Privacy Policy

Effective date: August 21, 2025

This Privacy Policy explains how SignGeist ("we", "us", or "our") collects, uses, discloses, and safeguards information when you use our services, websites, and applications (collectively, the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Policy.

1. Information We Collect

We may collect the following categories of information:

• Account information: name, email address, authentication identifiers, tenant affiliation, and role or permissions.
• Transaction and signature data: information related to documents and transactions you process through the Service, including signer details, timestamps, and signature artifacts.
• Configuration and integration data: workspace, workstation, and signature station settings, along with integration preferences (for example, Google Drive folder IDs or metadata).
• Usage, device, and log data: IP address, browser type, operating system, device identifiers, pages viewed, referring URLs, date/time stamps, and other diagnostic data.
• Cookies and similar technologies: we may use cookies and local storage to keep you signed in and to remember preferences. You can set your browser to refuse cookies, but some features may not function properly.
• Third-party sources: if you enable integrations (for example, Google Drive), we may receive limited information as authorized by you and required to provide the integration.

2. How We Use Information

• Provide, operate, secure, and maintain the Service.
• Process transactions and signatures and store related records as configured by your tenant.
• Authenticate users and authorize access to tenant resources.
• Monitor usage, troubleshoot issues, and improve performance and reliability.
• Develop new features and improve the user experience.
• Communicate with you about updates, security alerts, and administrative messages.
• Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases (EEA/UK users)

Where applicable, we process personal data on the following legal bases: (a) to perform our contract with you; (b) our legitimate interests in providing and improving the Service and keeping it secure; (c) your consent, where required; and (d) to comply with legal obligations.

4. Sharing and Disclosure

We do not sell personal information. We may share information with:

• Service providers and subprocessors who perform services on our behalf (for example, cloud hosting, data storage, analytics, and authentication). These providers are bound by contractual obligations to safeguard personal data and use it only as instructed.
• Third-party integrations you enable (for example, Google Drive) to the extent necessary to provide the integration.
• Authorities or other parties when required by law, regulation, legal process, or to protect the rights, property, or safety of SignGeist, our users, or others.
• In connection with a business transaction such as a merger, acquisition, financing, or sale of assets, subject to standard confidentiality safeguards.

Google user data

Chrome Extension (SignGeist Connect)

The SignGeist Connect Chrome extension is part of the Service. It reads receipt pages on approved Club Automation domains to enable signature workflows. The extension does not collect or transmit data unless you explicitly enable the relevant options in the extension's Options page after install.

• When you enable Send receipt data, the extension sends receipt details (member name/ID, items, totals, staff name, location details, and receipt HTML) from the active receipt page to your tenant's webhook on www.signgeist.com to create and manage signatures and records.
• When you enable Diagnostic logs, the extension may send non-identifying event metadata (e.g., transactionId and status) to your tenant's event endpoint. The extension strips or minimizes personal data and reduces URLs to path-only for logs.
• You can change these settings at any time in the Options page. By enabling either option, you consent to the respective collection and transmission described above.
• The extension stores configuration and consent preferences inchrome.storage.local on the workstation.

If you connect a Google account, the Service uses Google APIs to access only the minimum data necessary to deliver the selected functionality (for example, locating and storing files in a designated Google Drive folder). Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Retention

We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Retention settings for certain records may be configurable by tenant administrators.

6. Security

We implement reasonable technical and organizational measures designed to protect information. No method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

7. International Transfers

We may process and store information in countries other than your own. Where required, we rely on appropriate safeguards to permit such transfers.

8. Your Rights and Choices

• Access, correct, or delete certain information through your account settings.
• Object to or restrict certain processing, or request data portability where applicable.
• Opt out of non-essential communications using unsubscribe links or account controls.
• Where we rely on consent, withdraw consent at any time; withdrawal does not affect prior lawful processing.
• You may exercise these rights by contacting us using the details below. We may need to verify your identity before responding.

9. Children's Privacy

The Service is not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to remove the information.

10. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be identified by an updated "Effective date" and will be effective when posted. Your continued use of the Service signifies your acceptance of the updated Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at tech@crossgatesclub.com.