Privacy Policy
Abundera Sign exists to produce documents whose authenticity can be verified independently, years from now, without trusting us. To do that we have to handle some signer data and document content. This page explains exactly what we collect, why, how long we keep it, and what rights signers have over it.
1. Who's responsible
Abundera, Inc. (Delaware C-corp, 200 W Sahara Ave Unit 3301, Las Vegas NV 89102) operates Abundera Sign and is the data controller for Sender accounts. For Signer interactions Abundera, Inc. acts as the data processor on behalf of the Sender who initiated the envelope.
2. What we process
2.1 Sender account data
If you create a Sender account to send envelopes through Abundera Sign, we process: name, email address, organization (optional), authentication credentials (passkey or password hash), API keys you generate, billing details (handled by our payment processor — see §6), and product usage events (envelopes created, API calls, login times) for security and rate-limit enforcement.
2.2 Signer identity data
When a Sender adds you as a Signer on an envelope, we process: your name and email (required to deliver the signing link and bind the signature to you), an optional phone number if SMS verification is enabled by the Sender, your IP address, your user-agent string, the timestamps of every event in the signing flow, and your handwritten or typed signature image.
2.3 Document content
The PDF documents Senders upload — and any text, fields, or annotations Signers add — are stored encrypted at rest. We do not read document contents for any purpose other than serving them back to authorized parties, generating the AI document summary if the Sender enables it, and producing the cryptographic evidence package.
2.4 Cryptographic evidence artifacts
For every signed envelope we generate and retain: PAdES Part 4 (LTV) digital signature blocks embedded in the PDF, RFC 3161 trusted timestamps from independent timestamp authorities, a hash-chained audit trail of every signing event, a per-signer Personal Document Seal (TOTP-compatible verification code), and a downloadable Certificate of Completion summarizing the above.
3. AI document summaries
If a Sender enables the plain-English document summary feature, the document text is sent to our AI inference provider (currently Cloudflare Workers AI; subject to the sub-processor commitments in §6) for summarization. The summary is stored alongside the envelope. Document text is not retained by the inference provider beyond the request lifecycle and is never used to train models.
4. Verification analytics
When someone visits a public verification URL (or enters a Personal Document Seal code), we record the verification event in aggregate (count, country-level geography, day) so the original Sender can see verification activity. We do not record IP addresses or per-user identifiers for verification visits unless the visitor is an authenticated Sender or Signer for that envelope.
5. Cookies and tracking
Abundera Sign uses strictly necessary first-party cookies for authentication and CSRF protection. We do not use third-party tracking pixels, advertising cookies, or analytics SDKs that fingerprint visitors. The portal uses local storage to remember UI preferences (theme, language). No data leaves your browser unless you take an action that requires it.
6. Sub-processors we use
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Cloudflare | Hosting, edge compute, R2 object storage, D1 database | All Sender + Signer + document data (encrypted at rest) |
| Stripe | Subscription billing | Sender name, email, billing address, last-4 card digits |
| Resend / ZeptoMail | Transactional email (signing links, completion notifications) | Recipient email, envelope ID, signing URL |
| RFC 3161 Timestamp Authority | Independent trusted timestamps for signature LTV | Document hash only (no PII) |
| Cloudflare Workers AI | Plain-English document summaries (when Sender enables) | Document text (request-scoped, no retention, no training) |
The current canonical list lives at abundera.ai/legal/subprocessors with 30-day change notification. Custom Enterprise contracts can specify additional sub-processor restrictions.
7. How long we keep your data
- Sender account data: retained while your account is active; deleted within 30 days of account closure.
- Signed documents and evidence packages: retained for 7 years after envelope completion to support legal admissibility, dispute resolution, and IRS document-retention norms. Senders can extend retention via Enterprise contract or download-and-purge at any time before that window.
- Audit trail (hash chain + signing events): retained for 7 years alongside the signed document. Cannot be partially deleted without breaking cryptographic verification.
- Verification logs (aggregate): retained for 24 months in aggregated form.
- Backups: rolling 90-day encrypted backups for disaster recovery.
8. Legal basis for processing (GDPR / EEA Signers)
- Contract (Art. 6(1)(b)) — processing necessary to deliver the signed envelope you were asked to sign.
- Legal obligation (Art. 6(1)(c)) — retention of signed documents and audit trails to meet ESIGN/UETA evidentiary requirements.
- Legitimate interests (Art. 6(1)(f)) — fraud prevention, rate limiting, security event logging.
9. Your rights
Whether you're a Sender or a Signer, you can request: access to the personal data we hold about you, correction of inaccurate data, deletion (subject to the document-retention obligations in §7), data export in a machine-readable format, and a complaint to a supervisory authority.
For Signer-side requests we may need to involve the Sender (the data controller for the envelope you signed). Email dpo@abundera.ai with subject line "Data subject request" and we'll respond within 30 days.
10. "Do not sell or share my personal information"
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. California, Virginia, Colorado, Connecticut, and Utah residents may exercise opt-out rights (which on this service are essentially no-ops because we don't sell or share) by emailing dpo@abundera.ai.
11. Children
Abundera Sign is not intended for anyone under 18. We do not knowingly collect personal information from minors. If you believe a Signer was a minor, contact dpo@abundera.ai.
12. International transfers
Cloudflare's global edge network may store and serve data from any of its data center regions. EU Standard Contractual Clauses are in place with our sub-processors. EEA / UK Senders can request a Data Processing Addendum at abundera.ai/legal/dpa.
13. Security
TLS 1.2+ in transit, AES-256 at rest, signed PAdES PDFs verifiable offline without our servers, hash-chained audit trails detect tampering cryptographically, scoped API keys, optional passkey-only authentication for Senders, rate limits on every authenticated and public endpoint, automated dependency vulnerability scanning, and a published security.txt for vulnerability disclosure.
14. Breach notification
Where a personal data breach is likely to result in a risk to the rights and freedoms of natural persons we will notify the relevant supervisory authority within 72 hours of becoming aware, and notify affected individuals without undue delay where the risk is high.
15. Changes to this policy
Material changes are announced via email to all active Senders at least 30 days before they take effect. The "Last reviewed" date at the top of this page reflects the most recent material update.
16. Contact
Privacy questions: dpo@abundera.ai
Security disclosures: security.txt or security@abundera.ai
Legal: legal@abundera.ai
Abundera, Inc. · 200 W Sahara Ave Unit 3301 · Las Vegas NV 89102 · United States