Privacy Policy

1. Introduction

SigChanger (“we”, “us”, or “our”) provides an email-signature automation platform for Google Workspace. This Privacy Policy explains how we collect, use, disclose, and safeguard the information you provide when you create an account, configure your workspace, or otherwise interact with our services.

By using SigChanger, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the service.

2. Information We Collect

We collect only the information required to provide and improve the service. This includes:

  • Account details: company name, registered domain, administrator First and Last name, Email ID, and Password (stored as a bcrypt hash).
  • Billing details: plan selection, payment method metadata, and invoice history provided by Stripe or Razorpay. We never see or store your full card number.
  • Workspace data: end-user attributes (First Name, Last Name, Email ID, Job Title, Department, Contact Number) synced from your Google Workspace solely for the purpose of rendering and deploying signatures.
  • Usage data: log-in timestamps, feature usage, IP address, browser and device identifiers — used for security monitoring and product analytics.
  • Support data: information you provide when contacting support, including screenshots, attachments, and ticket messages.

3. Google Workspace Credentials

Each company connects its own Google Cloud service account. The private key is encrypted with AES-256-CBC before being written to storage and is decrypted in memory only when required to call the Gmail or Directory API.

Neither SigChanger staff nor the platform owner has direct access to decrypted credentials. You may revoke access at any time by disconnecting Google Workspace or rotating the service-account key in Google Cloud.

4. How We Use Your Information

We use your information strictly to operate, secure, and improve SigChanger. Specifically we use it to:

  • Provision and authenticate accounts, including administrator sign-in and session management.
  • Sync users from Google Workspace and deploy signatures to Gmail via the Gmail API.
  • Process payments and manage subscriptions through our payment partners.
  • Send transactional emails (welcome, billing, security alerts, ticket notifications).
  • Detect, investigate, and prevent fraud, abuse, and unauthorized access.
  • Understand aggregate product usage to inform engineering and roadmap decisions.

We do not sell, rent, or trade your personal data, and we do not use your data for third-party advertising.

5. Data Storage & Security

All data is stored in encrypted databases hosted in secure, access-controlled environments. We apply defence-in-depth security practices, including:

  • HTTPS/TLS encryption in transit and AES-256-CBC encryption at rest for sensitive fields.
  • Short-lived JWT access tokens paired with rotating refresh tokens.
  • Role-based access controls (Super Admin, Company Admin, Employee) enforced at the API layer.
  • Rate limiting, request validation, and audit logging on every sensitive endpoint.
  • Strict multi-tenant isolation so no company can access another company’s data.
  • Regular dependency updates, security patches, and access reviews.

6. Data Retention

Your data is retained for as long as your account remains active. When you disconnect Google Workspace, the associated service-account credentials are deleted immediately.

If you close your account, all company and user data is permanently removed from production systems within thirty (30) days, except where we are required to retain limited records (for example, invoices) to comply with tax or legal obligations.

7. Third-Party Services

SigChanger relies on a small number of trusted sub-processors to deliver the service:

  • Google Workspace APIs — for user directory sync and Gmail signature deployment.
  • Stripe — card, Google Pay, and Apple Pay processing for USD billing.
  • Razorpay — UPI, net banking, card, and wallet processing for INR billing.
  • Amazon Web Services (S3 and related) — secure storage of uploaded images, logos, and assets.
  • Brevo (SMTP) — delivery of transactional and notification emails.

8. Cookies & Local Storage

We use essential cookies and browser local storage to keep you signed in, remember your preferences, and secure your session. We do not use third-party advertising or cross-site tracking cookies.

9. Your Rights

Depending on where you live, you may have rights to access, correct, export, or delete the personal data we hold about you. You can exercise these rights by signing into your account or by reaching out through our Contact Us page. We respond to verified requests within thirty (30) days.

10. International Transfers

SigChanger may process data in regions other than where you are located. Where applicable, we use appropriate safeguards — such as standard contractual clauses — to protect cross-border transfers.

11. Children’s Privacy

SigChanger is a business-to-business product not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect new features, legal requirements, or operational changes. Material changes will be communicated to account administrators via email. Continued use of SigChanger after the effective date constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your data, reach out to our team through the Contact Us page. We’ll get back to you within one business day.