Privacy Policy

Effective February 18, 2026

Who we are

Holosign is an e-signature service operated by Move47 LLC. This policy covers our marketing site (holosign.co) and our application (app.holosign.co).

What we collect

Account information — When you create an account we store your email address, hashed password, plan tier, and organization membership.

Documents — Files you upload for signing are stored in a private storage bucket. Each document is hashed (SHA-256) for integrity verification.

Signer information — When you send a document for signature we collect each signer's name and email address. During signing we log the signer's IP address, user agent, and timestamp to produce a legally valid audit trail.

Payment information — Payments are processed by Stripe. We store your Stripe customer ID and subscription status but never see or store your card details.

Usage data — Our marketing site does not currently use analytics. If we add analytics in the future we will use a cookie-free, privacy-friendly service and update this policy.

How we use your data

  • To provide and maintain the e-signature service
  • To send transactional emails (signing requests, completion notices, payment alerts, organization invites)
  • To generate audit trails that prove documents were signed
  • To process payments and manage subscriptions
  • To comply with legal obligations

We do not sell your personal data. We do not use your data for advertising.

Cookies

The marketing site sets a single cookie to store your detected region (e.g. “eu” or “default”) so we can display prices in the correct currency. This cookie contains no personal data and is not used for tracking.

The application uses session cookies strictly for authentication — these are required to keep you signed in and contain no tracking data.

Third-party services

We share data with the following processors, only as needed to operate the service:

  • Vercel — Hosting and content delivery (processes IP addresses and request metadata)
  • Supabase — Database, authentication, and document storage
  • Stripe — Payment processing (PCI-DSS compliant)
  • Resend — Transactional email delivery

Data retention

We retain your data for as long as your account is active. When you delete a document, all associated signer data, audit events, and access tokens are permanently deleted. If you delete your account, all your data is removed.

Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data
  • Export your data in a portable format
  • Object to or restrict processing of your data
  • Withdraw consent at any time

EU/EEA residents (GDPR): Our legal bases for processing are contract performance (providing the service you signed up for), legitimate interest (security and fraud prevention), and legal obligation (audit trails). You may lodge a complaint with your local data protection authority.

California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information.

Security

All data is transmitted over HTTPS. Documents are stored in private buckets with row-level security. Access is enforced per-user and per-organization. Audit trails are tamper-evident via SHA-256 hashing.

Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by posting a notice on our site. Continued use of the service after changes constitutes acceptance.

Contact

For privacy-related questions or to exercise your rights, email us at legal@holosign.co.