SiglotBack to Home

Legal

Privacy Policy

Last updated: March 8, 2026

The short version

  • We only collect what we need to run the service.
  • We never sell your data.
  • We don't use your documents to train AI models.
  • You can request your data or ask us to delete it at any time.
  • Marketing emails are opt-in only — unsubscribe anytime.

1. Who We Are

Siglot ("we," "our," "us") operates the e-signature platform at siglot.com. We're the data controller for personal data collected through the Service. For any privacy questions, email us at [email protected].

2. What We Collect

Account information

Your name, email address, and (hashed) password when you register. Billing name and address if you subscribe — card details go directly to Stripe and never touch our servers.

Documents and signatures

The documents you upload, signatures, field values, and audit trail data (timestamps, IP addresses, actions taken). This is processed solely to provide the Service.

Recipient information

Names and email addresses of people you send documents to, collected when you create a send. Signers' IP addresses and timestamps are captured in the audit trail.

Usage data

Pages visited, features used, browser and device type, and IP address — used to improve the Service and detect abuse.

Communications

Messages you send us through support or email, kept to help us respond and improve.

3. Why We Use It

  • To provide and operate the Service
  • To process payments and manage your subscription
  • To send signing invitations, OTP codes, and completion notices
  • To send service updates and security alerts
  • To respond to your support requests
  • To detect and prevent fraud and abuse
  • To improve the Service through anonymised analytics
  • To comply with legal obligations
  • To send marketing emails — only with your consent, opt out anytime

4. Who We Share It With

We don't sell your data. We share it only with:

Service providers

Companies that help us run the Service — including Supabase (infrastructure), Stripe (payments), email providers, and third-party AI providers (when you use AI features). They process data on our behalf and can't use it for their own purposes.

Document parties

When you send a document, the document and relevant details are shared with the recipients you designate. Completed documents are accessible to all signing parties.

Legal requirements

If required by law, court order, or to protect the safety of our users or the public. We'll notify you where legally permitted.

Business transfers

If Siglot is acquired or merges with another company, your data may be transferred. We'll give you notice before that happens.

5. AI Features

If you use AI-powered features, document content is sent to a third-party AI provider for processing. We instruct those providers not to use your data for model training. We don't use your documents to train any AI models ourselves.

AI output is informational only — not legal advice. AI features are optional and don't affect core signing functionality.

6. Cookies

We use cookies to keep you logged in and remember your preferences (essential), and optionally for analytics to understand how the Service is used. We don't use advertising or tracking cookies.

You can control cookies in your browser settings. Blocking essential cookies will prevent the Service from working.

7. How Long We Keep It

Account data — kept while your account is active, deleted within 90 days of account closure.

Documents & audit trails — kept for up to 7 years to support legal enforceability of signed contracts.

Billing records — kept for up to 7 years to comply with tax law.

Support messages — kept for up to 3 years.

8. Security

We encrypt all data in transit (TLS) and at rest (AES-256). Access to personal data is restricted to authorised staff. We use OTP verification for signer authentication and maintain audit logs of all access.

No system is 100% secure. If you discover a security issue, please report it to [email protected].

9. Your Rights

Depending on where you live, you have the right to access, correct, delete, or export your personal data; restrict or object to how we use it; and withdraw any consent you've given. To exercise any of these rights, email us at [email protected]. We'll respond within 30 days.

GDPR / UK GDPR. If you're in the EEA or UK, we process your data based on contract performance, legitimate interests, your consent, or legal obligation — whichever applies. You can complain to your local data protection authority (e.g. the ICO in the UK) if you're unhappy with how we handle your data.

California (CCPA). We don't sell your personal information. California residents can request a copy of their data, ask us to delete it, or opt out of any future sale (there is none). Email us with the subject line "CCPA Request."

International transfers. Your data may be stored or processed outside your country. Where required, we use Standard Contractual Clauses to protect transfers from the EEA or UK.

10. Children

Siglot is not for anyone under 18. We don't knowingly collect data from children. If you believe we have, please contact us and we'll delete it promptly.

11. Changes

We may update this policy from time to time. We'll email you at least 14 days before any material change takes effect.

12. Contact

Privacy questions & data requests

[email protected]