Privacy Policy

Effective date: 12 June 2026  |  Version: 1.0

Document eSign ("Document eSign", "we", "us", "our") is a product of Angular Minds Private Limited, a company registered in India at 501, Sai Shilp Business Center, Baner, Pune 411045, Maharashtra, India.

This Privacy Policy explains what personal data we collect when you use documentesign.com and the Document eSign application (the "Service"), why we collect it, who we share it with, and the choices and rights you have. It applies to account holders, the people they invite to their workspace, and the recipients they send documents to for signing.

We are the data controller for account and workspace data we collect to run the Service. When you use Document eSign to send documents to signers, you are the controller of the content of those documents and the signer data you put into them, and we act as your processor. For business customers, our Data Processing Addendum governs that relationship.

1. Information we collect

Account and workspace information. When you sign up or are invited, we collect your name, email address, and password (stored only as a salted hash, never in plain text). You may also add a phone number, job title, profile photo, and signature or initials. For your workspace we collect the organization name, contact details, address, and settings you configure (branding, audit preferences, IP allowlist, and similar).

Documents and signing data. We store the documents you upload, the fields you place, and the people you send them to. For each recipient we hold their name, email address, and (where you add it) phone number. To make completed documents legally reliable, we record an audit trail for each document: the events that occurred (sent, viewed, signed, declined, and so on), the date and time of each event, and, for the people acting on the document, their IP address, browser user agent, and approximate location derived from the IP address. This audit trail is part of the completion certificate issued with a finished document.

Contacts. If you save contacts to reuse when sending documents, we store the name, email, and other details you enter.

Payment information. Paid plans are billed through our payment processor, Stripe. Stripe collects and holds your card details. We do not receive or store full card numbers. We keep a record of your subscription, invoices, billing status, and the email and organization linked to them.

Usage, device, and security data. We collect log data such as IP address, browser and device information, pages and actions within the app, and session information. We use a bot-prevention service (Google reCAPTCHA) on sign-in, sign-up, and password-reset to protect against automated abuse.

Communications. If you contact support or sales, we keep the messages and the contact details you provide.

We do not intentionally collect special category data (such as health or biometric data). Please do not put such data into documents on standard plans; regulated use cases (for example HIPAA) are handled only on Enterprise plans under a separate agreement.

2. How we use your information

We use personal data to:

  • provide, operate, and secure the Service, including creating accounts, delivering documents to signers, generating audit trails and completion certificates, and applying digital signatures;
  • process payments, manage subscriptions, prevent payment fraud, and send billing notices (trial reminders, payment-failure notices, renewal and cancellation confirmations);
  • send service and transactional messages (signature requests, reminders, completion notices, security alerts);
  • provide support and respond to your requests;
  • monitor for abuse, enforce our Terms of Service, and protect the rights and safety of our users and the public;
  • comply with legal obligations and keep records the law requires.

We rely on the following legal bases where the GDPR or UK GDPR applies: performance of our contract with you, our legitimate interests in running and securing the Service, your consent (for example for non-essential cookies), and compliance with legal obligations.

We do not sell your personal data, and we do not use the contents of your documents to train artificial intelligence or machine learning models.

3. How we share information

We share personal data only as needed to run the Service:

  • With other people in your workspace and on your documents. Workspace admins and members see workspace and document data according to their role. Recipients receive the documents you send them.
  • With service providers (sub-processors) who process data on our behalf, such as cloud hosting, file storage, email delivery, payment processing, and error monitoring. They may only use the data to provide their service to us. The current list is in Annex 1 of our Data Processing Addendum.
  • At your direction. If you connect a cloud storage account (for example Google Drive, Dropbox, OneDrive, or Box) to import or back up documents, we exchange data with that provider using access you grant, and you can revoke that access at any time.
  • For legal reasons. We may disclose data to comply with the law, a valid legal request, or to protect our rights, our users, or the public.
  • In a business transfer. If we are involved in a merger, acquisition, or sale of assets, data may transfer as part of that transaction, subject to this Policy.

4. Where your data is processed

We and our sub-processors operate using established cloud infrastructure providers. Your data may be processed in data centers outside your home country. Where data is transferred internationally, we rely on appropriate safeguards such as standard contractual clauses. Enterprise customers can discuss data-residency options with us.

5. How long we keep data

We keep account and workspace data for as long as your account is active.

Documents follow a retention window tied to your plan. On the Free plan, completed, cancelled, expired, and declined documents are removed after 30 days. On Growth and Business plans the window is 365 days. Business plans can configure their own automatic-deletion policy, and Enterprise retention is set by agreement. When a document reaches the end of its window it is removed from the application; it remains recoverable by us for a further 180 days as a safety net, after which it is permanently deleted from our systems, including file storage.

If your workspace moves from a paid plan back to Free, we do not delete your over-limit data automatically. We keep it, warn the workspace admins, and give a grace period so you can export or upgrade before anything is removed. See the Refund & Cancellation Policy for details.

We keep billing records (invoices and payment history) for as long as required by tax and accounting law. We keep limited records needed to enforce our terms, resolve disputes, and meet legal obligations even after an account closes.

6. Your rights and choices

Depending on where you live, you may have the right to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. India's Digital Personal Data Protection Act, the GDPR/UK GDPR, and the CCPA/CPRA provide these or similar rights.

  • You can view and update much of your profile and workspace data directly in the app.
  • To request access, correction, deletion, or a copy of your data, or to close your account, email [email protected]. If you are a signer who received a document, contact the organization that sent it; we will help where we can but they control that document.
  • You can opt out of non-essential email at any time, but we will still send transactional and service messages needed to run your account.

We will respond within the timeframes the applicable law requires. We may need to verify your identity first. If you are unhappy with our response, you may contact your local data protection authority.

7. Security

We protect data with encryption in transit (TLS) and encryption at rest, access controls, and monitoring. The Service also offers two-factor authentication, workspace-wide 2FA enforcement, IP allowlisting (on eligible plans), tamper-evident audit trails, and PAdES digital signatures on completed PDFs. No system is perfectly secure, but we work to protect your data and to notify you of a breach affecting your personal data as required by law.

8. Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service, and understand how it is used. See our Cookie Policy for the details and your choices.

9. Children

The Service is not intended for anyone under 18, and we do not knowingly collect personal data from children. If you believe a child has provided us data, email [email protected] and we will delete it.

10. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the effective date and, where appropriate, notify you in the app or by email. Continued use of the Service after a change means you accept the updated Policy.

11. Contact us