Privacy Policy.

Last updated: 3 June 2026

1. Who we are

SalesSign is provided by SalesSign Limited (company number 16612732), registered office 4a Fairway, Petts Wood, Orpington, England, BR5 1EG. We comply with the UK GDPR, the EU GDPR and the Data Protection Act 2018. Our Data Protection Officer is Alex Burrell, who can be reached at alexburrell@salessign.io. For any privacy query or to exercise your rights, contact admin@salessign.io.

2. Our two roles: controller and processor

We act in two distinct roles:

• As a controller for personal data whose purposes and means we determine — including website visitors, demo requests, prospect and marketing contacts, account and billing administration, and support enquiries.
• As a processor for the personal data contained in the proposals, documents, recipients and CRM records our customers process using SalesSign. In that role we act only on the documented instructions of the customer, who is the controller. Because that data remains in the customer’s own Salesforce org, the customer retains primary control of it at all times.

3. Data Processing Agreement

Where we act as a processor, our processing is governed by our Data Processing Agreement (DPA), which forms part of our customer agreement and includes the terms required by Article 28 of the UK and EU GDPR. In the event of conflict between this policy and the DPA in respect of customer personal data, the DPA prevails.

4. Information we collect

Information you provide (as controller)

• Account information: name, email address, company name, job title and phone number.
• Billing information: billing contact and payment details, processed securely by our payment provider, Stripe.
• Communications: messages you send us by email, support chat or other channels.

Information collected automatically

• Usage data: pages visited, features used and actions taken.
• Device data: IP address, browser type, operating system and device identifiers.
• Cookies: see section 11 and our Cookie Policy.

Information we process for customers (as processor)

When you use SalesSign, we process the documents, signer details and CRM records you choose to use with the Service, on your instructions and under the DPA. Signer data may include a signer’s name, email address, IP address and signature.

5. How we use information and our legal bases

As a controller we use personal data to provide, secure and improve the Service, manage accounts, process payments, send transactional messages, provide support, and — with consent — send marketing. Under the UK and EU GDPR we rely on: contract (to provide the Service); legitimate interests (to operate, secure and improve our platform and to communicate with customers); consent (for marketing and non-essential cookies); and legal obligation (to meet our legal and tax duties).

6. Sharing and sub-processors

We do not sell your personal data. We share data with a limited set of sub-processors who help us run the Service — for example cloud infrastructure, payment processing, email delivery, error monitoring and our support chatbot. Each is bound by contract to protect your data. A current list, with each party’s role and region, is published at salessign.io/legal/subprocessors and forms part of our DPA; we give customers advance notice of any new or replacement sub-processor and an opportunity to object, as set out in the DPA. We may also disclose data where required by law, and in connection with a merger, acquisition or sale (subject to this policy).

7. International data transfers

Our core application, database and document storage are hosted in the United Kingdom and European Union. Some of our sub-processors (including Stripe, OpenAI, Sentry and Google) are based in the United States. Where personal data is transferred outside the UK or EEA, we rely on a lawful transfer mechanism: an adequacy decision where one applies; the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses; and the EU Standard Contractual Clauses for EEA transfers, together with appropriate safeguards. Copies of the relevant safeguards are available on request from admin@salessign.io.

8. How long we keep data

As a controller, we retain personal data only as long as necessary:

As a processor, customer documents, signer details and CRM data remain in the customer’s own Salesforce org and are retained and deleted under the customer’s control and the DPA. On termination, we delete or return any customer personal data held in the SalesSign application in accordance with the DPA.

9. Your rights

Subject to the UK and EU GDPR, you have the right to access, correct, delete, restrict or object to our processing of your personal data, to data portability, and to withdraw consent at any time. To exercise any right, contact admin@salessign.io; we will respond within one month. You also have the right to complain to the UK Information Commissioner’s Office (ICO) or your local supervisory authority. Where the data forms part of a customer’s records (and we act as processor), we will refer your request to that customer.

10. Your California privacy rights (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how we use it, to access and delete it, to correct it, and to opt out of its “sale” or “sharing”. We do not sell personal information, and we do not share personal information for cross-context behavioural advertising, as those terms are defined under the CPRA. We collect identifiers, commercial information, internet activity and professional information for the business purposes described in this policy. When we process personal information on behalf of our customers, we act as a service provider and only for the limited purposes in our customer agreement. To exercise your rights, email admin@salessign.io; you may also use an authorised agent. We will not discriminate against you for exercising your rights. As a UK-based business we do not operate a toll-free line; please contact us by email.

11. Cookies

We use strictly necessary cookies to operate our website and, only with your consent, analytics cookies. Consent is managed by CookieYes, integrated with Google Consent Mode v2, so non-essential cookies load only after you opt in, and you can change your choice at any time via the Cookie settings link in our website footer. We do not run advertising cookies. Full details are in our Cookie Policy.

12. Automated decision-making

We do not make decisions producing legal or similarly significant effects about you based solely on automated processing, within the meaning of Article 22 of the UK and EU GDPR. SalesSign provides document tracking and analytics that report activity (for example, when a proposal is opened or signed) to our customers, but those features do not by themselves make significant decisions about individuals. Our in-app support chatbot answers questions from our own help content and routes you to a support case; it does not make significant decisions about you.

13. Security and breach notification

We maintain technical and organisational measures to protect personal data, described on our Security & Trust page. If a personal-data breach occurs that affects data we control and is likely to result in a risk to individuals, we will notify the ICO within 72 hours of becoming aware of it, and affected individuals without undue delay where the risk is high. Where we act as a processor, we will notify the affected customer without undue delay, as set out in the DPA. You are welcome to report a suspected security issue to admin@salessign.io, but doing so is not a condition of our obligations.

14. Children

The Service is intended for business use and is not directed at children. We do not knowingly collect personal data from anyone under 16.

15. Changes and contact

We may update this policy from time to time; where a change is material we will give reasonable notice and update the “last updated” date above. For any privacy question, to exercise your rights, or to contact our Data Protection Officer, email admin@salessign.io or write to SalesSign Limited, 4a Fairway, Petts Wood, Orpington, England, BR5 1EG.