1. Who We Are

SignBolt is an electronic signature platform operated from Perth, Western Australia. Our service is available at signbolt.store and signbolt.au. For privacy inquiries, contact us at privacy@signbolt.store.

2. Information We Collect

We collect only what is necessary to provide the e-signature service:

Account information: Your email address and full name when you create an account or sign up for a paid plan.
Documents: PDFs and files you upload for signing. These are processed server-side and are not permanently stored beyond the retention periods below.
Signature data: The drawn or typed signature image you create and place on documents.
IP address: Recorded as part of the document audit trail for each signing event to establish legal validity.
Document metadata: File name, page count, timestamp of upload and signing, and the email address of any recipient you send a document to for signature.
Usage analytics: Aggregated, anonymised data on how the service is used (e.g. pages visited, features clicked). No personally identifiable information is included in analytics.

We do not collect payment card numbers, government identifiers, or sensitive personal information as defined under the Australian Privacy Act.

3. How We Use Your Information

We use the information collected to:

Provide, operate, and improve the SignBolt e-signature service.
Authenticate your account and maintain your session across visits.
Generate legally valid audit trails for signed documents.
Process payments and manage your subscription.
Send transactional emails (e.g. email verification codes, document delivery).
Respond to your support or privacy inquiries.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

4. Cookies

SignBolt uses a single first-party authentication cookie named sb_user. This cookie stores your email address, display name, current plan (Free / Pro / Business), and a count of documents signed in the current billing month. It is used solely to keep you logged in and to enforce plan limits. No third-party tracking or advertising cookies are set by SignBolt.

Third-party services we embed (listed in Section 5) may set their own cookies governed by their respective privacy policies. You can disable cookies in your browser settings; doing so will prevent you from remaining logged in.

5. Third-Party Services

SignBolt integrates with the following third-party services. Each service processes data under its own privacy policy:

Stripe (payment processing):When you subscribe to a paid plan, your payment details are collected and processed directly by Stripe. SignBolt does not store credit card numbers, CVV codes, or full card details. Stripe's privacy policy is available at stripe.com/privacy.
Resend (email delivery):Transactional emails — including email verification codes and send-for-signature notifications — are delivered via Resend. Resend processes the recipient email address and email content. Resend's privacy policy is available at resend.com/privacy.
Vercel (hosting and infrastructure):SignBolt is hosted on Vercel's global edge network. Vercel may process request data including IP addresses and browser headers as part of serving the application. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

6. Document Storage and Data Retention

We retain different categories of data for different periods:

Guest-signed documents (no account): Automatically deleted within 24 hours of signing.
Account holders' documents: Retained until you delete them from your dashboard or close your account. Documents deleted by the user are permanently removed within 7 days.
Audit trail records: Retained for 7 years from the date of signing to support legal and contractual disputes. This is the legally defensible retention period recommended for contract records in Australia.
Account data (email, name, plan): Retained for the life of your account plus 90 days after closure to allow for account recovery requests.
Payment records: Retained by Stripe in accordance with financial regulations. SignBolt retains a record of subscription status and plan history for billing dispute purposes.

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

7. Australian Privacy Act Compliance

SignBolt is committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In particular:

APP 1 (Open and transparent): This policy describes how we manage personal information. A copy is freely available on our website.
APP 3 (Collection): We collect personal information only by lawful and fair means and only where it is reasonably necessary for our functions.
APP 6 (Use and disclosure): We use personal information only for the primary purpose for which it was collected, or for directly related secondary purposes you would reasonably expect.
APP 11 (Security): We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
APP 12 (Access): You may request access to the personal information we hold about you by contacting privacy@signbolt.store. We will respond within 30 days.
APP 13 (Correction): If information we hold about you is inaccurate, out of date, or incomplete, you may request a correction by contacting us.

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. GDPR — Rights for EU and UK Visitors

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): Request deletion of your personal data where there is no overriding legal basis for retention.
Right to restrict processing: Request that we limit how we use your data while a dispute is resolved.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.

Our lawful basis for processing personal data is contract performance (to provide the service you signed up for) and legitimate interests (security and fraud prevention). To exercise any of these rights, contact privacy@signbolt.store. We will respond within 30 days.

9. How to Request Data Deletion

You can delete your account and all associated data in the following ways:

Self-service:Log in to your SignBolt account, navigate to Account Settings, and select “Delete My Account.” This will immediately queue all your personal data for permanent deletion.
Email request: Send a deletion request to privacy@signbolt.storefrom the email address associated with your account. Include “Data Deletion Request” in the subject line. We will confirm receipt and complete deletion within 30 days.

Note: Audit trail records may be retained beyond deletion for up to 7 years as described in Section 6, where required for legal validity of previously signed documents.

10. Children's Privacy

SignBolt is not intended for use by persons under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, contact us immediately at privacy@signbolt.store.

11. Changes to This Policy

We may update this privacy policy from time to time. When we do, we will update the “Last updated” date at the top of this page. For significant changes, we will notify account holders by email. Continued use of SignBolt after changes are posted constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions, access requests, corrections, or complaints:

Email: privacy@signbolt.store
General support: support@signbolt.store
Location: Perth, Western Australia, Australia

1. Who We Are

2. Information We Collect

We collect only what is necessary to provide the e-signature service:

Account information: Your email address and full name when you create an account or sign up for a paid plan.
Documents: PDFs and files you upload for signing. These are processed server-side and are not permanently stored beyond the retention periods below.
Signature data: The drawn or typed signature image you create and place on documents.
IP address: Recorded as part of the document audit trail for each signing event to establish legal validity.
Document metadata: File name, page count, timestamp of upload and signing, and the email address of any recipient you send a document to for signature.
Usage analytics: Aggregated, anonymised data on how the service is used (e.g. pages visited, features clicked). No personally identifiable information is included in analytics.

We do not collect payment card numbers, government identifiers, or sensitive personal information as defined under the Australian Privacy Act.

3. How We Use Your Information

We use the information collected to:

Provide, operate, and improve the SignBolt e-signature service.
Authenticate your account and maintain your session across visits.
Generate legally valid audit trails for signed documents.
Process payments and manage your subscription.
Send transactional emails (e.g. email verification codes, document delivery).
Respond to your support or privacy inquiries.

We do not sell, rent, or share your personal information with third parties for marketing or advertising purposes.

4. Cookies

5. Third-Party Services

SignBolt integrates with the following third-party services. Each service processes data under its own privacy policy:

Stripe (payment processing):When you subscribe to a paid plan, your payment details are collected and processed directly by Stripe. SignBolt does not store credit card numbers, CVV codes, or full card details. Stripe's privacy policy is available at stripe.com/privacy.
Resend (email delivery):Transactional emails — including email verification codes and send-for-signature notifications — are delivered via Resend. Resend processes the recipient email address and email content. Resend's privacy policy is available at resend.com/privacy.
Vercel (hosting and infrastructure):SignBolt is hosted on Vercel's global edge network. Vercel may process request data including IP addresses and browser headers as part of serving the application. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.

6. Document Storage and Data Retention

We retain different categories of data for different periods:

Guest-signed documents (no account): Automatically deleted within 24 hours of signing.
Account holders' documents: Retained until you delete them from your dashboard or close your account. Documents deleted by the user are permanently removed within 7 days.
Audit trail records: Retained for 7 years from the date of signing to support legal and contractual disputes. This is the legally defensible retention period recommended for contract records in Australia.
Account data (email, name, plan): Retained for the life of your account plus 90 days after closure to allow for account recovery requests.
Payment records: Retained by Stripe in accordance with financial regulations. SignBolt retains a record of subscription status and plan history for billing dispute purposes.

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

7. Australian Privacy Act Compliance

SignBolt is committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In particular:

APP 1 (Open and transparent): This policy describes how we manage personal information. A copy is freely available on our website.
APP 3 (Collection): We collect personal information only by lawful and fair means and only where it is reasonably necessary for our functions.
APP 6 (Use and disclosure): We use personal information only for the primary purpose for which it was collected, or for directly related secondary purposes you would reasonably expect.
APP 11 (Security): We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
APP 12 (Access): You may request access to the personal information we hold about you by contacting privacy@signbolt.store. We will respond within 30 days.
APP 13 (Correction): If information we hold about you is inaccurate, out of date, or incomplete, you may request a correction by contacting us.

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

8. GDPR — Rights for EU and UK Visitors

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete data.
Right to erasure (“right to be forgotten”): Request deletion of your personal data where there is no overriding legal basis for retention.
Right to restrict processing: Request that we limit how we use your data while a dispute is resolved.
Right to data portability: Request your data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests.

9. How to Request Data Deletion

You can delete your account and all associated data in the following ways:

Self-service:Log in to your SignBolt account, navigate to Account Settings, and select “Delete My Account.” This will immediately queue all your personal data for permanent deletion.
Email request: Send a deletion request to privacy@signbolt.storefrom the email address associated with your account. Include “Data Deletion Request” in the subject line. We will confirm receipt and complete deletion within 30 days.

Note: Audit trail records may be retained beyond deletion for up to 7 years as described in Section 6, where required for legal validity of previously signed documents.

Privacy Policy

1. Who We Are

2. Information We Collect

3. How We Use Your Information

4. Cookies

5. Third-Party Services

6. Document Storage and Data Retention

7. Australian Privacy Act Compliance

8. GDPR — Rights for EU and UK Visitors

9. How to Request Data Deletion

10. Children's Privacy

11. Changes to This Policy

12. Contact

Privacy Policy

1. Who We Are

2. Information We Collect

3. How We Use Your Information

4. Cookies

5. Third-Party Services

6. Document Storage and Data Retention

7. Australian Privacy Act Compliance

8. GDPR — Rights for EU and UK Visitors

9. How to Request Data Deletion

10. Children's Privacy

11. Changes to This Policy

12. Contact