Legal

Privacy Policy

Last updated: March 9, 2026

1. What We Collect

We collect the minimum data needed to provide the signing service:

  • Account information: email address, name, and payment method (processed by Stripe — we never see your full card number).
  • Documents: PDFs you upload for signing, stored encrypted on our servers.
  • Signing data: signer email addresses, IP addresses, timestamps, and browser/device information — required for legally binding audit trails.
  • Usage data: which features you use, how many signatures you send — for billing and service improvement.

2. How We Use Your Data

Your data is used solely to:

  • Provide the signing service
  • Generate legally required audit trails
  • Process payments
  • Send transactional emails (signing requests, confirmations)
  • Improve the service (aggregate, anonymized analytics)

3. What We Don't Do

We will never:

  • Sell your data to third parties
  • Share your documents with anyone except designated signers
  • Use your documents to train AI models
  • Display advertising
  • Share data with data brokers, analytics companies, or advertisers

4. Third-Party Services

We use a limited number of third-party services:

  • Stripe — payment processing. Subject to Stripe's privacy policy.
  • AWS — cloud infrastructure. Documents stored in encrypted S3 buckets.
  • PostHog — product analytics (anonymized usage patterns, not document content).

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

5. Cookies

We use essential cookies only — session authentication and security tokens. No tracking cookies. No third-party cookies. No cookie banner needed because we don't use non-essential cookies.

6. Data Retention

  • Signed documents: stored for 7 years (legal requirement for audit trails). You can download anytime.
  • Account data: kept while your account is active. Deleted within 30 days of account deletion request.
  • Usage data: anonymized after 24 months.

7. Your Rights

You have the right to:

  • Access: download all your data at any time (Settings → Export Data).
  • Delete: request full account deletion. All personal data removed within 30 days.
  • Export: export all documents, audit trails, and account data in standard formats (PDF, JSON).
  • Correct: update your account information at any time.
  • Object: opt out of anonymized analytics by emailing us.

8. GDPR Compliance

For EU residents: The Fair Company acts as a data controller. Our legal basis for processing is contract performance (providing the signing service you requested). You may exercise your rights under GDPR by emailing privacy@faircompany.ai.

9. CCPA Compliance

For California residents: We do not sell personal information. We do not share personal information for cross-context behavioral advertising. You may exercise your rights under CCPA by emailing privacy@faircompany.ai.

10. Children

FairSign is not intended for users under 18. We do not knowingly collect data from children.

11. Changes

We may update this policy. Material changes will be communicated via email at least 30 days before they take effect.

12. Contact

Privacy questions? Email privacy@faircompany.ai.