Privacy Policy

1. Introduction

SignAndAgree.com ("Platform") is operated by Digital Perpetual ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Platform. We are committed to protecting your privacy in accordance with the Singapore Personal Data Protection Act (PDPA).

2. Data We Collect

Account Data: Name, email address, company name (optional), and password (stored as a hashed value).

Document Data: Documents you upload, agreements you create, and document titles. For Blind Sign, only the contract title, reference number, and description are stored — no actual contract content.

Signing Data: Signer names, email addresses, signature images or typed signatures, IP addresses, browser information, and timestamps.

Payment Data: Processed by Stripe. We do not store credit card numbers. We store your Stripe customer ID and subscription status.

Usage Data: Pages visited, features used, and verification lookups. We use Google Analytics for aggregated website analytics.

3. How We Use Your Data

• To provide the signing and verification services
• To send signing requests and notifications to signers
• To process payments and manage subscriptions
• To store signing proof on the blockchain
• To improve the Platform and user experience
• To comply with legal obligations

4. Blockchain Data

When a document is fully signed, a cryptographic hash (not the document itself) is stored on the Polygon blockchain. This hash is:

• Public — anyone can see the hash on the blockchain
• Permanent — it cannot be deleted or modified
• Non-reversible — the original document cannot be reconstructed from the hash

No personal data, document content, or signer details are stored on the blockchain — only the cryptographic hash.

5. Public Verification Page

When a document is completed, a public verification page is created. This page displays:

• Document title and status
• Signer names and signing timestamps
• Blockchain proof (hash and transaction reference)

Signer email addresses are not displayed on the public verification page.

6. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe — for payment processing
• Amazon Web Services (SES) — for sending email notifications
• Polygon Blockchain — cryptographic hashes only (no personal data)
• Google Analytics — aggregated, anonymized usage data

7. Data Storage and Security

Your data is stored on secure servers. We implement appropriate technical and organizational measures to protect your data, including:

• Encrypted connections (HTTPS/TLS)
• Hashed passwords (bcrypt)
• Session security with httpOnly and secure cookies
• Rate limiting to prevent abuse

8. Data Retention

Account data is retained for as long as your account is active. Document data and signing records are retained indefinitely to support verification. Blockchain records are permanent and cannot be deleted. You may request deletion of your account and associated data (except blockchain records) by contacting us.

9. Your Rights

Under the PDPA, you have the right to:

• Access your personal data
• Correct inaccurate data
• Withdraw consent for data processing
• Request deletion of your data (subject to legal obligations and blockchain permanence)

10. Cookies

We use essential cookies for session management (login state). We use Google Analytics which sets its own cookies for usage tracking. No advertising cookies are used.

11. Children

The Platform is not intended for users under 18 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via the Platform.

13. Contact

For privacy-related inquiries, contact us at hello@digitalperpetual.com.