Skip to main content

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy describes how SignedAI (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website at signedai.app, our application, and our services (collectively, the “Service”). SignedAI is an AI-powered document generation tool that helps freelancers create proposals, contracts, and onboarding questionnaires.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide Directly

  • Account information: Name, email address, and password when you create an account.
  • Document generation inputs: Client names, project descriptions, budgets, timelines, and other details you enter when generating proposals, contracts, or questionnaires.
  • Payment information: Billing details processed by our payment provider, Stripe. We do not store your full credit card number.
  • Communications: Messages you send us through our contact form or support channels.

Information Collected Automatically

  • Usage data: Pages visited, features used, document generation counts, and interaction patterns.
  • Device information: Browser type, operating system, and screen resolution.
  • IP address: Used to approximate geographic location and prevent abuse.
  • Analytics data: Collected via PostHog to understand how the Service is used and to improve it.

Information from Third Parties

  • Authentication providers: If you sign in with Google or another social login, we receive your name and email address from that provider.
  • Payment confirmation: Stripe provides us with transaction status and subscription details (not your full card number).

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Process document generation requests via our AI provider (Anthropic Claude).
  • Process payments and manage your subscription.
  • Send transactional emails (account verification, receipts, document notifications) via Resend.
  • Analyze usage patterns to improve the Service via PostHog.
  • Respond to your support requests and communications.
  • Enforce our Terms of Service and prevent fraud or abuse.
  • Comply with legal obligations.

3. AI-Specific Disclosures

When you generate documents, your inputs (such as project descriptions, client details, and preferences) are sent to Anthropic’s Claude API to produce proposals, contracts, and questionnaires. Here is how your data is handled in this process:

  • Your data is not used to train AI models. Under Anthropic’s commercial API terms, customer data submitted through the API is not used to train or improve their AI models.
  • Inputs are structured as JSON. Your information is passed as structured data, not interpolated as raw strings, to protect against prompt injection.
  • We do not use your content to train our own models. Your documents, inputs, and generated content are never used to train any machine learning model.
  • Your generated documents belong to you. All generated proposals, contracts, and questionnaires are yours to use, modify, and distribute as you see fit.

4. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-contextual behavioral advertising. We share your information only with the following categories of service providers, solely to operate the Service:

  • Anthropic — AI document generation (receives your form inputs to generate documents).
  • Supabase — Database hosting and user authentication.
  • Stripe — Payment processing and subscription management.
  • Resend — Transactional email delivery.
  • PostHog — Product analytics.
  • Vercel — Application hosting.
  • Cloudflare — DNS and content delivery.

We may also share your information:

  • For legal reasons: To comply with applicable law, legal process, or governmental request.
  • To protect rights and safety: To enforce our Terms of Service, protect our rights, privacy, safety, or property, and protect against fraud or abuse.
  • In a business transfer: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With your consent: For any other purpose with your explicit consent.

5. Cookies and Tracking Technologies

We use essential cookies to maintain your authenticated session and remember your preferences. Our analytics provider, PostHog, may use cookies or cookieless tracking to collect usage data.

  • Essential cookies: Required for authentication and core functionality. Cannot be disabled.
  • Analytics: Used to understand how the Service is used and to improve it.

We do not use advertising cookies or tracking pixels. We do not currently respond to “Do Not Track” browser signals, as there is no industry standard for how to do so.

6. Data Retention

  • Account data: Retained while your account is active.
  • Generated documents: Retained until you delete them or your account is terminated.
  • After account deletion: Your personal information is deleted from active systems within 30 days and from backups within 90 days.
  • Payment records: Retained as required by financial regulations and tax law.
  • Aggregated data: Anonymized, aggregated data (which cannot identify you) may be retained indefinitely for analytics purposes.

7. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS) and at rest.
  • Database-level Row Level Security (RLS) to isolate user data.
  • PCI DSS-compliant payment processing through Stripe.
  • Secure authentication via Supabase Auth.

However, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.

8. Your Rights and Choices

All Users

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate information.
  • Deletion: Delete your account and associated data at any time.
  • Export: Download your generated documents in PDF or Word format.
  • Opt out: Unsubscribe from marketing communications (transactional emails required for service operation cannot be opted out of).

European Economic Area, UK, and Swiss Residents

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal bases: We process your data based on: performance of our contract with you (providing the Service), our legitimate interests (improving the Service, preventing fraud), your consent (where applicable), and compliance with legal obligations.
  • Additional rights: Right to data portability, right to restrict processing, right to object to processing, and the right to withdraw consent at any time.
  • Complaints: You have the right to lodge a complaint with your local data protection supervisory authority.
  • Data transfers: Your data may be transferred to the United States. We rely on Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework to safeguard these transfers.

California and US State Residents

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete your personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information. We do not sell or share your personal information.
  • Right to non-discrimination for exercising your rights.

Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with consumer privacy laws have similar rights. To exercise your rights, contact us at support@signedai.app.

9. International Data Transfers

Your information may be transferred to and processed in the United States, where our service providers are located. When we transfer data outside the EEA, UK, or Switzerland, we use appropriate safeguards including Standard Contractual Clauses and the EU-US Data Privacy Framework.

10. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 16, we will take steps to delete it promptly. If you believe a child has provided us with personal information, please contact us at support@signedai.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date and, where appropriate, by sending you an email notification. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, your data, or your rights, contact us at:

SignedAI
Email: support@signedai.app

We aim to respond to all requests within 30 days.