Privacy Policy

Last updated 2026-07-12

This policy explains what CompanySignatures collects, why, and for how long. The short version: we collect what a signature needs (names, titles, contact details, a brand kit), we never track anyone who receives a signed email, and we delete data when a workspace is deleted.

CompanySignatures is matching email signatures for a whole company: an admin locks a brand template, teammates fill in their own details through a personal link, and installs are verified by checking inbound email. That verification step is the one place this policy goes into extra detail, because it is easy to confuse with recipient tracking. It is not the same thing, and section 3 below explains exactly why.

1. What we collect

We collect only what a signature and a workspace need to function.

  • Account and workspace data: the email address used to sign in, workspace name, and billing status. We do not collect a password, sign-in uses a one-time magic link.
  • Brand kit: company name, logo, brand colors, address, social links, and template choices, entered by the workspace admin.
  • Member data: each teammate's name, job title, department, and whichever contact fields they choose to fill in on their personal link (phone, mobile, calendar link, disclaimer, and similar). Fields the admin marks as locked are set by the admin instead.
  • Uploaded images: logos, headshots, and banner images uploaded by an admin or a member, stored so signatures keep rendering correctly.
  • Free generator data: if you use the generator without an account, the brand and field details you type in are used only to render your preview and are not tied to an identity beyond an optional email address if you use the Email it to me feature.

2. No recipient tracking of any kind

We do not track the people who receive a signed email. There are no tracking pixels embedded in any signature, no click-redirects on any link in a signature (every link, website, calendar, social, goes straight to its real destination), and no analytics of any kind attached to signature links or the emails that carry them. We have no visibility into who opened an email, who clicked a link in a signature, or who a signature was sent to. This is a product decision, not a technical limitation: it would be straightforward to add that tracking, and we have deliberately built the product to never do it.

3. The verification token in image URLs

Signature images (logos, headshots, banners) are served from our asset host with a short token in the URL, for example a query string carrying a member identifier and a version number. This token exists for exactly one purpose: install verification.

Here is how it works. Each workspace has a check address (something like check@companysignatures.com). Verification happens only when a teammate chooses to send a test email to that address; we never see, scan, or receive any other email. When that test email arrives, we look at the image URLs referenced in its HTML. If the URL's token matches a known member and the current signature version, we mark that teammate's signature as installed on the admin dashboard. If a different or outdated token shows up, we mark it as needs attention.

The token identifies a signature version, not a person's activity. It is never logged against a recipient, never used to build an analytics profile, and never shared with or sold to any third party for advertising or tracking purposes. It does the same job a version number in a filename would do: it tells us which signature is which, nothing more.

4. How brand enrichment works

When you enter a work email or company domain in the generator, we look up publicly available information about that company (things like the logo, brand colors, and company name that a company itself makes publicly visible on its own website or public brand assets) to pre-fill your signature. We do not access any private data, any internal system, or any account belonging to that company to do this. If we cannot confidently identify a public brand match, or the domain belongs to a free consumer email provider, you fill in the details yourself.

5. Data retention and deletion

  • Active workspaces: data is retained for as long as the workspace exists and the account is in good standing.
  • Workspace deletion: when a workspace is deleted, its brand kit, member data, and uploaded images are deleted from our systems, subject to a short operational grace period for backups.
  • Cancellation (not deletion): if a subscription is cancelled but the workspace is not deleted, the workspace becomes read-only. Hosted signature images keep serving for 90 days after cancellation so already-installed signatures do not suddenly break. Archived image versions (prior logo or banner uploads) are retained for 12 months after cancellation and then permanently deleted.
  • Free generator sessions: signature data entered without an account is not persisted server-side beyond what is needed to render the preview and, if used, deliver an Email it to me message.

6. Cookies and analytics

The authenticated workspace app uses a single session cookie to keep you signed in. It is not used for tracking or advertising.

On our marketing pages, we may use privacy-focused, cookieless analytics to understand aggregate traffic (which pages get visited, in general terms), never anything that identifies an individual visitor. This is separate from, and never applied to, signature links or the emails that contain them, which are covered by section 2 above.

7. Subprocessors and third parties

We use a small number of infrastructure providers to run the service. Each is contractually bound to use data only to provide their service to us, not for their own purposes.

  • Cloudflare: hosting, storage, and content delivery for the app and signature images.
  • Postmark: delivery of transactional email (magic links, invites, verification notices, inbound signature checks).
  • Paddle: billing and payment processing; Paddle is our merchant of record and handles card details directly, we never see or store full card numbers.
  • Anthropic: used for brand enrichment matching (turning a domain into a company name, logo, and colors) from publicly available data.

8. Your rights

You can access, correct, export, or delete your data at any time. Workspace admins can edit or remove member data directly from the dashboard, and members can update their own details through their personal link. For anything else, including a full workspace deletion request, contact us at support@companysignatures.com.

9. Changes to this policy

If this policy changes in a material way, we will update the date at the top of this page and, for active customers, note the change in the product or by email.

For any queries, reach us at support@companysignatures.com