LexxSign, Inc. ("Company," "we," "us," or "our") operates the LexxSign platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service. Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our Service.
1. Information We Collect
1.1 Information You Provide Directly
Account Registration: When you create a LexxSign account, we collect your name, email address, password, company name, phone number, and billing information. We also collect your profile picture and company logo if you choose to upload them.
Documents and Signatures: When you upload documents to LexxSign for signing, we collect and store the full content of those documents, including any personally identifiable information (PII) contained within them. This includes names, addresses, phone numbers, Social Security numbers, tax identification numbers, and other sensitive data that signers provide.
Signature Data: We collect and store digital signatures, initials, dates, and signature timestamps. We also collect the IP address, device information, and geolocation data of signers at the time of signature.
Communication: When you contact our support team, we collect your message content, email address, and any attachments you provide. We also collect information from customer surveys, feedback forms, and support tickets.
1.2 Information Collected Automatically
Usage Data: We automatically collect information about your interactions with the Service, including the documents you upload, the templates you use, the number of signers, completion rates, and time spent on the platform.
Device Information: We collect information about your device, including device type, operating system, browser type, IP address, and unique device identifiers.
Cookies and Tracking: We use cookies, web beacons, and similar tracking technologies to enhance your experience, remember your preferences, and analyze platform usage. This includes both session-based and persistent cookies.
2. How We Use Your Information
We use the information we collect for the following purposes:
Service Delivery: To provide, maintain, and improve the LexxSign Service; to process your documents and signatures; to send you service-related announcements; and to respond to your inquiries.
Legal Compliance: To comply with applicable laws, regulations, and legal processes; to verify the authenticity of signatures; to maintain audit trails; and to provide evidence of signature validity in legal proceedings.
Security and Fraud Prevention: To detect, prevent, and address fraud, abuse, and security incidents; to protect against malicious, deceptive, or illegal activity; and to enforce our Terms of Service.
Marketing and Communications: To send you promotional emails, product updates, and newsletters (with your consent); to conduct surveys and gather feedback; and to communicate about changes to our Service.
Analytics and Improvement: To analyze usage patterns, improve platform functionality, conduct research, and develop new features and services.
3. Data Storage and Security
Encryption: All data transmitted to and from LexxSign is encrypted using TLS 1.3 (in-transit encryption). All documents and personal information stored on our servers are encrypted using AES-256 encryption (at-rest encryption).
Data Centers: Your data is stored in secure, geographically distributed data centers operated by Amazon Web Services (AWS) with multiple redundancy and backup systems. We maintain data centers in the United States, European Union, and Asia-Pacific regions to comply with data residency requirements.
Access Controls: Access to your data is restricted to authorized LexxSign employees and contractors who need access to perform their job functions. All access is logged and monitored. We implement role-based access controls (RBAC) and principle of least privilege.
Security Audits: We conduct regular security audits, penetration testing, and vulnerability assessments. We are pursuing SOC 2 Type II certification and ISO 27001 certification to demonstrate our commitment to security and compliance.
Incident Response: In the event of a data breach or security incident, we will notify affected users within 72 hours as required by law, provide details about the incident, and offer credit monitoring services where applicable.
4. Third-Party Sharing
Service Providers: We share your information with third-party service providers who assist us in operating our website, conducting our business, and serving you. These include payment processors (Stripe), cloud infrastructure providers (AWS), email service providers, and analytics platforms. All service providers are contractually obligated to maintain the confidentiality and security of your information.
Legal Requirements: We may disclose your information if required by law, court order, subpoena, or government request. We will provide you with notice of such requests unless legally prohibited from doing so.
Business Transfers: If LexxSign is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.
No Sale of Personal Information: We do not sell, rent, or lease your personal information to third parties for their marketing purposes. We do not share your information with unaffiliated third parties for their direct marketing purposes without your explicit consent.
5. Cookies and Tracking Technologies
Types of Cookies: We use essential cookies (required for platform functionality), performance cookies (to analyze usage), and marketing cookies (to deliver targeted advertising). You can control cookie preferences through your browser settings.
Cookie Consent: We obtain your consent for non-essential cookies through our cookie consent banner. You can withdraw consent at any time by updating your cookie preferences.
Third-Party Tracking: We use Google Analytics to track website usage. Google may use cookies to track your activity across websites. You can opt out of Google Analytics tracking using the Google Analytics Opt-out Browser Add-on.
6. Your Rights
GDPR Rights (EU Residents): If you are a resident of the European Union, you have the following rights under the General Data Protection Regulation (GDPR):
• Right to Access: You can request a copy of your personal data that we hold.
• Right to Rectification: You can request that we correct inaccurate or incomplete data.
• Right to Erasure: You can request deletion of your data (subject to legal retention requirements).
• Right to Restrict Processing: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a portable format.
• Right to Object: You can object to processing of your data for marketing purposes.
• Right to Lodge a Complaint: You can file a complaint with your local data protection authority.
CCPA Rights (California Residents): If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA):
• Right to Know: You can request what personal information we collect, use, and share.
• Right to Delete: You can request deletion of your personal information.
• Right to Opt-Out: You can opt out of the sale or sharing of your personal information.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Limit Use: You can limit our use of sensitive personal information.
To exercise any of these rights, please contact us at privacy@lexxsign.com with your request. We will respond within 30 days (or as required by law).
7. Data Retention
Active Accounts: We retain your account information and documents while your account is active and for 7 years after account termination to comply with legal and regulatory requirements for e-signature records.
Deleted Accounts: Upon request, we will delete your account and associated data, except where we are required to retain information for legal, tax, or regulatory purposes. Deleted data is securely destroyed using cryptographic erasure.
Backup Data: We maintain backup copies of data for disaster recovery purposes. Backup data is retained for up to 90 days and then securely destroyed.
8. Children's Privacy
LexxSign is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected information from a child under 13, we will take steps to delete such information and terminate the child's account. Parents or guardians who believe their child has provided information to LexxSign should contact us immediately at privacy@lexxsign.com.
9. International Data Transfers
Your information may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws that differ from your home country. By using LexxSign, you consent to the transfer of your information to countries outside your country of residence, including the United States. We implement appropriate safeguards, including Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), to protect your information during international transfers.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website and updating the "Last updated" date at the top of this page. Your continued use of LexxSign following the posting of revised Privacy Policy means that you accept and agree to the changes.
11. Contact Us
If you have questions about this Privacy Policy, our privacy practices, or your personal information, please contact us at:
LexxSign, Inc.
Privacy Team
Email: privacy@lexxsign.com
Website: https://lexxsign.com
Address: 123 Legal Tech Boulevard, San Francisco, CA 94105, USA
Phone: +1 (415) 555-0123
For GDPR-related inquiries, you may also contact our Data Protection Officer at dpo@lexxsign.com. For CCPA-related inquiries, you may submit a request through our California Privacy Rights Portal.