1. Introduction
Welcome to Indigo e-Sign ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform.
By using Indigo e-Sign, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.
2. Information We Collect
2.1 Personal Information
We collect personal information that you voluntarily provide to us when you:
- Register for an account (name, email address, password)
- Upload documents for electronic signature
- Participate in signing sessions as an initiator or participant
- Contact our support team
- Subscribe to a paid plan (Basic or Pro) and provide payment information
2.2 Payment and Billing Information
When you subscribe to a paid plan, we collect:
- Billing name and address
- Payment card details (processed securely through Authorize.Net — we do not store full card numbers on our servers)
- Subscription tier, billing cycle, and transaction history
2.3 Document and Signature Data
When you use our platform, we collect and store:
- Documents uploaded for signing
- Electronic signatures, initials, and stamps
- Signature placement data and metadata
- Signing session information (participants, timestamps, status)
- Signing activity logs and audit trails
2.4 Technical Information
We automatically collect certain information when you use our platform:
- IP address and device information
- Browser type and version
- Operating system
- Access times and dates
- Pages viewed and links clicked
- Firebase Cloud Messaging tokens (for push notifications)
2.5 Cloud Storage Integration
If you choose to connect third-party cloud storage services (Google Drive, Dropbox, or Microsoft OneDrive), we collect and store OAuth tokens to access your files on your behalf. These tokens are encrypted and stored securely.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service Delivery: To provide, maintain, and improve our electronic signature services
- Document Management: To process, store, and manage your documents and signatures
- Communication: To send you notifications about signing invitations, completed documents, and service updates
- Security: To verify your identity, prevent fraud, and protect against unauthorized access
- Audit and Compliance: To maintain signing activity logs and provide audit trails for legal purposes
- Customer Support: To respond to your inquiries and provide technical assistance
- Service Improvement: To analyze usage patterns and improve our platform features
- Legal Obligations: To comply with applicable laws, regulations, and legal processes
4. AI Document Review Disclosure
Our AI-powered document review feature analyzes document content using automated systems to provide insights, suggestions, summaries, or recommendations.
Important:
- The AI review feature is provided for informational and assistance purposes only and does not constitute legal advice, professional advice, or a substitute for consultation with a qualified legal professional.
- Users are solely responsible for reviewing, verifying, and validating any AI-generated suggestions, edits, summaries, or recommendations before relying on them. We strongly recommend that all AI-reviewed or AI-generated content be reviewed by a qualified legal professional prior to execution, signing, or legal use.
Data Processing and Privacy
- We do not sell or publicly share document content. AI processing may involve secure automated systems that temporarily process document text for analysis.
- Documents and document content are not used to train publicly available AI models unless explicitly disclosed and consented to by the user.
- If third-party AI service providers are used to enable document analysis, document data may be processed by such providers in accordance with their security and confidentiality standards.
5. Data Sharing and Disclosure
5.1 With Your Consent
We share your documents and signature data with participants you designate in signing sessions. When you invite participants to sign documents, they receive access to the documents through secure, token-based URLs.
5.2 Service Providers
We may share your information with trusted third-party service providers who assist us in operating our platform:
- Payment Processing: Authorize.Net for secure subscription billing and payment processing
- Email Service: API for transactional emails (OTP verification, signing invitations)
- Cloud Storage: Google Drive, Dropbox, Microsoft OneDrive (only if you choose to integrate)
- Push Notifications: Firebase Cloud Messaging for real-time notifications
5.3 Legal Requirements
We may disclose your information if required to do so by law or in response to:
- Valid legal processes (subpoenas, court orders)
- Government requests
- Protection of our rights, property, or safety
- Investigation of fraud or security issues
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.
6. Data Security
We implement robust security measures to protect your information:
- Encryption: All data transmissions use HTTPS/TLS encryption
- Token-Based Access: Participant access uses unique, secure access tokens
- Cloud Storage Encryption: OAuth tokens are encrypted using AES encryption
- Password Security: User passwords are hashed using Django's PBKDF2 algorithm
- OTP Verification: Email verification with 6-digit OTP codes (10-minute expiration)
- reCAPTCHA Protection: Google reCAPTCHA v2 protects against automated attacks
- Access Controls: Role-based access controls and authentication middleware
- Audit Trails: Comprehensive logging of all signing activities
Important: While we use industry-standard security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your information.
7. Data Sharing & Third Parties
We may share data with trusted third-party service providers to deliver and improve our services:
- Payment processors - Authorize.Net for secure subscription billing and payment processing
- Cloud hosting providers - Infrastructure and storage services (AWS, Google Cloud, etc.)
- Email delivery services - For transactional emails (OTP verification, signing invitations, notifications)
- AI processing providers - External API for document review and analysis features
- Legal authorities - When required by law or in response to valid legal processes
Important: We do not sell your personal data to third parties for marketing or any other purposes.
8. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Account Data: Retained while your account is active and for a reasonable period after deletion
- Documents: Stored according to your subscription plan limits (30 days for free tier)
- Signed Documents: Retained for legal and audit purposes (typically 7 years)
- Activity Logs: Maintained for security and compliance purposes
- Expired Sessions: Automatically archived or deleted based on expiration settings
9. Your Rights and Choices
You have the following rights regarding your personal information:
9.1 Access and Portability
- Request access to your personal data
- Download your documents and signatures
- Export your data in a portable format
9.3 Communication Preferences
- Opt out of promotional emails (signing notifications are mandatory for service delivery)
- Manage push notification settings in your browser
- Control sound notifications for signing activities
9.4 Cloud Storage Disconnection
- Disconnect integrated cloud storage services at any time
- Revoke OAuth access tokens
10. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience:
- Session Cookies: Essential for user authentication and session management
- CSRF Tokens: Security tokens to prevent cross-site request forgery
- Preference Cookies: Store your settings (e.g., notification sound preferences)
- Firebase Tokens: FCM device tokens for push notifications
Most browsers allow you to refuse cookies, but this may limit your ability to use certain features of our platform.
11. Third-Party Services
Our platform integrates with third-party services that have their own privacy policies:
We are not responsible for the privacy practices of these third-party services.
12. Children's Privacy
Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.
13. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. By using our service, you consent to the transfer of your information to our facilities and service providers globally.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:
- Posting the new Privacy Policy on this page
- Updating the "Last Updated" date
- Sending an email notification to registered users (for significant changes)
Your continued use of our service after changes become effective constitutes your acceptance of the revised Privacy Policy.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Data Protection Rights: If you are located in the European Economic Area (EEA), you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority.