Privacy Policy

Effective date: May 1, 2026

1. Introduction

AmendSign ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (amendsign.com) and services. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: name, email address, and password when you register.
  • Billing Information: payment card details processed securely through Stripe (we do not store full card numbers).
  • Document Data: PDF files you upload and content you enter into forms for e-signature, filling, or editing purposes.
  • Communications: any messages you send to us via contact forms, email, or support channels.

2.2 Automatically Collected Information

  • Usage Data: pages visited, features used, time spent, and interaction patterns.
  • Device Data: browser type, operating system, IP address, and device identifiers.
  • Cookies: essential session cookies for authentication, plus optional analytics cookies (see Section 7).

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our e-signature and document editing services.
  • Process transactions and send billing-related communications.
  • Send account notifications, updates, security alerts, and support messages.
  • Detect, prevent, and address fraud, abuse, or technical issues.
  • Comply with legal obligations and enforce our Terms of Service.
  • Analyze usage patterns to improve user experience (aggregate, anonymized data only).

4. Document Privacy

Documents you upload to AmendSign are processed for the sole purpose of providing the requested service (e-signing, filling forms, editing, etc.):

  • Documents are encrypted at rest (AES-256) and in transit (TLS 1.3).
  • We do not sell, share, or mine your document contents for any purpose unrelated to service delivery.
  • Completed documents are stored only as long as your account remains active. Documents are purged within 30 days of account deletion.
  • Signatory data (names, IPs, timestamps) is retained in audit logs as required for legal validity of e-signatures.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data only in these limited circumstances:

  • Service Providers: trusted third parties who help us operate the platform (hosting AWS, payment Stripe, email SendGrid) — bound by data processing agreements.
  • Legal Compliance: if required by law, subpoena, or governmental request.
  • Business Transfers: in connection with a merger, acquisition, or asset sale, with notice to you.
  • With Your Consent: in any other scenario, only with your explicit permission.

6. Data Retention

We retain your personal information only as long as necessary to provide the Service and fulfill the purposes described in this policy:

  • Account data: retained while your account is active, plus 90 days after deletion for legal and audit purposes.
  • Documents: retained while your account is active; purged within 30 days of deletion unless archived by you.
  • Audit logs: retained for a minimum of seven years to support legal enforceability of e-signatures.
  • Payment records: retained per applicable financial regulations (typically 7 years).

7. Cookies and Tracking

We use essential cookies to keep you signed in and protect your session. We do not use third-party advertising cookies or trackers.

  • Essential cookies: authentication tokens, CSRF tokens, and session preferences. These are required for the Service to function.
  • Analytics cookies (optional): we may use anonymized analytics to understand aggregate usage patterns. You can disable these via the cookie banner.
  • Cookie preferences: stored in localStorage; lasts indefinitely unless you clear your browser data.

You can control cookies through your browser settings. Blocking essential cookies may prevent you from using authenticated features of the Service.

8. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of your personal data we hold.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your data ("right to be forgotten").
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw Consent: withdraw consent at any time where processing is consent-based.
  • Non-Discrimination: exercise these rights without discrimination.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

9. Security

We implement industry-standard security measures to protect your data:

  • AES-256 encryption at rest for all stored documents and user data.
  • TLS 1.3 encryption for all data in transit.
  • Regular security audits and penetration testing.
  • Role-based access controls and multi-factor authentication for internal systems.
  • Automatic session timeouts and brute-force protection.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Children’s Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us immediately.

11. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer, subject to applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email (to the address associated with your account) or by a prominent notice on our website. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights:

Email: [email protected]
Data Protection Officer: DPO c/o AmendSign
Response time: within 30 calendar days