California Privacy Rights (CCPA/CPRA)
This notice describes SalesSign’s CCPA compliance and the rights of California residents under guidance from the California Attorney General. This notice explains how SalesSign collects, uses and discloses the personal information of California residents, and the rights you have under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).
Last updated: 3 June 2026
1. Scope of this CCPA notice
This California Privacy Notice supplements our main Privacy Policy and applies only to residents of California (“you”). It describes how SalesSign — operated by SalesSign Limited (company number 16612732), registered office 4a Fairway, Petts Wood, Orpington, England, BR5 1EG (“SalesSign”, “we”, “us”) — handles personal information that is subject to the CCPA/CPRA. Where this notice conflicts with our general Privacy Policy on a point of California law, this notice governs for California residents.
SalesSign is a Salesforce-native proposal and eSignature platform. When you are a user of a customer’s SalesSign account, the proposals, signed documents and CRM data you work with are processed within that customer’s own systems. In that context the customer — not SalesSign — generally determines how your personal information is used, and you should direct your requests to them. This notice principally addresses personal information for which SalesSign itself decides the purposes and means of processing, such as information about prospects, website visitors, and the administrators and billing contacts of our customers.
2. Your roles and our roles
Under the CCPA/CPRA, an organisation may act as a “business”, a “service provider”, or a “contractor”, depending on the data:
- As a business. For personal information we collect through our marketing website, our sales and onboarding processes, billing, and support, SalesSign is the “business” and this notice applies in full.
- As a service provider / contractor. For personal information contained inside the proposals, signed documents and records that our customers process using SalesSign, we act as a service provider or contractor on the customer’s behalf, under written terms that restrict our use of that information to providing the service. We do not sell or share that information, and we process it only on the customer’s documented instructions. See our Data Processing Addendum.
3. Categories of personal information we collect
In the preceding 12 months, SalesSign has collected the following categories of personal information (using the categories defined in the CCPA/CPRA). Whether a given category applies to you depends on how you interact with us.
| Category (CCPA/CPRA) | Examples | Source | Business / commercial purpose |
|---|---|---|---|
| Identifiers | Name, email address, postal address, phone number, account/user ID, IP address, device or online identifiers | You; your employer; automatically via our website | Provide and administer the service; respond to enquiries; account management; security |
| Customer records information (Cal. Civ. Code §1798.80) | Billing contact details, payment-related information, signatory details | You; your employer; our payment processor | Billing, invoicing and contract administration |
| Commercial information | Products or services purchased or considered, subscription tier, usage history | You; automatically through your use of the service | Account management; improving and supporting the service |
| Internet or network activity | Pages viewed, referring/exit pages, interactions with our website, approximate location derived from IP | Automatically via cookies and similar technologies | Analytics; measuring marketing performance; site functionality |
| Geolocation data | Approximate location inferred from IP address (not precise geolocation) | Automatically via our website | Analytics; security; fraud prevention |
| Professional or employment information | Job title, employer name, role at a customer organisation | You; your employer; publicly available business sources | Sales, onboarding and relationship management |
| Electronic / audio & visual information | Records of support correspondence; recordings of demo or onboarding calls where notified | You | Support; training and quality; record-keeping |
| Inferences | Inferences drawn from the above to characterise interests or preferences (e.g. likelihood of interest in a feature) | Derived by us from the categories above | Marketing; product and service improvement |
4. How long we keep personal information
We retain each category of personal information for as long as needed to fulfil the purposes set out above, to comply with our legal, tax and accounting obligations, and to resolve disputes and enforce agreements. Where we act as a service provider for a customer, retention of the information in that customer’s account is governed by our agreement with the customer. We do not retain personal information longer than reasonably necessary for the disclosed purpose.
5. “Selling” and “sharing” of personal information
SalesSign does not sell personal information for money. However, the CCPA/CPRA defines “sale” and “sharing” broadly. The use of certain advertising and analytics cookies and similar technologies — for example, tags that allow third parties such as analytics or advertising providers to receive online identifiers and activity data — may be treated as a “sale” or as “sharing for cross-context behavioural advertising” under California law, even where no money changes hands.
The categories of personal information that may be “shared” in this sense are limited to identifiers and internet or network activity collected through these technologies on our website. The categories of recipients are our analytics and advertising providers. We do not share the contents of customer documents, proposals or CRM data, and we do not “share” any personal information processed in our capacity as a service provider.
6. Disclosures for a business purpose
In the preceding 12 months we may have disclosed the categories of personal information described in section 3 to the following categories of recipients for a business purpose, under written contracts that restrict their use of the information:
- Service providers that host or support our marketing website and our application;
- Payment and billing providers;
- Analytics and customer-support providers;
- Professional advisers (legal, accounting, audit) where reasonably required;
- Authorities or other parties where required by law or to protect rights and safety.
A current list of the sub-processors we use to provide the service is maintained on our Sub-processors page.
7. Your California privacy rights
If you are a California resident, you have the following rights, subject to verification and the exceptions permitted by law:
- Right to know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting, selling or sharing it, and the categories of third parties to whom we disclosed it.
- Right to delete. You may request that we delete personal information we collected from you, subject to exceptions (for example, where we must keep it to complete a transaction, comply with a legal obligation, or for internal uses reasonably aligned with your expectations).
- Right to correct. You may request that we correct inaccurate personal information we hold about you, taking into account the nature of the information and the purposes of processing.
- Right to opt out of sale or sharing. You may direct us not to “sell” or “share” your personal information (see section 8).
- Right to limit use of sensitive personal information. Where applicable, you may direct us to limit the use of any sensitive personal information to what is necessary to provide the service. As noted in section 3, we do not use sensitive personal information beyond the permitted purposes, so no separate “limit” mechanism is generally required — but you may still make a request.
- Right to non-discrimination. We will not discriminate against you for exercising any of these rights (see section 9).
How to submit a request
You can submit a verifiable consumer request by:
- Emailing us at admin@salessign.io; or
- Using the form on our Contact page, marking your message “California privacy request”; or
- Calling our toll-free request line at not applicable; as a UK-based business we handle requests by email at admin@salessign.io.
To protect your information, we will need to verify your identity before acting on a request to know, delete or correct. We may ask you to confirm data points we already hold. We will not fulfil a request if we cannot verify that you are the person about whom we hold the information. You may make a verifiable request to know twice in a 12-month period at no charge. We aim to respond within the timeframes required by law (generally confirming receipt within 10 business days and responding within 45 calendar days, extendable to 90 days where reasonably necessary, with notice).
8. “Do Not Sell or Share My Personal Information”
To exercise your right to opt out of the “sale” or “sharing” of your personal information through the analytics and advertising technologies on our website, use the link below. It opens our consent tool, where you can withdraw consent for the relevant cookie categories.
Do Not Sell or Share My Personal Information
Global Privacy Control (GPC)
We honour the Global Privacy Control. If you visit our website with a browser or extension that transmits a GPC signal, we treat that signal as a valid request to opt out of the sale and sharing of personal information associated with that browser, for that device. Because a GPC signal is tied to a browser rather than to an identified individual, it applies to the device and browser from which it is sent. Where you also have an account with us, you may make a broader opt-out request using the methods in section 7.
9. Authorised agents
You may use an authorised agent to submit a request on your behalf. If you do, we will require:
- written permission signed by you authorising the agent to act for you (or a valid power of attorney); and
- verification of the agent’s identity; and
- direct verification of your own identity with us, unless a valid power of attorney is provided.
We may deny a request from an agent who does not submit proof of authorisation.
10. Non-discrimination
We will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you goods or services, charge you a different price, provide a different level or quality of service, or suggest that you will receive any of these, because you exercised your rights. We do not offer financial incentives in exchange for the retention or sale of personal information.
11. Notice of right to opt out for minors
We do not knowingly sell or share the personal information of consumers under 16 years of age. SalesSign is a business-to-business service that is not directed at children, and we do not knowingly collect personal information from minors.
12. Changes to this notice
We may update this California Privacy Notice from time to time. When we do, we will revise the “Last updated” date above and, where appropriate, provide additional notice. We review this notice at least every 12 months as required by the CCPA/CPRA.
13. Contact us
If you have questions about this notice or how we handle the personal information of California residents, contact our privacy team at admin@salessign.io, via our Contact page, or by post at 4a Fairway, Petts Wood, Orpington, England, BR5 1EG. The data controller responsible for this notice is SalesSign Limited (company number 16612732).
How SalesSign keeps data in the right hands.
Your data, your org
Proposals, signed documents and CRM records are processed within our customers’ own systems. We act as a service provider, not the owner of that data.
Clear rights, real process
Rights to know, delete, correct and limit — with a verifiable request process and defined response times rather than vague promises.
GPC honoured
We respect the Global Privacy Control browser signal and provide a clear “Do Not Sell or Share” opt-out wired to our consent tool.
Frequently asked questions.
Does SalesSign sell my personal information?
We do not sell personal information for money. However, some analytics and advertising cookies on our website may count as a “sale” or “sharing” under California law even without payment. You can opt out using the “Do Not Sell or Share My Personal Information” control in section 8, or by sending a Global Privacy Control signal from your browser.
Who controls the data inside my company’s proposals and signed documents?
Your company does. For information inside customer documents and CRM records, SalesSign acts as a service provider on your company’s instructions. If you are an individual whose data appears in those records, please direct your request to the relevant SalesSign customer. See our Data Processing Addendum.
How do I make a request to know, delete or correct my data?
Submit a verifiable request using the email, contact form or request line listed in section 7. We will verify your identity before acting, respond within the timeframes set by the CCPA/CPRA, and will not discriminate against you for exercising your rights.
Can someone submit a request on my behalf?
Yes. An authorised agent may act for you if they provide written permission you have signed (or a valid power of attorney) and verify their identity. In most cases we will also verify your identity directly. See section 9.
Questions about this policy?
If anything here is unclear, or you want to exercise a California privacy right, our team is glad to help. You can also explore our wider Trust Centre and Legal Centre resources.