Privacy Policy

1. Overview

Sign PDF Cloud provides PDF template creation, document sending, recipient signing, reminders, email notifications, account management, and related business workflow tools. This Privacy Policy explains how we collect, use, store, and protect information when you use the website, application, public template library, signing links, and related services.

2. Information we collect

We collect account information such as name, email address, company name, password hash, timezone, plan, subscription status, notification preferences, and saved viewer settings. We also process documents, templates, recipients, signature fields, signed field values, uploaded PDFs, generated signed PDFs, API keys, request logs, email notification logs, billing event logs, and support or sales messages you send to us.

Recipients may provide names, email addresses, signatures, dates, text responses, checkbox selections, radio selections, dropdown selections, uploaded signature images, and other values needed to complete a document.

3. How we use information

We use information to create and manage accounts, authenticate users, save templates, deliver signing requests, identify recipients, complete documents, generate signed PDFs, send notifications and reminders, provide support, enforce plan quotas, maintain security, process billing, improve reliability, and comply with legal obligations.

4. Documents and signatures

Your uploaded documents and signed documents are processed so the service can render pages, place fields, collect signatures, and return completed files. You are responsible for ensuring you have the right to upload, send, and request signatures for the documents you use with the service.

5. Payments

Paid subscriptions are processed by Paddle or another configured payment provider. We may receive billing status, plan, customer identifiers, subscription identifiers, payment event metadata, and transaction status. We do not intentionally store full card numbers in our application database.

6. Email notifications

We send operational emails for signup, password reset, signing requests, reminders, completion notices, account changes, billing status, and support communications. Email notification logs may be retained to troubleshoot delivery and audit document workflow activity.

7. Sharing information

We share information with service providers only as needed to operate the service, such as hosting, email delivery, payment processing, storage, analytics, security, and support tooling. Document recipients receive signing links and document information needed to complete their assigned fields. We may disclose information if required by law, to protect rights and safety, or as part of a business transfer.

8. Cookies and persistent login

We use a small number of cookies that are strictly necessary to operate the service. We do not use advertising, tracking, or analytics cookies that profile you across other websites.

Session cookie (signpdf_session). When you log in we set a session cookie used to keep you signed in across pages, remember the workspace you have active, and protect form submissions with a CSRF token. The cookie stores a random session identifier only and is marked HttpOnly, Secure, and SameSite=Lax so it cannot be read by third-party scripts or sent on cross-site requests. The cookie has a 30 day lifetime and its expiration is refreshed every time you visit a page, so as long as you use the service at least once every 30 days you stay signed in. Logging out, clearing your browser cookies, or 30 days of inactivity will end the session and require you to log in again.

Other request-scoped values. A short-lived CSRF token is stored inside the same session record (not a separate cookie), and flash messages from one request to the next are also stored inside the session record. Recipients signing a document via an email link receive a one-time signing token in the URL, not in a cookie.

Controlling cookies. You can log out at any time from the account menu to delete the session cookie immediately. You can also clear cookies for our domain in your browser settings. Because the cookie is strictly necessary, the application cannot be used while logged in without it.

9. Security and retention

We use account authentication, CSRF protection, unique signing tokens, owner-scoped templates, hashed passwords, protected API keys, access controls, and operational logs. No online service can guarantee absolute security. We retain information for as long as needed to provide the service, meet legal and billing obligations, resolve disputes, enforce agreements, and maintain reliable document audit history.

10. Your choices

You can update account details, timezone, email preferences, and viewer settings from account settings. You may request access, correction, export, or deletion of personal information by contacting support. Some records may need to be retained where required for billing, security, fraud prevention, legal compliance, or completed document audit trails.

11. International use

By using the service, you understand that information may be processed in countries other than your own. Where required, you are responsible for ensuring your document workflows comply with applicable privacy, employment, healthcare, financial, consumer, and electronic signature laws.

12. Contact

Questions about privacy can be sent to support@signpdf.cloud.