Privacy Policy

signaturin is an email signature management platform for Google Workspace. We help administrators design, assign, and deploy on-brand email signatures across their organization. To do that well, we work with a small amount of data — most of it your directory data, all of it under your control.

This Privacy Policy explains, in plain language, what we collect, why, how long we keep it, and what choices you have. We wrote it to be read by a human, not a lawyer. If anything is unclear, we want to fix it — write to us at the address at the bottom of the page.

“signaturin”, “we”, “us”, and “our” refer to the operator of the signaturin service, available at signaturin.com. We are the data controller for personal data we process about our customers (e.g. the administrators using the product), and a data processor on behalf of our customers for personal data we process about their employees that flows through the platform.

Legal entity, registered address, and Data Protection Officer (where applicable) are listed at the end of this document. If you would like to contact us about anything in this policy, the fastest path is email — we monitor that inbox closely.

This policy covers the signaturin website (signaturin.com and subdomains), the signaturin web application, and any APIs we offer. It does not cover third-party services that you may use alongside signaturin (for example, Google Workspace itself, your payment card issuer, or your own email recipients). Those services have their own privacy policies, which we encourage you to read.

We try to collect the minimum that lets the product work well. The categories below are exhaustive — if we ever start collecting something new, we update this policy and tell you.

Account information

When you sign in with Google, we receive your name, email address, profile image, language preference, and a stable identifier (your Google subject ID). We use these to create and secure your signaturin account. We do not request, see, or store your Google password.

Google Workspace data

If you grant signaturin access to your Google Workspace, we read the parts of it that are necessary to deploy signatures — and only those parts. Specifically:

• Directory information: user names, email addresses, job titles, departments, phone numbers, profile photos, organizational units, and group memberships. We use this to populate template variables and to scope signature assignments.
• Gmail sendAs settings: we read and write the “send-as” signature for users you instruct us to. We do not read, store, or transmit the contents of any email message, attachment, draft, or thread. We do not have permission to read your inbox, and we do not request that permission.
• Tokens: we store an encrypted OAuth refresh token (when you grant domain-wide consent) so we can keep signatures in sync. You can revoke it at any time from your Google Workspace admin console.

Customer-provided content

Anything you upload, type, or generate inside the product — signature templates, brand kits, logos, banner images, campaign copy, links — is content you own. We process it on your behalf so the product works.

Usage and device data

We log a limited amount of operational telemetry: pages visited, features used, time of action, IP address, browser type, and device class. We use this to keep the service reliable, debug issues, prevent abuse, and improve the product. Telemetry is retained for a short window (see Retention below).

Click analytics for signatures

When your customers or recipients click a tracked link inside an email signature, our redirect endpoint records the click — link identifier, timestamp, and a coarse country derived from the IP. We do not place tracking cookies on those visitors and we do not build profiles of them. The signature recipient is not the data subject of an account with us; we keep the analytics minimal on purpose.

Billing data

If you subscribe to a paid plan, our payment processor (Stripe) handles your card details directly. We never receive or store full card numbers. We do receive the metadata needed for invoicing: company name, billing address, plan, seat count, currency, and Stripe customer ID.

Support communications

If you email us or chat with us, we keep the message thread so we can help you and improve our support quality.

signaturin’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

• We use Google user data only to provide or improve user-facing features that are prominent in the signaturin user interface.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read Google user data unless we have your affirmative agreement for specific messages, we need to do so for security purposes (such as investigating abuse), to comply with applicable law, or for signaturin internal operations — and even then only when the data has been aggregated and anonymized.

The full Google API Services User Data Policy is published by Google and applies in addition to this document.

We process the information described above for the following purposes:

• Provide the service: render signatures, sync your directory, push signatures to Gmail send-as, schedule campaigns, and surface analytics.
• Authenticate users and secure the platform against fraud, abuse, and unauthorized access.
• Communicate with you: account notifications, security alerts, billing receipts, product updates, and (occasionally, only with consent or where permitted) marketing emails you can unsubscribe from at any time.
• Improve the product: understand which features get used, fix bugs, plan a roadmap. Where possible, we work with aggregated or pseudonymized data.
• Run our business: billing, accounting, tax, audit, and meeting our legal obligations.

Under the GDPR, the legal bases we rely on are: performance of a contract (delivering the service you signed up for), legitimate interests (running and securing a useful product), consent (where we ask for it), and compliance with legal obligations.

Some features — signature drafting, brand extraction, copy suggestions — use large language models. When you use those features, the relevant inputs (your prompt, your brand kit, the template being generated) are sent to the AI provider that powers the feature.

We currently use Anthropic (Claude) and Google (Gemini) as AI sub-processors. We contract with them to ensure that your prompts and outputs are not used to train their foundation models. We do not feed the contents of your inbox, your directory data, or your employees’ personal data into AI features unless you explicitly ask the feature to operate on that data.

We share information only in the limited ways described below, and never sell it.

• Sub-processors: vetted vendors that help us run the service — hosting, database, email delivery, error monitoring, analytics, AI, payments. A current list is available on request and is referenced below.
• Within your organization: signaturin is an admin tool. Other administrators in your organization can see administrative actions, including yours.
• Legal and safety: we may disclose information if required by law, court order, or government request, or to protect rights, property, or safety. Where we are legally permitted, we will notify you first.
• Corporate events: in connection with a merger, acquisition, financing, or sale of assets, information may be transferred to the relevant party, subject to confidentiality obligations and notice to you.

Current sub-processors

• Cloud hosting and database (compute, PostgreSQL, Redis, object storage).
• Stripe — payments and subscription billing.
• Anthropic — AI signature generation and brand assistance.
• Google — Workspace APIs (Directory, Gmail Settings) and Gemini AI features.
• Resend — transactional email (onboarding, alerts, invoices).
• Sentry — error and performance monitoring.
• PostHog — product analytics (privacy-respecting configuration).

We keep personal data only as long as we need it for the purposes described in this policy, then we delete or anonymize it.

• Account data: kept while your account is active. If you delete your account, we delete or anonymize associated personal data within 30 days, except where we are legally required to retain certain records (for example, financial records).
• Directory and Gmail send-as data: kept while your Workspace is connected. When you disconnect or revoke access, we delete this data within 30 days.
• OAuth refresh tokens: kept until revoked. Revocation is instant.
• Click analytics: kept in detailed form for 13 months, then aggregated.
• Operational logs: kept for up to 90 days for security and debugging.
• Billing records: kept for as long as required by tax and accounting law in our jurisdiction (typically 7–10 years).
• Support communications: kept for up to 3 years, then deleted.

We design signaturin with security as a foundational concern, not a feature. The controls below describe what we do today; we publish a public security overview that we keep current as our practices evolve.

• Encryption in transit: all traffic between you and signaturin runs over TLS 1.2+.
• Encryption at rest: customer data and OAuth tokens are encrypted at rest.
• Least-privilege access: production access is limited to a small number of engineers, gated by MFA, and audited.
• Isolation: customer data is logically isolated and scoped by organization at the application layer.
• Backups: encrypted, retained for a limited window, restorable in disaster scenarios.
• Vulnerability management: dependency scanning, code review, and periodic third-party security testing as we scale.
• Incident response: we maintain an incident response plan and will notify affected customers and regulators in accordance with applicable law if a personal data breach occurs.

No system is perfectly secure. If you believe you have found a vulnerability, please email security@signaturin.com — we read those quickly and respond.

Depending on where you live, you may have rights over the personal data we hold about you. These typically include the right to:

• Access the personal data we hold about you, and receive a copy of it.
• Correct inaccurate or incomplete data.
• Delete your data (sometimes called the “right to be forgotten”).
• Object to processing, or ask us to restrict it, in certain circumstances.
• Port your data to another provider in a structured, machine-readable format.
• Withdraw consent at any time, where consent was the basis for processing.
• Lodge a complaint with your local data protection authority. We would always prefer the chance to resolve the issue with you first.

If you are a resident of California, you have additional rights under the CCPA/CPRA, including the right to know what categories of personal information we collect, the right to delete, the right to correct, and the right to opt out of any “sale” or “sharing” of personal information. signaturin does not sell or share personal information as those terms are defined in the CCPA.

To exercise any of these rights, email privacy@signaturin.com. We will respond within the time required by applicable law (typically 30 days). We may need to verify your identity before acting on a request.

signaturin serves customers globally and our sub-processors are located in multiple regions, primarily the European Economic Area and the United States. When personal data is transferred outside your country, we put in place appropriate safeguards — typically the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, and similar mechanisms — and we evaluate the laws of the destination country to confirm an essentially equivalent level of protection.

Where possible, we choose data residency options that keep data closer to where you are based.

We use a small number of cookies and similar technologies for the application to work and to understand product usage. We do not use advertising or cross-site tracking cookies.

• Strictly necessary: authentication session, CSRF protection, OAuth state. These are set when you sign in and cannot be turned off without breaking the service.
• Preferences: remembering your theme and language. Optional.
• Product analytics: PostHog cookies that help us understand which features are used. You can opt out from the in-app settings page.

The signaturin marketing site (signaturin.com) uses only strictly necessary cookies by default. If we ever add anything else, we will surface a consent banner first.

signaturin is a B2B product, not designed for children, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

We update this policy when our product or our practices change. For material changes, we will notify customers by email or via an in-app banner at least 14 days before the change takes effect. The current version, with its last-updated date, is always available at this URL.

For privacy questions, data requests, or anything else covered by this policy, contact us at:

• Privacy: privacy@signaturin.com
• Security: security@signaturin.com
• General: hello@signaturin.com