VisiSign
Log in Get Started

Privacy Policy

Last updated: April 2026

VisiSign is operated by RegAtlas LLC ("we", "us", "our"), a Wyoming limited liability company. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our electronic signature platform at visisign.app and related services (the "Service").

1. Information We Collect

Account Information

When you create an account, we collect:

  • Name, email address, and password
  • Phone number (if you verify your account via SMS)
  • Organization name and billing information

Document and Signature Data

When you use the Service to send or sign documents, we collect:

  • Documents you upload (PDFs, images)
  • Electronic signature images (drawn or typed)
  • Field values entered during signing (text, dates, checkboxes)

Signer Information

When someone is invited to sign a document through VisiSign, we collect:

  • Name and email address (provided by the sender)
  • Phone number (if SMS notification is used)
  • IP address and browser user agent at the time of signing
  • Timestamps of viewing, signing, or declining

This information is collected to create a legally valid audit trail for the signed document.

Usage and Technical Data

  • IP addresses and browser information for security and rate limiting
  • Session data (HttpOnly cookies for authentication)
  • API usage metrics (for metered billing)

2. How We Use Your Information

  • To provide, operate, and improve the Service
  • To process and deliver documents for signing
  • To send transactional emails and SMS (signing requests, reminders, completions)
  • To generate audit trails and signing certificates
  • To process payments and manage billing
  • To detect and prevent fraud and abuse
  • To respond to support requests
  • To comply with legal obligations

We do not sell your personal information. We do not use your documents or signature data for any purpose other than providing the Service.

3. Third-Party Service Providers

We share data with the following categories of service providers, solely to operate the Service:

  • Cloud infrastructure: Hetzner (servers), Cloudflare (CDN, DNS, R2 storage), Backblaze (archive storage)
  • Email delivery: Amazon Web Services (SES)
  • SMS delivery: SignalWire
  • Payment processing: Stripe (we do not store credit card numbers)
  • Domain and DNS: Cloudflare

Each provider processes data only as necessary to perform their service and is bound by their own privacy policies and data processing agreements.

4. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encryption at rest for stored documents and sensitive fields
  • Bcrypt password hashing with complexity requirements
  • Rate limiting and brute-force protection
  • Signed, HttpOnly session cookies (no JWT in localStorage)
  • SHA-256 document integrity hashing for signed PDFs
  • IP and user agent logging for audit trails

5. Data Retention

We retain your data as follows:

  • Documents and signatures: Retained for the life of your account
  • Audit trails: Retained for the life of your account (required for legal validity of signatures)
  • Account data: Retained until you delete your account
  • Session data: Automatically expired and cleaned up

When you delete your account, we will delete your personal data and documents within 30 days, except where retention is required by law or necessary to resolve disputes.

6. International Data Transfers

Our servers are located in the United States and Germany. If you access the Service from outside these regions, your data will be transferred to and processed in these locations. By using the Service, you consent to this transfer.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Export: Request your data in a portable format
  • Opt out: Unsubscribe from non-transactional communications

To exercise these rights, contact us at privacy@visisign.app. We will respond within 30 days.

8. California Privacy Rights (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, contact us at privacy@visisign.app.

9. Children's Privacy

The Service is not directed to individuals under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

10. Cookies

We use strictly necessary cookies for authentication (session cookies). We do not use advertising or tracking cookies. No cookie consent banner is required as we only use essential cookies.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach, and will notify relevant authorities as required by law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

RegAtlas LLC
Email: privacy@visisign.app