Privacy Policy

SignQuick ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our e-signature service at signquick.app. We are based in the European Union and comply with GDPR, eIDAS, and other applicable data protection regulations.

Account Information: Email address, name, and authentication data when you create an account. Document Metadata: File name, size, and creation date. We do NOT access document contents - documents are encrypted end-to-end. Signing Data: Signer names, email addresses, IP addresses, and timestamps for audit trail compliance. Usage Data: Page views and feature usage to improve our service. We do not use third-party analytics trackers. Payment Data: Processed securely by Stripe. We never store credit card numbers.

Provide and maintain the e-signature service Process and verify electronic signatures Generate legally-compliant audit trails Send signing notifications and reminders Process payments and manage subscriptions Improve our service based on aggregated usage patterns Comply with legal obligations

All data is stored on EU-hosted servers (Neon PostgreSQL in EU regions). Documents are encrypted using AES-256-GCM before being stored. For email/password users: encryption keys are derived client-side from your password (true end-to-end encryption). For social login users (Google): encryption keys are server-managed, providing encryption at rest. All data in transit is protected by TLS 1.3.

We do NOT sell, trade, or rent your personal data to third parties. We only share data with: - Stripe: For payment processing - Vercel: For hosting and edge delivery - Neon: For database hosting (EU region) All sub-processors are GDPR compliant and process data within the EU.

Documents: Free plan - 7 days, Starter - 30 days, Pro - 90 days. After retention period, documents are permanently and irreversibly deleted. Account Data: Retained as long as your account is active. Deleted within 30 days of account closure. Audit Trails: Retained for 1 year for legal compliance, then deleted. You can request immediate deletion of your data at any time.

Under GDPR, you have the right to: Access: Request a copy of all personal data we hold about you. Rectification: Correct any inaccurate personal data. Erasure: Request deletion of your personal data ("right to be forgotten"). Portability: Receive your data in a machine-readable format. Restriction: Restrict processing of your personal data. Objection: Object to processing of your personal data. To exercise any of these rights, contact us at privacy@signquick.app.

We use only essential cookies required for authentication and session management. We do NOT use tracking cookies, advertising cookies, or third-party analytics cookies. Essential cookies cannot be disabled as they are necessary for the service to function.

We may update this Privacy Policy from time to time. We will notify users of significant changes via email or in-app notification. The "last updated" date at the top indicates the most recent revision.

For privacy-related questions or to exercise your data rights: Email: privacy@signquick.app General: contact@signquick.app Publisher: SignQuick Hosting: Vercel Inc., 440 N Barranca Ave #4133, Covina, CA 91723, USA Database: Neon Inc. (EU regions) Data Protection Officer: privacy@signquick.app