Privacy Policy

Last updated: April 5, 2026

1. Introduction

Pact ("we," "our," or "us") operates the pactapp.io website and the Pact mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect:

  • Your name and email address
  • Password (stored securely using industry-standard hashing)
  • Organization or company name (if provided)

Documents and Contacts

When you use the Service, we store:

  • Documents you upload for signing
  • Signature data (drawn or typed signatures, initials)
  • Contact information you add to your address book
  • Signature request metadata (timestamps, status, signer details)

Payment Information

Payment processing is handled by Stripe (for web subscriptions) and Apple (for in-app purchases). We do not store credit card numbers or payment details on our servers. We retain only:

  • Subscription plan and status
  • Stripe customer ID or Apple subscription ID
  • Billing period dates

Automatically Collected Information

When you access the Service, we may automatically collect:

  • Device type, operating system, and browser information
  • IP address and approximate location
  • Pages visited and features used
  • Date and time of access

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process document signing and manage signature requests
  • Send transactional emails (signature requests, notifications, receipts)
  • Process payments and manage subscriptions
  • Respond to your inquiries and support requests
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • With signers: When you send a document for signature, the recipient will see your name, email, the document, and any message you include.
  • Service providers: We use third-party services to help operate our Service, including Heroku (hosting), Amazon S3 (file storage), Stripe (payments), Resend (email delivery), and Apple (in-app purchases). These providers only access your data as needed to perform their services.
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as a business asset.

5. Data Storage and Security

Your data is stored on servers in the United States. We implement appropriate technical and organizational security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure password hashing
  • Access controls and authentication requirements
  • Regular security reviews

While we strive to protect your information, no method of electronic storage or transmission is 100% secure.

6. Data Retention

We retain your account data for as long as your account is active. Documents and signature data are retained for the duration of your subscription. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct inaccurate or incomplete data.
  • Deletion: Request that we delete your personal data.
  • Export: Request your data in a portable format.
  • Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at [email protected].

8. Cookies

We use essential cookies to maintain your session and keep you signed in. We do not use third-party advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: