Privacy policy.
Last revised 01 May 2026.
The atelier collects only what it needs to fulfil the ceremony — your email, your specimens, the timestamps of your signings.
What we collect
- Account credentials (email + hashed password)
- Documents you upload, for the duration of signing and retention
- Signing metadata: timestamp, IP, user-agent, location precision to city
- Correspondence you send to the atelier
What we do not collect
- We do not track you across the web
- We do not sell, rent, or share your data with advertisers
- We do not retain analytics cookies past the session
How long we keep it
Specimens are retained for ten years from the closure of the letter — the statutory retention period for archival records. After that they are cryptographically shredded.
Where data lives
Primary operations are conducted from Seattle, Washington. EU sub-processors are engaged for transactional email and timestamping where required by counterparties; those sub-processors are bound by standard data-processing agreements and are disclosed on request.
Data breach notification
In the event of a security incident affecting personal information of Washington residents, Puresign will notify affected individuals and the Washington State Attorney General in accordance with applicable Washington consumer protection and data breach notification laws. Notification will be issued without unreasonable delay and within the timeframes required by applicable law.
Your rights
You may request access, correction, deletion or portability of your personal data by writing to contact@puresign.net.
Contact
Data Protection contact: contact@puresign.net or 1-206-339-7120. Registered office: Puresign Inc., 500 Yale Ave N, Seattle, WA 98109, United States.