SigningVaultSigningVault

Legal

Privacy Policy

Last updated: 29 April 2026

1. Who we are

SigningVault is operated by [YOUR COMPANY NAME] Ltd, a company registered in England & Wales (company no. [COMPANY NUMBER]), with its registered office at [REGISTERED ADDRESS](collectively "SigningVault", "we", "us", "our"). For UK GDPR purposes the data controller is [YOUR COMPANY NAME] Ltd.

This Privacy Policy explains how we collect, use and protect personal data when you use our website, app and services. We act as a data controller for account information and as a data processor for the documents and recipient data you upload.

2. Data we collect

  • Account data: name, email, password hash, billing details.
  • Document data: agreements you draft, send and store.
  • Signer data: recipient names, emails, phone numbers, IP addresses, user-agent, geolocation (where permitted), signing timestamps.
  • Usage data: pages viewed, features used, error logs.
  • Cookies: strictly necessary cookies for authentication; optional analytics cookies with consent.

3. Why we use your data

  • To provide the service (drafting, sending, signing, storing).
  • To produce a tamper-evident audit trail and certificate of completion.
  • To bill and manage your subscription.
  • To send transactional notifications (signing requests, reminders, completions).
  • To meet our legal obligations and prevent fraud or abuse.

We do not sell, rent or share your data with advertisers, and we do not train AI models on your documents.

4. Legal basis (GDPR / UK GDPR)

  • Contract: processing necessary to deliver the service to you.
  • Legitimate interest: security, fraud prevention, product improvement.
  • Legal obligation: tax, accounting and regulatory recordkeeping.
  • Consent: optional analytics, marketing emails.

5. Data residency & storage

Documents and personal data of EU/UK customers are stored in EU/UK regions by default. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Backups are encrypted and retained for 30 days.

6. Sub-processors

We use a small number of vetted sub-processors for hosting, email delivery, SMS delivery, payments and AI inference. A current list is available on request and published in the Trust Centre.

7. Retention

Signed documents and their audit trails are retained for as long as your account is active, plus 7 years thereafter (to support evidentiary needs of any party to the agreement), unless you request earlier deletion. Account data is deleted within 30 days of account closure.

8. Your rights

Under GDPR / UK GDPR you have the right to access, rectify, erase, restrict, port and object to processing of your personal data, and to lodge a complaint with a supervisory authority (e.g. the UK ICO). Contact privacy@signingvault.app to exercise your rights.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified by email or in-app at least 14 days before they take effect.

10. Contact

Privacy enquiries: privacy@signingvault.app