Privacy Policy

Last updated: May 21, 2026

SignOwl ("we," "us," or "our") is operated by TechyOwls. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our e-signature service at signowl.app (the "Service").

1. Information we collect

1.1 Account information

When you create an account, we collect your name, email address, and profile picture through our authentication provider (Google OAuth via Clerk). We do not store passwords.

1.2 Documents and signatures

When you upload documents for signing, we store the document file, detected form fields, signer names, email addresses, signature images, and related metadata. This data is necessary to provide the e-signature service.

1.3 Usage data

We automatically collect certain information when you access the Service, including your IP address, browser type, operating system, referring URLs, pages viewed, and timestamps. This helps us maintain security and improve the Service.

1.4 Payment information

Payments are processed by Paddle (our Merchant of Record). We do not directly collect or store credit card numbers or bank account details. Paddle handles all payment data subject to their own privacy policy.

2. How we use your information

• To provide, operate, and maintain the e-signature Service
• To process and deliver documents for signing
• To send transactional emails (signature requests, reminders, completion notices)
• To manage your account and subscription
• To detect, prevent, and address fraud, abuse, and security issues
• To comply with legal obligations
• To improve and develop new features

3. How we share your information

We do not sell your personal information. We share data only in these circumstances:

• With signers: When you send a document for signing, we share the document, your name, and your email address with the recipients you designate.
• Service providers: We use third-party services to operate the platform, including Clerk (authentication), Paddle (payments), Resend (email delivery), and Cloudflare (hosting and security). These providers access data only as needed to perform their functions.
• Legal requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

4. Data retention

We retain your documents and signature data for as long as your account is active or as needed to provide the Service. Completed documents are retained for a minimum of 7 years to support legal enforceability of signed agreements. You may request deletion of your account and associated data at any time, subject to our legal retention obligations.

5. Data security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/HTTPS) for all connections
• Encrypted storage for documents and signature data
• PAdES-B-B digital signatures for document integrity verification
• Token-based access control for signing sessions
• Comprehensive audit trails for all document actions

6. Cookies and tracking

We use essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking pixels. Our authentication provider (Clerk) may set cookies necessary for the sign-in process.

7. Your rights

Depending on your location, you may have the right to:

• Access, correct, or delete your personal data
• Export your data in a portable format
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent
• Lodge a complaint with a supervisory authority

GDPR (EU/EEA): We process data based on contractual necessity (providing the Service), legitimate interests (security, improvement), and consent where applicable.

CCPA (California): We do not sell personal information. California residents may request disclosure of data collected and request deletion.

8. International data transfers

Your data may be processed in countries outside your country of residence, including the United States. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

9. Children's privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.