EmailSignature.io
Sign inStart free

Privacy Policy

Effective 2026-05-28

This Privacy Policy explains how Sodasoft LLC ("we", "us"), the operator of EmailSignature.io, collects, uses, and shares personal data. Our registered office is at 30 N Gould St, Sheridan, Wyoming 82801, United States.

For data we process on behalf of our customers (the contact details of their employees and end-recipients of their signatures), please see also the Data Processing & GDPR page, which describes our role as a data processor.

1. Personal Data We Collect

1.1 Account data

When you create an account we collect your name, work email, organization name, and basic onboarding answers (company size, primary email provider, approximate employee count). Authentication is passwordless — we do not store passwords.

1.2 Billing data

Payments are processed by Stripe. We receive a customer identifier, the last four digits and expiry of your card, billing country, and invoice metadata. We do not have access to your full card number.

1.3 Usage and device data

We collect technical logs (IP address, user agent, request timestamps, request paths, error stacks) to operate the Service, prevent abuse, and improve reliability. These logs are retained for up to 30 days for application logs and 90 days for security logs.

1.4 Cookies

See our Cookie Policy for details on the cookies we set.

2. How We Use Personal Data

  • To provide, secure, and improve the Service;
  • To deliver magic-link sign-in emails and account notifications via Resend;
  • To process subscriptions and invoices via Stripe;
  • To respond to support requests sent to support@emailsignature.io;
  • To detect, prevent, and investigate fraud, abuse, and security incidents;
  • To comply with legal obligations and enforce our Terms of Service.

3. Legal Bases (EEA / UK)

If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing your personal data are:

  • Performance of a contract — to provide the Service you signed up for.
  • Legitimate interests — to secure and improve the Service, prevent fraud, and communicate operational updates.
  • Consent — for any non-essential cookies and marketing emails, where required.
  • Legal obligation — to meet our tax, accounting, and law-enforcement obligations.

4. Sharing of Personal Data

We share personal data only with the subprocessors listed in our DPA, with payment processors for billing, with law-enforcement when required by law, and with any successor entity in connection with a corporate transaction.

5. International Data Transfers

Your account database is hosted in the European Union (Frankfurt) via Supabase. Some subprocessors are located in the United States. Transfers outside the EEA / UK rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.

6. Data Retention

We retain your account data while your account is active. After account deletion, personal data is purged within 30 days, except where retention is required by law (e.g. tax records, generally 7 years in the United States). Backups are rotated and overwritten within 35 days.

7. Your Rights

Depending on your jurisdiction, you have the right to access, correct, delete, restrict, or object to processing of your personal data; the right to data portability; and the right to withdraw consent. You also have the right to lodge a complaint with your local data-protection authority.

To exercise any of these rights, email privacy@emailsignature.io. For account data you control directly, you can also use the self-service tools in your account settings.

8. Children

EmailSignature.io is a business tool and is not directed to children under 16. We do not knowingly collect personal data from children.

9. Security

We use TLS in transit, encryption at rest for our managed database, principle-of-least-privilege access control, audit logging, and passwordless authentication. No system is perfectly secure; if you believe your account has been compromised, contact abuse@emailsignature.io immediately.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be announced at least 14 days in advance. The effective date at the top of this page reflects the latest revision.

11. Contact

Privacy queries: privacy@emailsignature.io. Mail: Sodasoft LLC, 30 N Gould St, Sheridan, Wyoming 82801, United States.