CelerSign
PricingSign inGet Started

Privacy Policy

Last updated: 2026-05-22

DRAFT — pending legal review.

1. Data We Collect

We collect information you provide directly when you create an account, including your name, email address, and password. When you use our e-signature service, we also collect document metadata, signature data, IP addresses, browser user-agent strings, and timestamps to create legally-binding audit trails.

2. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve CelerSign's e-signature services
  • Create tamper-proof audit trails for signed documents
  • Send transactional emails (signing invitations, OTP codes, completion notices)
  • Send marketing communications (only with your explicit consent)
  • Detect and prevent fraud, abuse, and security incidents

3. Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide e-signature services you have requested
  • Legitimate interest: Processing necessary for security, fraud prevention, and service improvement
  • Consent: Marketing communications are only sent with your opt-in consent, which you may withdraw at any time
  • Legal obligation: Retaining audit trail data as required for e-signature legal validity

4. Data Sharing

We do not sell your personal data. We share information only in the following circumstances:

  • With signing parties: Names and email addresses are shared with other signers on a document
  • Service providers: We use third-party services for email delivery, file storage, and hosting, all bound by data processing agreements
  • Legal requirements: When required by law, regulation, or valid legal process

5. Data Retention

Account data is retained as long as your account is active. Document data and audit trails are retained for a minimum of 7 years to ensure the legal validity of signed documents. When you delete your account, personal identifiers are anonymized, but audit trail records are preserved with anonymized references to maintain document integrity.

6. Your Rights (GDPR)

Under the GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your account and personal data
  • Data portability: Export your data in a machine-readable format
  • Withdraw consent: Opt out of marketing communications at any time
  • Object: Object to processing based on legitimate interest

You can exercise these rights from the Settings page in your account, or by contacting us at privacy@celersign.com.

7. Cookies

CelerSign uses essential cookies required for authentication and session management. We also use optional analytics cookies to understand how our service is used. You can manage your cookie preferences at any time using the cookie consent banner or from your account settings. Essential cookies cannot be disabled as they are necessary for the service to function.

8. Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted storage, cryptographic document hashing for tamper detection, and secure password hashing. Access to production systems is restricted and monitored.

9. Canadian Residents (PIPEDA)

If you are located in Canada, your personal information is handled in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). CelerSign adheres to the ten fair information principles set out in Schedule 1 of PIPEDA:

  • Accountability: We are responsible for personal information under our control and have designated a Privacy Officer to oversee compliance.
  • Identifying purposes: We identify the purposes for which personal information is collected at or before the time of collection.
  • Consent: We obtain your knowledge and consent for the collection, use, or disclosure of personal information, except where otherwise permitted by law.
  • Limiting collection: We collect only the personal information necessary for the purposes we have identified.
  • Limiting use, disclosure, and retention: We use or disclose personal information only for the purposes for which it was collected, and retain it only as long as necessary.
  • Accuracy: We keep personal information as accurate, complete, and up-to-date as necessary for the purposes for which it is used.
  • Safeguards: We protect personal information with security safeguards appropriate to its sensitivity.
  • Openness: We make our policies and practices regarding personal information readily available.
  • Individual access: Upon request, we will inform you of the existence, use, and disclosure of your personal information and provide access to it.
  • Challenging compliance: You may challenge our compliance with these principles by contacting our Privacy Officer.

Our designated Privacy Officer can be reached at privacy@celersign.com. If your concern is not resolved to your satisfaction, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Breach notification.Where a breach of security safeguards involves a real risk of significant harm to an individual, CelerSign will notify affected Canadian customers and report to the Office of the Privacy Commissioner of Canada as required under PIPEDA's Breach of Security Safeguards Regulations, and will maintain records of all breaches for the period required by law.

10. Your California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), gives you additional rights regarding your personal information.

Categories of personal information collected

In the preceding 12 months, CelerSign has collected the following categories of personal information, as defined by the CCPA:

  • Identifiers (e.g., name, email address, account ID, IP address)
  • Customer records (e.g., billing address, phone number)
  • Commercial information (e.g., subscription plan, transaction history)
  • Internet or network activity (e.g., browser user-agent, log data, signing-page interactions)
  • Geolocation data (general — derived from IP address; we do not collect precise GPS location)
  • Professional or employment-related information (e.g., employer, job title, where provided in a document or template)
  • Inferences drawn from the above for service personalization and fraud detection

Categories disclosed to service providers

In the preceding 12 months, we have disclosed identifiers, customer records, commercial information, and internet activity to service providers acting on our behalf for purposes including email delivery, file storage, hosting, document conversion, and payment processing. A full list is available on our sub-processors page.

Your rights under the CCPA

  • Right to Know: Request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the categories of third parties with whom it has been shared.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions (such as completing a transaction, detecting security incidents, or complying with a legal obligation — including retention of signed-document audit trails).
  • Right to Correct: Request correction of inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale or Sharing: Direct us not to sell or share your personal information.
  • Right to Limit Use of Sensitive Personal Information: Direct us to limit our use of any sensitive personal information to purposes necessary to provide the service.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights — your service, pricing, and feature access will not change.

Do Not Sell or Share My Personal Information

CelerSign does not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. If our practices change, we will update this Policy and provide a clear opt-out mechanism here.

To exercise any of these rights, contact us at privacy@celersign.com or submit a request from your Settings page. We will verify your identity before fulfilling a request, and you may designate an authorized agent to act on your behalf in accordance with California law.

11. Your Rights Under Other US State Laws

Residents of Virginia (Virginia Consumer Data Protection Act), Colorado (Colorado Privacy Act), Connecticut (Connecticut Data Privacy Act), Utah (Utah Consumer Privacy Act), and Texas (Texas Data Privacy and Security Act) have the following rights with respect to their personal data:

  • Right to access the personal data we process about you
  • Right to correct inaccurate personal data
  • Right to delete personal data we have collected
  • Right to data portability (where technically feasible)
  • Right to opt out of targeted advertising
  • Right to opt out of the sale of personal data
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects

Where required by applicable state law, you may also appeal a refusal to act on a rights request by replying to our response with the word “Appeal” and a brief explanation. To submit any state-law rights request, contact privacy@celersign.com. We do not engage in targeted advertising, sell personal data, or use personal data for profiling that produces legal or similarly significant effects on you.

12. Cross-Border Data Transfers

CelerSign is a global service. Depending on where you are located and which features you use, your personal information may be processed in the United States, the European Union, or other jurisdictions in which we or our service providers operate. By using CelerSign, you understand that your information may be transferred to and processed in countries other than your own.

For personal information transferred out of Canada, we rely on appropriate safeguards including contractual protections substantially equivalent to the Standard Contractual Clauses, vendor due diligence, and the accountability requirements of PIPEDA. For personal information transferred out of the European Economic Area or the United Kingdom, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum, where applicable) together with supplementary technical and organizational measures.

13. Children's Privacy

CelerSign is a business product and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 13 (as defined by the US Children's Online Privacy Protection Act, COPPA), nor from minors under 16 or 18 where higher age thresholds apply under state law (including California, Colorado, Connecticut, and other states with heightened protections for minors). If we become aware that we have collected personal information from a child in violation of applicable law, we will delete it promptly. If you believe a child has provided us with personal information, contact privacy@celersign.com.

14. Contact

For privacy-related inquiries, data protection requests, or complaints, contact our Privacy team — including our designated Privacy Officer for Canadian inquiries — at privacy@celersign.com.