SignForge365
Open dashboard

Privacy Policy

Last updated: April 30, 2026

1. Who we are

SignForge365 is a service operated by Madcat ("we", "us"). This policy explains what data we collect when you use SignForge365 and how we handle it. Contact us at privacy@signforge365.com.

2. What we collect

  • Account data: name, work email, organization, and authentication identifiers from Microsoft 365.
  • Directory data: user display name, job title, phone, department, and UPN, synced from your Microsoft 365 tenant to render signatures.
  • Signature templates: HTML/CSS, images, and brand assets you upload.
  • Operational logs: request metadata, IP, timestamps, and error traces for debugging and abuse prevention.

We never read mail content. The Outlook add-in only injects signatures and does not call Microsoft Graph for message bodies.

3. How we use data

We use your data to provide and secure the service, render and deliver signatures, authenticate users, send transactional notifications, and improve reliability. We do not sell personal data and we do not use customer content to train AI models.

4. Where data is stored

Customer data is stored in EU data centers. Backups are encrypted at rest. OAuth tokens are encrypted with envelope encryption and never leave the server.

5. Sub-processors

We use a small number of vetted infrastructure providers (managed Postgres, object storage, edge hosting, email delivery). A current list is available on request.

6. Retention

We retain account and directory data for the life of your subscription plus 30 days, after which it is deleted or anonymized. Operational logs are kept for up to 90 days.

7. Your rights (GDPR)

You have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. Email privacy@signforge365.com and we will respond within 30 days.

8. Security

All traffic is TLS 1.2+. Database access is row-level isolated per tenant. We follow least-privilege access controls and review logs for anomalies.

9. Changes

We may update this policy. Material changes will be announced in-product or by email at least 14 days before they take effect.

← Back to home