ColoSign - Sign contracts in under 90 seconds

1. Introduction

At ColoSign, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform ("Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the "Last updated" date of this Privacy Policy. You are encouraged to periodically review this Privacy Policy to stay informed of updates.

2. Information We Collect

We collect information that you provide directly to us when you register for an account, upload documents, send or sign contracts, or communicate with us. The types of information we may collect include:

2.1 Personal Information

Full name, email address, phone number, and mailing address
Company name, job title, and business information
Account credentials (username and encrypted password)
Profile information and preferences
Payment information (credit card details, billing address)

2.2 Document and Signature Data

Documents and contracts you upload, create, or receive
Electronic signature data and signing activity
Audit trail information (IP addresses, timestamps, authentication methods)
Recipient information for documents you send
Comments, annotations, and form field data

2.3 Automatically Collected Information

Device information (browser type, operating system, device identifiers)
Usage data (pages visited, features used, time spent on platform)
IP address, location data, and access times
Cookies and similar tracking technologies
Log files and error reports

2.4 Information from Third Parties

Information from authentication providers (Google, Microsoft, etc.)
Payment processor information
Integration partners and connected services
Publicly available information to verify identity

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Provision

Create, maintain, and authenticate your account
Process and facilitate electronic signatures and document workflows
Store and manage your documents securely
Send transaction confirmations, notifications, and reminders
Process payments and maintain billing records

3.2 Communication

Send service-related emails (signature requests, document status updates)
Provide customer support and respond to inquiries
Send administrative information (policy updates, security alerts)
Deliver marketing communications (with your consent, where required)
Conduct surveys and gather feedback

3.3 Improvement and Analytics

Analyze usage patterns to improve our platform
Develop new features and functionality
Conduct research and testing
Monitor and analyze trends and user behavior
Optimize performance and user experience

3.4 Security and Compliance

Detect, prevent, and investigate fraud and security incidents
Protect against unauthorized access and abuse
Enforce our Terms of Service and policies
Comply with legal obligations and regulatory requirements
Maintain audit trails and records for legal purposes

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the specific context:

Contract Performance: Processing necessary to provide our services to you
Legitimate Interests: Improving our services, security, and fraud prevention
Consent: Marketing communications and optional features (you can withdraw consent anytime)
Legal Obligations: Compliance with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

5.1 With Your Consent

With other parties to a contract when you send documents for signature
When you explicitly authorize us to share information with third parties
Through integrations you enable with other services

5.2 Service Providers

Cloud hosting and infrastructure providers
Payment processors and billing services
Email delivery services (Amazon SES, SendGrid, etc.)
Analytics and monitoring tools
Customer support platforms

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

To comply with legal obligations, court orders, or government requests
To enforce our Terms of Service and other agreements
To protect the rights, property, or safety of ColoSign, our users, or the public
In connection with legal proceedings or investigations

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our platform of any such change in ownership or control of your personal information.

6. Data Security

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

6.1 Technical Safeguards

TLS/SSL encryption for data in transit (minimum TLS 1.2)
AES-256 encryption for data at rest
Secure authentication protocols and password hashing
Multi-factor authentication (MFA) options
Regular security audits and penetration testing
Intrusion detection and prevention systems
Automated backup and disaster recovery procedures

6.2 Organizational Safeguards

Access controls and role-based permissions
Employee training on data protection and security
Confidentiality agreements with all personnel
Incident response and breach notification procedures
Regular security awareness training

6.3 Compliance Certifications

We maintain compliance with industry standards including SOC 2 Type II, ISO 27001, and GDPR requirements. However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Anti-Spam Policy

ColoSign is committed to preventing spam and abuse of our platform. We strictly prohibit the use of our services for sending unsolicited emails or documents. This policy ensures compliance with CAN-SPAM Act, GDPR, CASL, and other anti-spam regulations worldwide.

7.1 Consent Requirements

You may only send documents to recipients who have explicitly consented to receive them
Recipients must have a legitimate business relationship with you
You must maintain records of consent for all recipients
Recipients must be able to easily opt-out of future communications
You must honor opt-out requests within 10 business days

7.2 Prohibited Activities

Sending unsolicited bulk emails or documents
Using purchased, rented, or scraped email lists
Sending fraudulent, misleading, or deceptive content
Impersonating another person or entity
Using false or misleading header information
Harvesting email addresses from our platform
Circumventing our rate limits or security measures

7.3 Monitoring and Enforcement

Rate Limiting: We monitor sending patterns and enforce limits based on account type and history
Bounce Monitoring: High bounce rates >5% trigger automatic review and may result in sending restrictions
Complaint Tracking: We track spam complaints and maintain a complaint rate below 0.1%
Abuse Reporting: Recipients can report spam directly through our platform
Automated Detection: Machine learning algorithms identify suspicious sending patterns
Manual Review: Our team investigates reported violations and suspicious activity

7.4 Consequences of Violations

Violation of our anti-spam policy may result in:

Immediate suspension of sending privileges
Account suspension or termination without refund
Reporting to email service providers and anti-spam organizations
Legal action and cooperation with law enforcement
Financial liability for damages caused by spam activity

7.5 Best Practices

To maintain good sending reputation and avoid issues:

Only send to recipients who expect to hear from you
Use clear, accurate subject lines and sender information
Include your physical mailing address in communications
Provide easy opt-out mechanisms
Maintain clean, up-to-date recipient lists
Monitor bounce rates and remove invalid addresses
Respect recipient preferences and opt-out requests

8. Your Rights and Choices

You have certain rights regarding your personal information. The availability of these rights may depend on your location and applicable laws.

8.1 Access and Portability

Request access to your personal information
Receive a copy of your data in a portable format (JSON, CSV)
Review what information we have collected about you

8.2 Correction and Update

Correct inaccurate or incomplete information
Update your account details and preferences
Modify your profile information at any time

8.3 Deletion and Erasure

Request deletion of your account and personal information
Delete specific documents or data
Exercise your "right to be forgotten" under GDPR

Note: We may retain certain information as required by law or for legitimate business purposes (e.g., completed transactions, legal compliance, dispute resolution).

8.4 Restriction and Objection

Restrict processing of your personal information
Object to processing based on legitimate interests
Opt out of marketing communications
Disable certain features or data collection

8.5 Cookie Preferences

Manage cookie settings through your browser
Opt out of analytics and advertising cookies
Control tracking preferences

8.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@colosign.com. We will respond to your request within 30 days (or as required by applicable law). You may need to verify your identity before we can process your request. There is no fee for exercising your rights, unless your request is clearly unfounded or excessive.

9. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

9.1 Active Accounts

Account information: Retained while your account is active
Signed documents: Retained according to your account settings (default: 7 years)
Audit trails: Retained for 10 years for legal compliance
Transaction records: Retained for 7 years for tax and accounting purposes

9.2 Deleted Accounts

Personal information: Deleted or anonymized within 90 days
Backup copies: Removed within 180 days
Legal hold data: Retained as required by law or ongoing litigation
Aggregated analytics: May be retained indefinitely in anonymized form

9.3 Legal Requirements

We may retain certain information longer when required by law, regulation, or legal process, including:

Tax records (7 years)
Electronic signature audit trails (varies by jurisdiction)
Records subject to legal hold or litigation
Fraud prevention and security incident records

10. International Data Transfers

ColoSign operates globally, and your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your country.

10.1 Safeguards for International Transfers

Standard Contractual Clauses (SCCs) approved by the European Commission
Data Processing Agreements with all service providers
Adequacy decisions where applicable
Binding Corporate Rules for intra-group transfers
Your explicit consent where required

10.2 Data Localization

For enterprise customers, we offer data residency options to store data in specific geographic regions (EU, US, Asia-Pacific). Contact our sales team for more information about data localization options.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities and preferences.

11.1 Types of Cookies We Use

Essential Cookies: Required for the platform to function (authentication, security)
Functional Cookies: Remember your preferences and settings
Analytics Cookies: Help us understand how you use our platform
Advertising Cookies: Used to deliver relevant ads (with your consent)

11.2 Third-Party Cookies

We use third-party services that may set cookies, including:

Google Analytics for usage analytics
Stripe for payment processing
Intercom for customer support
Social media platforms for sharing features

11.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our platform. Most browsers allow you to refuse cookies or delete existing cookies.

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@colosign.com.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible. For users in the EU, the age threshold may be lower depending on the member state (typically 13-16 years).

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Your CCPA Rights

Right to Know: Request disclosure of personal information collected, used, and shared
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: Not be discriminated against for exercising your rights

13.2 Categories of Information Collected

In the past 12 months, we have collected the following categories of personal information:

Identifiers (name, email, IP address)
Commercial information (transaction history, payment details)
Internet activity (browsing history, usage data)
Professional information (company, job title)
Inferences (preferences, characteristics)

13.3 Do Not Sell My Personal Information

We do not sell personal information as defined by CCPA. We do not share personal information with third parties for their direct marketing purposes without your consent.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours of discovering the breach (as required by GDPR)
Provide details about the nature of the breach and data affected
Explain the steps we are taking to address the breach
Offer guidance on how you can protect yourself
Notify relevant supervisory authorities as required by law

We maintain an incident response plan and conduct regular security drills to ensure we can respond quickly and effectively to any security incidents.

15. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

When you use integrations with third-party services (e.g., Google Drive, Dropbox, Salesforce), those services may collect information according to their own privacy policies. We recommend reviewing their policies before connecting these services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational, legal, or regulatory reasons. When we make material changes, we will:

Update the "Last updated" date at the top of this policy
Notify you by email (if you have provided an email address)
Display a prominent notice on our platform
Require your acceptance for material changes that affect your rights

Your continued use of our services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. If you do not agree to the updated policy, you must stop using our services and may request deletion of your account.

17. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: support@colosign.com