Privacy Policy

Last updated: June 1, 2026

This Privacy Policy explains how Instant Signer Ltd ("Instant Signer", "we", "us") collects, uses, discloses, and safeguards personal data when you use our website and email signature management services (the "Services").

1. Who we are

Instant Signer Ltd provides email signature management software for organizations using Microsoft 365, Google Workspace, and Exchange. We act as a data processor for the customer data you entrust to us and as a data controller for the limited information we collect directly from you, such as account and billing details.

2. Data we collect

We collect the following categories of personal data:

  • Account data: name, work email, company, and role of administrators who create and manage accounts.
  • Directory data: employee attributes synced from your directory (such as name, title, department, phone, and photo) used to populate signatures. This is customer data we process on your behalf.
  • Billing data: subscription and payment information, processed through our payment provider; we do not store full card numbers.
  • Usage data: log data, device and browser information, and product analytics used to operate and improve the Services.

For cloud signature deployment, message content is processed in transit to apply signatures and is not stored by us.

3. How we use data

  • To provide, maintain, and secure the Services.
  • To sync directory data and apply signatures as you configure.
  • To process billing and manage your subscription.
  • To provide support and communicate service updates.
  • To improve product performance and develop new features.
  • To comply with legal obligations and prevent abuse.

4. Legal bases

Where the GDPR applies, we process personal data on the bases of performance of a contract, our legitimate interests in operating and improving the Services, your consent (where required), and compliance with legal obligations.

5. Sharing and sub-processors

We share data with vetted sub-processors who help us deliver the Services (such as cloud hosting and payment processing). A current list is available on our Sub-processors page. We do not sell personal data.

6. International transfers

Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses and offer regional data residency options where available.

7. Data retention

We retain personal data for as long as your account is active or as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Directory data is deleted or returned following termination in accordance with our Data Processing Agreement.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain processing. To exercise these rights, contact us at privacy@instantsigner.com.

9. Security

We implement technical and organizational measures including encryption in transit and at rest, least-privilege access, SSO/MFA for administrators, and audit logging. See our Security page for details.

10. Cookies

We use cookies and similar technologies as described in our Cookie Policy.

11. Children

The Services are intended for businesses and are not directed to children under 16. We do not knowingly collect their personal data.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Services or by email, and the “Last updated” date above will be revised.

13. Contact

Questions about this policy? Email privacy@instantsigner.com.