This policy explains what personal information GetSigned collects, how we use and protect it, and the choices you have.
Last updated: June 2026
Not legal advice. This document is provided for general information and is a working draft pending professional legal review. It is not legal advice and does not create a lawyer–client relationship. Consult a qualified lawyer before relying on it for your specific situation.
GetSigned provides e-signature software and an API for legally binding document signing. We act as a service provider to the businesses and individuals who use GetSigned (“customers”), and we process the personal information of their signers on their behalf. We are a Canadian service and handle personal information in accordance with PIPEDA.
We collect information in three ways:
We use personal information to deliver the signing service, to verify signer identity (email/SMS one-time passcodes), to build and preserve the legally defensible audit trail, to communicate about your account, to process payments, to keep the service secure, and to meet legal obligations. We do not sell personal information.
Sealed documents are retained per a configurable retention policy and then purged from storage, while the hash-chained audit record is preserved so the executed signing remains verifiable. Account data is retained while your account is active and for a reasonable period afterward as required for legal, tax, and audit purposes. See data residency for where data is stored.
We share personal information only with the subprocessors needed to run the service, when required by law, or in connection with a corporate transaction (with notice). Each subprocessor is engaged for a specific purpose and expected to protect the data it handles. The current list is on our subprocessors page.
Subject to legal limits, you may request access to the personal information we hold about you, ask us to correct it, and ask about how it is used and shared. Some records — notably the immutable audit trail of a completed signing — must be preserved for legal-evidence reasons and cannot be altered. To make a request, email contact@getsigned.ca.
We protect personal information with encryption in transit and at rest, short-lived tokenized signing links, identity verification, an append-only hash-chained audit log enforced at the database grant level, and multi-tenant isolation. No system is perfectly secure, but integrity of signed documents is cryptographically verifiable. See the security page.
Signed documents and signer data are stored in Canada. Certain subprocessors may process limited technical data outside Canada (for example in the United States). GetSigned is not designed to serve EU residents or to meet GDPR, and cannot accommodate strict data-localization regimes beyond Canada and the US.
The service is not directed to children and is not intended for use by anyone under the age of majority in their province or territory.
We may update this policy and will revise the date above when we do. Questions or requests: contact@getsigned.ca. See also our Terms and Acceptable Use Policy.