Privacy Policy

1. Controller

Signoti is operated by Yahya El Bahhaoui, based in Pamplona, Navarra, Spain. Contact: contacto@signoti.com.

Because the operator is established in Spain, this policy is written with the EU General Data Protection Regulation (GDPR) and Spanish data protection law as the primary framework, while also explaining the service clearly for users in the United States, United Kingdom, Canada, and Australia.

2. Data we process

Account data: email address, name, profile image, authentication identifiers, and account security events processed through Clerk.

Payment data: subscription, one-off purchase, and billing information processed by Stripe. Signoti does not store full card numbers.

Document data: uploaded PDFs or DOCX files, extracted text, metadata, selected jurisdiction, selected state when applicable, and AI-generated analysis results.

Usage data: technical logs and consent-based analytics used to operate, secure, and improve the service.

3. AI processing

Documents are sent to AI infrastructure only to generate the requested analysis. We do not sell your documents or use them for advertising.

Uploaded documents are automatically deleted from our servers immediately after analysis. We only retain the extracted text and analysis results, never the original file.

AI providers may process submitted content under their business API terms and technical retention policies. Signoti uses these providers to deliver the service, detect abuse, and maintain reliability.

4. Behavioral analytics

With your consent, we use Google Tag Manager, Google Analytics, Vercel Analytics, and Microsoft Clarity to understand traffic sources, page views, product events, feature usage, and session behavior.

Google Analytics may set first-party cookies such as _ga and _ga_<container-id> to distinguish users and persist session state. We configure Google Analytics with advertising storage denied, Google signals disabled, and ad personalization disabled.

Microsoft Clarity captures interactions such as clicks, scrolls, page rendering data, and session activity for heatmaps and session replay. Session recordings are anonymized or pseudonymized and sensitive content is masked by Microsoft by default.

For more information about how Microsoft collects and uses data, visit the Microsoft Privacy Statement: https://privacy.microsoft.com/privacystatement.

5. Legal bases and retention

For EU users, the main legal bases are performance of contract, legitimate interest in securing and improving the service, and legal obligation for billing records.

Account data is retained while the account remains active. Analyses remain available until you delete them or delete your account. Billing records may be retained for legally required periods.

6. International transfers

Some providers, including Clerk, Stripe, hosting, analytics, and AI infrastructure, may process data outside the European Economic Area, including in the United States.

Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.

7. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, or export your personal data.

You can request assistance at contacto@signoti.com. EU users may also contact the Spanish Data Protection Agency (AEPD) at www.aepd.es. UK users may contact the Information Commissioner's Office (ICO) at ico.org.uk. Australian users may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

8. Security

We use HTTPS, access controls, managed authentication, encrypted infrastructure, and operational safeguards. No online service can guarantee absolute security.