Seal
Back to Home

Privacy Policy

Last updated: February 24, 2026

Seal ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our document signing platform ("Service").

1. Information We Collect

Account Information

When you create an account, we collect information provided through our authentication provider, Clerk, including your name, email address, and profile image.

Document Data

When you use the Service, we store the documents you upload, signature images, form field data, and recipient information (names and email addresses) that you provide.

Signing Activity

For each document signing event, we collect audit trail data including:

  • Timestamps of document views, signatures, and other actions
  • IP addresses of signers
  • ESIGN Act consent records
  • Signature hashes (SHA-256) for integrity verification

Payment Information

Payment processing is handled by Stripe. We do not store your full credit card number or banking details. Stripe may collect payment information directly in accordance with their privacy policy.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, device information, and referring URLs.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process and deliver documents for signing
  • Send transactional emails (document invitations, reminders, completion notifications)
  • Process payments and manage subscriptions
  • Maintain audit trails for legal compliance
  • Detect and prevent fraud or abuse
  • Respond to support requests
  • Analyze usage to improve the Service

3. Third-Party Services

We use the following third-party services to operate the platform. Each processes data in accordance with their own privacy policies:

  • Clerk — Authentication and identity management
  • Convex — Backend infrastructure and data storage
  • Stripe — Payment processing and subscription management
  • Resend — Transactional email delivery
  • Vercel — Application hosting and deployment

We do not sell your personal information to third parties.

4. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — Retained until you request deletion
  • Documents and signatures — Retained for the duration of your account plus a reasonable period to fulfill legal and compliance obligations
  • Audit trails — Retained for a minimum of 7 years to support the legal enforceability of signed documents
  • Usage data — Retained in anonymized form for analytics purposes

Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or necessary to maintain the integrity of signed documents.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • SHA-256 hashing for signature verification and token security
  • Role-based access control within workspaces
  • Comprehensive audit logging of all document actions
  • Rate limiting on API endpoints to prevent abuse
  • Regular security reviews of our infrastructure

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate personal data
  • Deletion — Request deletion of your personal data, subject to legal retention requirements
  • Portability — Request a machine-readable copy of your data
  • Objection — Object to certain processing of your personal data

To exercise these rights, contact us at privacy@seal.co. We will respond within 30 days.

7. Cookies & Tracking

We use essential cookies to maintain your session and authentication state. We do not use third-party advertising cookies or cross-site tracking.

We may use analytics services to understand how the Service is used. These services collect anonymized usage data and do not track you across other websites.

8. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided personal information, we will promptly delete it.

9. International Data Transfers

Your data may be processed and stored in the United States. By using the Service, you consent to the transfer of your data to the United States, where data protection laws may differ from those in your jurisdiction.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact

If you have questions about this Privacy Policy or our data practices, contact us at:

For information about our Terms of Service, see our Terms of Service.