Privacy Policy | SignalDocs

SignalDocs ("SignalDocs," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our platform, website, and related services (the "Service").

In summary: We collect and use your personal information to provide legal document drafting, analysis, Lex AI review, signing, and attorney review services. We never sell your personal information or use your documents to train AI models. Your data stays yours.

1. Information We Collect

Information you provide to us:

Account data: Name, email address, company name, professional title, and password.
Founder profile data: Company details, industry, stage, jurisdiction, and document preferences collected during onboarding.
Attorney profile data: Bar number, states licensed, practice areas, hourly rate, and professional biography collected during attorney onboarding. This information is used to vet and activate attorney accounts.
Payment data: Payment card information is collected directly by Stripe, our payment processor. We store only the last four digits of your card and billing details necessary to manage your subscription.
Document data: Legal documents, contracts, and other files you upload to or create within the Service, including extracted text, AI-generated analysis results, redline states, contract review results, and Lex AI review results.
Lex review data: When you request a Lex AI review, we create a review record (status, timestamps, and a reference to the document) to track the review lifecycle. The review result is stored as part of your document data as described above.
Signature data: When you sign a document through the Service, we store your signature in the form of a typed text string or a base64-encoded image of your drawn signature, associated with your account and the signed document.
Attorney review messages: Notes and messages exchanged between founders and attorneys during the review process.
Contact form submissions: Name, email, company, and message content submitted through our contact page.
Communications: Messages and feedback you send to us through the Service or support channels.

Automatic data collection:

Device data: Browser type, operating system, IP address, device identifiers, and general location (city/state).
Usage data: Pages viewed, features used, session duration, navigation paths, document statuses, AI feature interactions, and API usage logs (model, token counts, and estimated cost — used internally for platform analytics).
Cookies: We use cookies and similar technologies (local storage, session tokens) to authenticate your session, remember your preferences, and analyze platform usage.

2. How We Use Your Information

We use your personal information to:

Provide, operate, and improve the Service
Process your documents through our AI analysis and drafting tools, including Lex AI review
Facilitate attorney review and sign-off services
Enable electronic document signing and multi-party signature collection
Operate your investor data room and generate secure share links
Communicate with you about the Service, including transactional emails for document events, review updates, and signature requests
Respect your notification preferences — we check your saved preferences before sending certain non-essential emails
Process payments and manage your subscription
Analyze and improve the Service through aggregated, de-identified data
Detect, prevent, and address security threats and technical issues
Comply with legal obligations and enforce our Terms of Service

3. Document Privacy & AI Processing

Your documents are never used to train AI models. When you create or upload documents, we process them through Anthropic's Claude API to generate analysis, drafts, suggested edits, and Lex AI reviews. We have agreements with Anthropic to ensure:

Your documents are encrypted in transit (TLS) and at rest (AES-256)
Anthropic does not use your data to train their models
Data is processed solely to provide the Service you requested
Access is limited to you, attorneys you engage for review, and any third parties you explicitly share data room access with

Lex AI review sends your document content to the Claude API for automated legal review using a general (non-party-specific) framework. No licensed attorney is involved. The result is stored in your document record and is subject to the same data handling described above. We log metadata about Lex review API calls (model, token counts, estimated cost) for internal analytics; this log does not contain your document content.

We log metadata about all AI API calls (model used, token counts, estimated cost) for internal platform analytics. These logs do not contain your document content.

4. Data Sharing

We do not sell your personal information. We may share your information with:

Attorney reviewers: Licensed attorneys you engage through our platform receive access to the document you submit for review. This sharing is subject to attorney-client privilege.
Data room recipients: When you share your investor data room via a token link, any person with that link can view the documents you have added to the room. You control which documents are included and to whom you distribute the link.
Co-signers: When you invite a co-signer, they receive an email with access to the document for signing. Their name, email, and signature are stored and associated with the signed document.
Service providers: Third-party vendors who help us operate the Service, including:
- Supabase — cloud database and authentication
- Stripe — payment processing
- Resend — transactional email delivery
- Anthropic — AI document processing (Claude API)
All service providers are subject to strict confidentiality obligations and are prohibited from using your data for their own purposes.
Legal requirements: When required by law, court order, or governmental request.
Business transfers: In connection with a merger, acquisition, or sale of assets, where the acquiring party agrees to honor this Privacy Policy.

5. Data Retention

We retain your account information and documents for as long as your account is active or as needed to provide the Service. Upon account deletion, we will permanently delete your data within 30 days, except where retention is required by law (such as for tax or audit purposes). Signed documents may be retained for a longer period where legally required to establish execution records. You may request deletion of your data at any time by deleting your account in settings or contacting us at support@signaldocs.ai.

6. Security

We implement industry-standard technical and organizational safeguards to protect your personal information, including:

AES-256 encryption for data at rest
TLS encryption for data in transit
Role-based access controls — attorneys can only access documents submitted to them, founders can only access their own documents, and admin access is strictly limited
Regular security monitoring and vulnerability testing
Incident response procedures for potential data breaches

However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially reasonable means, we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you
Correct inaccurate or incomplete information
Request deletion of your personal information (via account settings or by contacting us)
Export your data in a portable format
Object to or restrict certain processing of your data
Withdraw consent where processing is based on consent
Lodge a complaint with your local data protection authority

To exercise these rights, contact us at support@signaldocs.ai. We will respond within 30 days.

8. Marketing Communications

We may send you marketing emails about new features, promotions, or other SignalDocs news. You can opt out of marketing emails at any time by clicking the "unsubscribe" link at the bottom of any marketing email or by updating your notification preferences in your account settings. You will continue to receive transactional emails necessary for the Service (such as billing notifications, review status updates, and signature requests).

9. International Transfers

We are based in the United States. If you are accessing the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.

10. GDPR & California Privacy Rights

For users in the European Economic Area: We process personal data as a data controller under the GDPR. Our legal bases for processing include contract performance (to provide the Service), legitimate interests (security, analytics, service improvement), legal compliance, and consent. You have the right to lodge a complaint with your local supervisory authority.

For California residents: Under the CCPA, you have the right to know what personal information we collect and how it is used, the right to deletion, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.

11. Children's Privacy

The Service is intended for individuals aged 18 and over. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child without parental consent, we will delete that information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.

13. Contact Us

For privacy-related inquiries or to exercise your data rights, contact us at support@signaldocs.ai.