Privacy Policy

Last Updated: February 16, 2026

1. Collection of Personal Data

SignDocs ("getsigndocs.com") collects certain Personal Data from its Users in order to provide its electronic signature services.

2. Owner and Data Controller

SignDocs is operated by Knight Security PTE LTD Any reference to "SignDocs", "we", "us", or "our" within this Privacy Policy refers to Lololo Systems Ltd. as the legal entity responsible for operating the Service.

Contact Email: [email protected]

3. Types of Data Collected

The types of Personal Data collected by SignDocs, either directly or through third parties, include:

Basic user information:

  • Email address
  • Full name
  • Google account profile information

Google-related data:

  • Content from Google Docs that you choose to use with our service
  • Document metadata necessary for signature field placement
  • Access permissions to manage documents in your account

Service usage data:

  • Document signing activities and audit trails
  • Signature data (drawn, typed, or uploaded signatures)
  • Service interaction logs

Payment data:

  • Subscription and billing information (processed securely by Stripe)
  • We do not store credit card numbers on our servers

3a. Google User Data

When you grant SignDocs access to your Google account data, we handle this information with utmost care and transparency:

Access and Usage:

  • We access your Google Docs to read document content for signature field placement
  • We insert and manage signature fields within your documents
  • We only process the minimum data necessary to provide our e-signing service
  • We do not access or modify any other Google Drive contents beyond what you explicitly share

Data Storage:

  • Document PDFs are stored securely in encrypted cloud storage (Cloudflare R2) for signing workflows
  • Signature images are stored securely for reuse across documents
  • Audit trail data is retained for the duration of your account

Data Sharing:

  • We do not share your Google user data with any third parties
  • We do not use your Google data for advertising purposes
  • We do not combine Google user data with data from other sources
  • Limited sharing only occurs when required by law, to protect our rights, or with service providers under strict confidentiality agreements

User Control:

  • You can revoke our access to your Google account at any time
  • You can request deletion of any data associated with your account
  • You can view and manage app permissions in your Google Account settings

3b. Data Protection Mechanisms

We implement comprehensive security measures to protect your data:

Technical Measures:

  • End-to-end encryption for data transmission using industry-standard protocols (TLS/HTTPS)
  • Data encryption at rest
  • Row-Level Security (RLS) policies enforced at the database level
  • JWT-based authentication with secure token handling

Organizational Measures:

  • Strict access control policies based on the principle of least privilege
  • Processing is limited to what's necessary for service provision
  • Clear data retention and deletion policies

4. Mandatory Data

Unless specified otherwise, all Data requested by SignDocs is mandatory. Failure to provide this Data may make it impossible for SignDocs to provide its services. In cases where SignDocs specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or functioning of the Service.

5. Cookies and Tracking Tools

SignDocs may use cookies or other tracking tools for providing the Service required by the User, in addition to other purposes described in this document. The Google Workspace Add-on operates within Google's environment and follows Google's cookie policies.

6. Processing of Data

Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. The Data may be accessible to certain types of persons in charge, involved with the operation of SignDocs, or external parties appointed as Data Processors by the Owner.

7. Legal Basis of Processing

We may process Personal Data relating to Users based on various legal bases, including consent, performance of an agreement, compliance with legal obligations, public interest, or legitimate interests pursued by the Owner or a third party.

8. Place of Processing

Data is processed using cloud infrastructure providers including Supabase (PostgreSQL database), Cloudflare R2 (document storage), and Stripe (payment processing). Data transfers may involve transferring Data to a country other than the User's own.

9. Retention Time

Personal Data is processed and stored for as long as required by the purpose for which it was collected. We may retain Personal Data for a longer period if consent is given or when required by law. Signature data and audit trails are retained for the duration of your account to ensure document integrity.

10. Purposes of Processing

Personal Data is collected for purposes such as providing the e-signing Service, managing subscriptions, sending signing notifications via email, maintaining audit trails, complying with legal obligations, and detecting malicious or fraudulent activity.

11. Rights of Users

Users have various rights regarding their Data, including the right to withdraw consent, object to processing, access, rectify, restrict processing, request erasure, and receive Data in a portable format. Users can also lodge complaints with their competent data protection authority.

12. Changes to the Privacy Policy

We reserve the right to make changes to this privacy policy at any time by notifying Users on this page. It is recommended to check this page often for updates.