Accordsign
Start free

Legal

Privacy Policy · Accordsign

Last updated:

1. Introduction

This Privacy Policy explains how Accordsign collects, uses, stores, and protects your personal information when you use our website, web application, mobile interfaces, Salesforce package, and APIs (collectively, the "Service").

Accordsign is operated by Seed Data Systems, a company registered in Gujarat, India, with its registered office at Samatva Bunglows, Ahmedabad, Gujarat, India. References to "we", "us", and "our" in this policy refer to Seed Data Systems.

By using Accordsign, you agree to the practices described in this policy.

2. Scope

This policy covers:

  • The marketing website at accordsign.app
  • The web application at sign.accordsign.app
  • The Accordsign managed package for Salesforce
  • Our APIs and any mobile interfaces

This policy does not cover third-party websites linked to from Accordsign, including the websites of our sub-processors and customers' embedded signing experiences. Refer to the privacy notices of those parties.

3. Information we collect

3.1 Information you provide directly

  • Account information: name, email, phone, company, billing address
  • Document content: any PDF or Word file you upload for signing
  • Recipient information: name, email, phone of people you invite to sign or approve documents
  • Payment information: handled by Razorpay; we receive transaction confirmation only, not card numbers

3.2 Information collected automatically

  • IP address
  • Browser type and version
  • Device information
  • Pages visited, features used, and timestamps
  • Cookies and similar technologies (see section 9 below)

3.3 Information from third parties

  • If you sign a document sent to you, the sender provides your name and contact details.
  • When you use Aadhaar eSign, the CCA-licensed eSign Service Provider (currently Surepass Technologies) processes your Aadhaar authentication. Accordsign servers never see or store Aadhaar numbers or biometric data — only the result of the authentication (success/failure plus audit trail metadata).

4. How we use information

We use the information described above only for the following purposes:

  • To deliver the Service (account creation, sending envelopes, processing signatures)
  • To process payments and manage billing
  • To send transactional and account communications (signature requests, completion notifications, billing notices)
  • To provide customer support
  • To improve our product
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

Explicit commitments:

  • We do not sell your personal information.
  • We do not use your documents to train AI or machine-learning models.
  • We do not access the content of your signed documents except as required to deliver the Service or comply with legal process.

5. Who we share information with (sub-processors)

We share information only with the service providers required to deliver the Service. Each sub-processor is bound by data processing agreements that require them to handle your data with the same standards we commit to in this policy. We review sub-processors before engagement and on a periodic basis thereafter.

  • Microsoft Azure — cloud infrastructure and document storage
  • SendGrid — transactional email delivery
  • Razorpay — payment processing
  • Surepass Technologies — Aadhaar eSign authentication (a CCA-licensed eSign Service Provider)
  • Google — OAuth single sign-on, if enabled by the user
  • Microsoft Clarity — anonymised session analytics
  • Google Analytics — anonymised usage analytics

6. Data retention

  • Account data: retained while your account is active. After account closure, retained for 90 days then permanently deleted.
  • Signed documents: retained for the lifetime of your account. You can delete individual documents at any time from your dashboard.
  • Audit trails: retained for the lifetime of the account, even after individual documents are deleted (audit trails reference document IDs and metadata, not document content).
  • Backups: encrypted backups are retained for 30 days after deletion from the live system, then permanently purged.
  • Payment records: retained for 7 years as required by Indian tax and accounting law.
  • Aadhaar eSign authentication records: retained per UIDAI requirements (currently 2 years).

7. Cross-border data transfers

  • Primary hosting region: Azure Central India
  • Failover region: Azure South India

Some sub-processors (notably SendGrid and Razorpay) may process data outside India. Where this occurs, we ensure appropriate safeguards — including data processing agreements, encryption in transit and at rest, and access controls — are in place.

8. Your rights

Under the Digital Personal Data Protection Act 2023 (India), the General Data Protection Regulation (EU), and the California Consumer Privacy Act (US California), you have the following rights with respect to your personal information:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to deletion (with limitations for legally retained records such as tax invoices)
  • Right to data portability — export your account data and signed documents
  • Right to withdraw consent
  • Right to object to processing
  • Right to grievance redressal (see section 12)

To exercise these rights, email connect@accordsign.app with "Privacy:" in the subject line. We respond within 30 days as required by the DPDP Act and GDPR.

Note: A dedicated privacy/grievance contact will be designated before this policy goes live, per the DPDP Act. Until then, connect@ is the routing inbox.

9. Cookies and tracking

  • Essential cookies — for login sessions, security, and core functionality.
  • Analytics cookies — Google Analytics 4 and Microsoft Clarity, both anonymised.
  • We do not use advertising or cross-site tracking cookies.

You can control cookies via your browser settings. Disabling essential cookies will prevent Accordsign from functioning. For a full breakdown, see our Cookie Policy.

10. Children's data

Accordsign is not intended for individuals under 18 years of age. We do not knowingly collect data from children. Under the DPDP Act, any processing of children's data requires verifiable parental consent — which Accordsign is not designed to obtain. If you become aware that a child has provided us with personal data, contact us immediately at connect@accordsign.app and we will delete it.

11. Security

We maintain encryption in transit (TLS 1.2+), encryption at rest (AES-256), tamper-evident audit logging, role-based access controls, and regular backups. For the full technical breakdown — including our infrastructure provider, sub-processor list, and roadmap items — see our Security page.

12. Grievance redressal

In accordance with the DPDP Act 2023 and the IT Rules 2011, we designate a Grievance Officer to receive and respond to complaints regarding personal data handling.

  • Grievance Officer: Nivid Jain
  • Email: connect@accordsign.app with "Grievance:" in the subject line
  • Response timeline: 15 days from receipt of complaint, in accordance with the DPDP Act

For unresolved grievances, you may approach the Data Protection Board of India once it is operational under the DPDP Act.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a banner on the Service at least 30 days before the changes take effect. Your continued use of Accordsign after the effective date of the changes constitutes acceptance of the updated policy.

14. Contact