Zsign

Privacy Policy

Last updated: March 2026

1. Introduction

ZSign, Inc. (“ZSign,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the “Service”).

This policy complies with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, and profile details when you create an account.
  • Document Content: Documents, templates, and signature data you create or upload.
  • Payment Information: Billing details processed through Stripe. We do not store full credit card numbers on our servers.
  • Communications: Information you provide when contacting support or providing feedback.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, click patterns, and session duration.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • Log Data: IP addresses, access timestamps, referring URLs, and error logs.
  • Cookies & Similar Technologies: See our Cookie Policy for details.

2.3 Signature Audit Data

When documents are signed through ZSign, we collect signer identification data including name, email address, IP address, browser fingerprint, timestamp, and geolocation (where available) to create a legally defensible audit trail.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related communications.
  • Create and maintain audit trails for electronic signatures.
  • Send transactional emails (signature requests, reminders, receipts).
  • Provide customer support and respond to inquiries.
  • Analyze usage patterns to improve user experience and develop new features.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations.

4. Data Sharing & Third-Party Services

We do not sell your personal data. We share information only as described below:

ProviderPurposeData Shared
SupabaseAuthentication, database, file storageAccount data, documents, signatures
StripePayment processingName, email, billing & payment details
ResendTransactional email deliveryName, email address, email content
PostHogProduct analyticsAnonymized usage data, device info, IP address

Each third-party provider processes data in accordance with their own privacy policies and under data processing agreements with ZSign. We may also disclose information when required by law, court order, or to protect our rights and safety.

5. Cookies & Tracking Technologies

We use the following types of cookies:

  • Essential Cookies: Required for authentication, security, and core functionality. Cannot be disabled.
  • Analytics Cookies: Help us understand how you use ZSign (powered by PostHog). Can be opted out.
  • Preference Cookies: Remember your settings like theme and language. Can be opted out.

We do not use advertising or third-party tracking cookies. For complete details, see our Cookie Policy.

6. Data Retention

  • Account Data: Retained for the duration of your account and for 30 days after deletion to allow recovery.
  • Documents & Signatures: Retained while your account is active. Signature audit trails are retained for a minimum of 7 years for legal compliance.
  • Analytics Data: Anonymized analytics data is retained for up to 24 months.
  • Payment Records: Retained as required by tax and financial regulations (typically 7 years).

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Under GDPR (EEA/UK Residents)

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Portability: Request your data in a structured, machine-readable format.
  • Right to Restrict Processing: Request limitation of how we process your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Under CCPA (California Residents)

  • Right to Know: Request disclosure of the personal information we collect, use, and share.
  • Right to Delete: Request deletion of your personal information.
  • Right to Opt-Out: We do not sell personal information; however, you may opt out of analytics tracking.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at privacy@zsign.com. We will respond within 30 days (or as required by applicable law).

8. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls and principle of least privilege for internal access.
  • Regular security audits and vulnerability assessments.
  • Secure, SOC 2 compliant infrastructure providers.
  • Incident response procedures with breach notification within 72 hours as required by GDPR.

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data from the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Data Processing Agreements with all sub-processors.
  • Additional supplementary measures where necessary.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 18, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@zsign.com.

11. Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes, we will notify you by email and/or by posting a prominent notice on the Service at least 30 days before the changes take effect. The “Last Updated” date at the top reflects the most recent revision.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ZSign, Inc. — Data Protection

Privacy inquiries: privacy@zsign.com

General support: support@zsign.com

Data Protection Officer: dpo@zsign.com

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.