data in a portable format.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.

To exercise these rights, contact us at privacy@simplysign.net.

6. Your Rights Under CCPA

California residents have the following rights:

  • Right to know what personal information is collected
  • Right to know whether personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access personal information
  • Right to equal service and price (non-discrimination)

We do not sell your personal information to third parties.

7. Data Retention

We retain contract data and associated personal information for as long as necessary to fulfill the purposes outlined in this policy, typically for the duration required to maintain legal validity of signed contracts. You may request deletion of your data at any time, subject to legal retention requirements.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, secure data storage, and access controls. All contracts are cryptographically hashed using SHA-256 to ensure integrity.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

10. Third-Party Services

We use the following third-party services:

  • Supabase: Database and authentication services
  • Resend: Email delivery for magic links
  • Google Analytics: Website analytics (with your consent)

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

Email: privacy@simplysign.net