Privacy Policy
Last updated: April 9, 2026
SignalDocs ("SignalDocs," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our platform, website, and related services (the "Service").
In summary: We collect and use your personal information to provide legal document drafting, analysis, Lex AI review, signing, and attorney review services. We never sell your personal information or use your documents to train AI models. Your data stays yours.
1. Information We Collect
Information you provide to us:
- Account data: Name, email address, company name, professional title, and password.
- Founder profile data: Company details, industry, stage, jurisdiction, and document preferences collected during onboarding.
- Attorney profile data: Bar number, states licensed, practice areas, hourly rate, and professional biography collected during attorney onboarding. This information is used to vet and activate attorney accounts.
- Payment data: Payment card information is collected directly by Stripe, our payment processor. We store only the last four digits of your card and billing details necessary to manage your subscription.
- Document data: Legal documents, contracts, and other files you upload to or create within the Service, including extracted text, AI-generated analysis results, redline states, contract review results, and Lex AI review results.
- Lex review data: When you request a Lex AI review, we create a review record (status, timestamps, and a reference to the document) to track the review lifecycle. The review result is stored as part of your document data as described above.
- Signature data: When you sign a document through the Service, we store your signature in the form of a typed text string or a base64-encoded image of your drawn signature, associated with your account and the signed document.
- Attorney review messages: Notes and messages exchanged between founders and attorneys during the review process.
- Contact form submissions: Name, email, company, and message content submitted through our contact page.
- Communications: Messages and feedback you send to us through the Service or support channels.
Automatic data collection:
- Device data: Browser type, operating system, IP address, device identifiers, and general location (city/state).
- Usage data: Pages viewed, features used, session duration, navigation paths, document statuses, AI feature interactions, and API usage logs (model, token counts, and estimated cost — used internally for platform analytics).
- Cookies: We use cookies and similar technologies (local storage, session tokens) to authenticate your session, remember your preferences, and analyze platform usage.
2. How We Use Your Information
We use your personal information to:
- Provide, operate, and improve the Service
- Process your documents through our AI analysis and drafting tools, including Lex AI review
- Facilitate attorney review and sign-off services
- Enable electronic document signing and multi-party signature collection
- Operate your investor data room and generate secure share links
- Communicate with you about the Service, including transactional emails for document events, review updates, and signature requests
- Respect your notification preferences — we check your saved preferences before sending certain non-essential emails
- Process payments and manage your subscription
- Analyze and improve the Service through aggregated, de-identified data
- Detect, prevent, and address security threats and technical issues
- Comply with legal obligations and enforce our Terms of Service
3. Document Privacy & AI Processing
Your documents are never used to train AI models. When you create or upload documents, we process them through Anthropic's Claude API to generate analysis, drafts, suggested edits, and Lex AI reviews. We have agreements with Anthropic to ensure:
- Your documents are encrypted in transit (TLS) and at rest (AES-256)
- Anthropic does not use your data to train their models
- Data is processed solely to provide the Service you requested
- Access is limited to you, attorneys you engage for review, and any third parties you explicitly share data room access with
Lex AI review sends your document content to the Claude API for automated legal review using a general (non-party-specific) framework. No licensed attorney is involved. The result is stored in your document record and is subject to the same data handling described above. We log metadata about Lex review API calls (model, token counts, estimated cost) for internal analytics; this log does not contain your document content.
We log metadata about all AI API calls (model used, token counts, estimated cost) for internal platform analytics. These logs do not contain your document content.
4. Data Sharing
We do not sell your personal information. We may share your information with:
- Attorney reviewers: Licensed attorneys you engage through our platform receive access to the document you submit for review. This sharing is subject to attorney-client privilege.
- Data room recipients: When you share your investor data room via a token link, any person with that link can view the documents you have added to the room. You control which documents are included and to whom you distribute the link.
- Co-signers: When you invite a co-signer, they receive an email with access to the document for signing. Their name, email, and signature are stored and associated with the signed document.
- Service providers: Third-party vendors who help us operate the Service, including:
- Supabase — cloud database and authentication
- Stripe — payment processing
- Resend — transactional email delivery
- Anthropic — AI document processing (Claude API)
- Legal requirements: When required by law, court order, or governmental request.
- Business transfers: In connection with a merger, acquisition, or sale of assets, where the acquiring party agrees to honor this Privacy Policy.
5. Data Retention
We retain your account information and documents for as long as your account is active or as needed to provide the Service. Upon account deletion, we will permanently delete your data within 30 days, except where retention is required by law (such as for tax or audit purposes). Signed documents may be retained for a longer period where legally required to establish execution records. You may request deletion of your data at any time by deleting your account in settings or contacting us at support@signaldocs.ai.
6. Security
We implement industry-standard technical and organizational safeguards to protect your personal information, including:
- AES-256 encryption for data at rest
- TLS encryption for data in transit
- Role-based access controls — attorneys can only access documents submitted to them, founders can only access their own documents, and admin access is strictly limited
- Regular security monitoring and vulnerability testing
- Incident response procedures for potential data breaches
However, no method of transmission over the internet is 100% secure. While we strive to protect your data using commercially reasonable means, we cannot guarantee absolute security.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your personal information (via account settings or by contacting us)
- Export your data in a portable format
- Object to or restrict certain processing of your data
- Withdraw consent where processing is based on consent
- Lodge a complaint with your local data protection authority
To exercise these rights, contact us at support@signaldocs.ai. We will respond within 30 days.
8. Marketing Communications
We may send you marketing emails about new features, promotions, or other SignalDocs news. You can opt out of marketing emails at any time by clicking the "unsubscribe" link at the bottom of any marketing email or by updating your notification preferences in your account settings. You will continue to receive transactional emails necessary for the Service (such as billing notifications, review status updates, and signature requests).
9. International Transfers
We are based in the United States. If you are accessing the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S. or other countries where our service providers operate. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where required.
10. GDPR & California Privacy Rights
For users in the European Economic Area: We process personal data as a data controller under the GDPR. Our legal bases for processing include contract performance (to provide the Service), legitimate interests (security, analytics, service improvement), legal compliance, and consent. You have the right to lodge a complaint with your local supervisory authority.
For California residents: Under the CCPA, you have the right to know what personal information we collect and how it is used, the right to deletion, the right to opt-out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights.
11. Children's Privacy
The Service is intended for individuals aged 18 and over. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child without parental consent, we will delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by email or through a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
13. Contact Us
For privacy-related inquiries or to exercise your data rights, contact us at support@signaldocs.ai.