Privacy Policy

1. Introduction

NovaSign, Inc. ("NovaSign," "we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform and related services (collectively, the "Service").

This Privacy Policy applies to all users of our Service, including visitors to our website, registered users, and signers of documents processed through our platform.

By using NovaSign, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect information you provide directly to us, including:

• • Full name, email address, phone number, and mailing address
• • Account credentials (username, password, security questions)
• • Payment information (credit card details, billing address)
• • Company information (business name, tax ID, industry)
• • Profile information (job title, department, preferences)
• • Documents and content you upload, create, or sign
• • Digital signatures and related authentication data
• • Communications with our support team
• • Survey responses and feedback

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

• • Device information (type, model, operating system, browser)
• • IP address and approximate geographic location
• • Usage data (pages visited, features used, time spent)
• • Log files and error reports
• • Cookies and similar tracking technologies
• • Referral source and marketing attribution data
• • Performance and analytics data

2.3 Information from Third Parties

We may receive information about you from third parties, including:

• • Identity verification services
• • Payment processors and financial institutions
• • Marketing and advertising partners
• • Social media platforms (if you connect your accounts)
• • Integration partners and API connections
• • Public databases and data aggregators

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Provision

• • Provide, maintain, and improve our electronic signature services
• • Process and authenticate digital signatures
• • Store and manage your documents securely
• • Enable document sharing and collaboration features
• • Provide customer support and technical assistance

3.2 Business Operations

• • Process payments and manage billing
• • Send transactional communications and notifications
• • Verify identity and prevent fraud
• • Comply with legal obligations and regulatory requirements
• • Enforce our Terms of Service and other policies

3.3 Communication and Marketing

• • Send service updates and security notifications
• • Provide marketing communications (with your consent)
• • Conduct surveys and gather feedback
• • Personalize your experience and recommendations

3.4 Analytics and Improvement

• • Analyze usage patterns and service performance
• • Conduct research and development
• • Test new features and improvements
• • Generate aggregated and anonymized statistics

4. Communications

4.1 Types of Communications

• • Account verification and password reset messages
• • Document signing requests and reminders
• • Transaction confirmations and receipts
• • Security alerts and account notifications
• • Service updates and maintenance notices
• • Marketing newsletters (with explicit consent)

4.2 Communication Delivery

We use trusted third-party communication service providers to deliver our messages. These providers:

• • Process communications on our behalf under strict data processing agreements
• • Maintain high deliverability and security standards
• • Provide analytics on message delivery and engagement
• • Do not use your data for their own marketing purposes

4.3 Communication Preferences

You can manage your communication preferences at any time:

• • Use the unsubscribe link in any marketing message
• • Update preferences in your account settings
• • Contact our support team for assistance
• • Note: You cannot opt out of essential service communications

5. How We Share Your Information

5.1 Service Providers

We share information with trusted service providers who assist us in operating our business:

• • Cloud hosting and infrastructure providers
• • Payment processors and billing services
• • Communication and messaging services
• • Analytics and performance monitoring tools
• • Customer support platforms
• • Security and fraud prevention services

5.2 Legal Requirements

We may disclose your information when required by law or to:

• • Comply with legal process or government requests
• • Enforce our Terms of Service or other agreements
• • Protect the rights, property, or safety of NovaSign, our users, or others
• • Investigate fraud, security issues, or technical problems
• • Respond to emergency situations

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control.

5.4 With Your Consent

We may share your information for other purposes with your explicit consent or at your direction.

6. Data Security

6.1 Security Measures

We implement comprehensive security measures to protect your information:

• • AES-256 encryption for data at rest and in transit
• • TLS 1.3 for secure data transmission
• • Multi-factor authentication for account access
• • Regular security audits and penetration testing
• • SOC 2 Type II compliance certification
• • ISO 27001 information security management
• • Role-based access controls and principle of least privilege
• • Secure development practices and code reviews

6.2 Data Centers and Infrastructure

• • Data stored in secure, certified data centers
• • Redundant backups and disaster recovery procedures
• • 24/7 monitoring and incident response
• • Physical security controls and access restrictions

6.3 Employee Training and Access

• • Regular security training for all employees
• • Background checks for personnel with data access
• • Confidentiality agreements and data handling policies
• • Limited access on a need-to-know basis

7. Data Retention

7.1 Retention Periods

• • Account information: Retained while your account is active
• • Signed documents: Retained for 7 years after signing for legal compliance
• • Payment records: Retained for 7 years for tax and accounting purposes
• • Usage logs: Retained for 2 years for security and analytics
• • Marketing data: Retained until you unsubscribe or object
• • Support communications: Retained for 3 years

7.2 Data Deletion

When data is no longer needed, we securely delete it using industry-standard methods. You may request deletion of your personal data subject to legal and contractual obligations.

8. Your Rights and Choices

8.1 Access and Control

You have the following rights regarding your personal information:

• • Access: Request a copy of your personal data
• • Correction: Update inaccurate or incomplete information
• • Deletion: Request deletion of your personal data
• • Portability: Export your data in a machine-readable format
• • Restriction: Limit how we process your data
• • Objection: Object to processing for marketing purposes
• • Withdrawal: Withdraw consent where processing is based on consent

8.2 How to Exercise Your Rights

To exercise your rights, you can:

• • Use the privacy controls in your account settings
• • Contact our Data Protection Officer at privacy@novasign.net
• • Submit a request through our support portal
• • We will respond to your request within 30 days

8.3 California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

• • Right to know what personal information is collected
• • Right to delete personal information
• • Right to opt-out of the sale of personal information
• • Right to non-discrimination for exercising privacy rights

8.4 European Privacy Rights (GDPR)

If you are in the European Economic Area, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

NovaSign is based in the United States. If you are accessing our Service from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our service providers operate.

We ensure appropriate safeguards are in place for international transfers, including:

• • Standard Contractual Clauses approved by the European Commission
• • Adequacy decisions for certain countries
• • Binding Corporate Rules where applicable
• • Other legally recognized transfer mechanisms

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• • Post the updated policy on our website
• • Update the "Last Updated" date at the top of this policy
• • Notify you via email or through our Service
• • Obtain your consent where required by law

We encourage you to review this policy periodically to stay informed about our privacy practices.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days of receipt.