Privacy Policy

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate and deliver legal documents based on your inputs
• Process payments and manage subscriptions
• Facilitate electronic signature workflows
• Connect you with attorneys for document reviews
• Send transactional emails (confirmations, signatures, receipts)
• Provide customer support and respond to inquiries
• Detect and prevent fraud, abuse, and security threats
• Analyze usage patterns to improve the platform
• Send marketing communications (with your consent)
• Comply with legal obligations

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you have requested (account creation, document generation, payment processing)
• Consent: Processing based on your explicit consent (marketing communications, non-essential cookies, analytics)
• Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, service improvement, security), balanced against your privacy rights
• Legal Obligation: Processing necessary to comply with legal requirements (tax records, regulatory compliance, law enforcement requests)

You may withdraw consent at any time through your account settings or by contacting us. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

We do not sell your personal data. We may share your information in the following limited circumstances:

• Service Providers: Third-party services that help us operate the platform (Supabase for data storage, PayPal for payments, Resend for email, Anthropic for AI)
• Attorneys: When you request an attorney review, relevant document data is shared with the reviewing attorney
• Signatories: When you send a document for e-signature, the document is shared with designated signers
• Team Members: If you use team features, shared documents are accessible to team members based on permissions
• Legal Requirements: When required by law, regulation, legal process, or governmental request
• Business Transfer: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards

All third-party service providers are required to protect your data and are prohibited from using it for purposes other than providing services to us.

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

• Active accounts: Data is retained for the duration of your account
• Deleted accounts: Personal data is deleted or anonymized within 30 days of account deletion
• Transaction records: Retained for 7 years for tax and legal compliance
• Signature audit trails: Retained for 10 years to ensure long-term legal validity
• Usage analytics: Anonymized data may be retained indefinitely for service improvement

Under GDPR, CCPA, and other applicable privacy laws, you have the following rights regarding your personal data:

You can exercise these rights through your Account Settings:

• Data Export: Download all your data from Settings > Data & Privacy > Export My Data
• Account Deletion: Delete your account from Settings > Data & Privacy > Delete My Account

We will respond to all rights requests within 30 days. You also have the right to lodge a complaint with your local data protection authority.

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, security tokens, session management). These cannot be disabled.
• Functional Cookies: Remember your preferences (language, theme, recently viewed documents). Can be disabled.
• Analytics Cookies: Help us understand how users interact with the platform to improve the experience. Can be disabled.
• Marketing Cookies: Used to deliver relevant content and measure campaign effectiveness. Can be disabled.

You can manage your cookie preferences at any time through the cookie consent banner or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of the Service.

We implement industry-standard security measures to protect your data:

• All data is encrypted in transit using TLS 1.2+
• Data at rest is encrypted using AES-256
• Two-factor authentication (2FA) is available for all accounts
• Regular security audits and vulnerability assessments
• Row-level security policies on all database tables
• Automatic session timeouts for inactive users
• Rate limiting on all API endpoints
• Document integrity verification using SHA-256 hashing

While we strive to protect your data, no method of transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such information. If you believe we have collected information from a minor, please contact us.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on the Service
• Updating the "Last updated" date at the top of this page
• Sending an email notification for significant changes
• Displaying an in-app notification

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

For privacy-related inquiries, requests, or concerns:

Our designated Data Protection Officer (DPO) can be contacted for any questions or concerns regarding our data processing activities:

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.