Book a demo
Get Started
Book a demo
Get Started

Privacy Policy

Last modified: May 15, 2026

1. Introduction

Verdocs, Inc., a Delaware Corporation (the “Company” or “We” or “Our” or “Us“) respects your privacy and is committed to protecting it through Our compliance with this Privacy Policy.

This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit the website verdocs.com (Our “Website”) or use Our eSignature platform, API, embedded components, or other products and services (collectively, the “Platform”), and Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy applies to the information we collect:

  • On Our Website and Platform.
  • In email, text, and other electronic messages between you and Us.
  • When you interact with Our embedded components or API-based services within third-party applications.
  • When you interact with document signing workflows delivered via Our Platform on behalf of Our clients.

It does not apply to information collected by Us offline or through any other means, including on any other website operated by the Company.

Customers who have entered into a Verdocs Subscription Agreement, Order Form, or other written commercial agreement with Verdocs should note that such agreement and any applicable addenda (including any Data Processing Agreement, HIPAA Addendum, or Service Level Addendum) take precedence over this Privacy Policy to the extent of any conflict, in accordance with the order of precedence set forth in that agreement.

Please read this Privacy Policy carefully to understand Our policies and practices regarding your information and how we will treat it. If you do not agree with Our policies and practices, your choice is not to use Our Website or Platform. By accessing or using Our Website or Platform, you agree to this Privacy Policy. This Privacy Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of Our Website or Platform after we make changes is deemed to be acceptance of those changes, so please check the Privacy Policy periodically for updates.

We may provide communications, notices, disclosures, policy updates, and other information relating to Our services electronically, including by email, in-product notification, or dashboard posting. You agree that such electronic communications satisfy any legal requirement that such communications be in writing, to the extent permitted by law.

2. Our Role: Data Controller and Data Processor

Data Controller. When We collect and use information about visitors to Our Website, individuals who create Verdocs accounts, and users who interact directly with Our products and services, We act as a data controller. In this role, We determine the purposes and means of processing your Personal Information, and this Privacy Policy governs that processing.

Data Processor. When Our clients (businesses and developers who use Our API, SDKs, or embedded components) deploy Our Platform to send documents for signing to their own end users, We act as a data processor on behalf of those clients. In this role, We process Personal Information — including the names, email addresses, IP addresses, and document content of signers — solely under Our client’s instructions and in accordance with Our Data Processing Agreement (DPA).

Customer Data ownership: as between Verdocs and its customers, customers retain all right, title, and interest in and to their Customer Data. Verdocs processes Customer Data solely as necessary to provide, maintain, support, secure, and improve the Services and as otherwise set forth in the applicable customer agreement. This principle applies regardless of whether Verdocs is acting as a data controller or data processor in a given context.

Subprocessors: Verdocs uses third-party subprocessors (such as cloud infrastructure, analytics, and consent management providers) to help deliver the Services. Verdocs maintains appropriate contractual data protection obligations with its subprocessors. Customers operating under a Verdocs Subscription Agreement may request information about subprocessors by contacting hello@verdocs.com. Verdocs will provide reasonable advance notice of material subprocessor changes to affected customers.

If you are an end user who received a document for signing through a third-party application powered by Verdocs and have questions about how your Personal Information is handled, please contact the organization that sent you the document. That organization is the data controller responsible for your information. You may also contact Us at hello@verdocs.com and We will direct your inquiry appropriately.

Enterprise clients requiring a Data Processing Agreement (DPA) for GDPR compliance or other regulatory purposes may request one by contacting hello@verdocs.com.

3. Children Under the Age of 16

Our Website is not intended for children under 16 years of age. No one under the age of 16 may provide any Personal Information to, or on, Our Website. We do not knowingly collect Personal Information from children under 16. If you are under 16, do not provide any information about yourself to Us, including your name, address, telephone number, email address, or any screen name or username you may use. If we learn we have collected or received Personal Information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact Us at hello@verdocs.com.

California residents under 16 years of age may have additional rights regarding the collection and sale of their Personal Information. See Section 9 (U.S. State Privacy Rights) for details.

4. Information We Collect About You and How We Collect It

We collect several types of information from and about users of Our Website and Platform, including:

  • Information by which you may be personally identified, such as first name, last name, email address, phone number, address, password, company name, country, state, ZIP/Postal Code, city, User ID, and billing address (collectively “Personal Information”);
  • For document signers: name, email address, IP address at the time of signing, device information, signature image, signing timestamp, and audit trail data necessary to create a legally valid electronic signature record;
  • Usage data, cookies, and similar tracking data as described in Section 6 (Cookie and Consent Management).

We collect this information:

  • Directly from you when you provide it to Us.
  • Automatically as you navigate through Our Website or use Our Platform, including through cookies and other tracking technologies.
  • From third parties, such as identity verification services or Our clients (when they provide signer information to initiate a signing workflow).

Information You Provide to Us

The information we collect on or through Our Website or Platform may include:

  • Information that you provide by filling in forms on Our Website, including at registration, subscription, or when requesting services or support.
  • Records and copies of your correspondence (including email addresses), if you contact Us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Details of transactions you carry out through Our Website or Platform.
  • Your search queries on Our Website.
  • Electronic signature data, including your typed, drawn, or adopted signature, and any fields you complete in a document signing workflow.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with Our Website or Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to Our Website, including traffic data, location data, logs, and the resources that you access and use.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. See Section 6 (Cookie and Consent Management) for full details on the cookies We use and your choices.
  • Web Beacons. Pages of Our Website and Our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company to count users who have visited those pages or opened an email and for related website statistics.

5. How We Use Your Information

We use information that we collect about you or that you provide to Us, including any Personal Information:

  • To present Our Website and Platform and their contents to you.
  • To provide you with information, products, or services that you request from Us.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account, including expiration and renewal notices.
  • To carry out Our obligations and enforce Our rights arising from any contracts entered into between you and Us, including for billing and collection.
  • To notify you about changes to Our Website, Platform, or any products or services we offer or provide through them.
  • To allow you to participate in interactive features on Our Website or Platform.
  • To send you SMS/text messages for transactional, operational, or service-related communications when you have provided your mobile phone number and consented to receive such messages.
  • To create and maintain legally valid electronic signature records, including audit trails, as required under applicable electronic signature laws (including the U.S. ESIGN Act and UETA).
  • To analyze usage patterns and improve Our Platform, using aggregated and de-identified data where possible.
  • To detect, prevent, and respond to fraud, security incidents, or violations of Our terms of service.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

Lawful Bases for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, We process your Personal Information on the following lawful bases:

  • Performance of a contract (Art. 6(1)(b)): Processing necessary to provide Our Platform and services to you, including account management, document signing, and billing.
  • Legitimate interests (Art. 6(1)(f)): Processing for fraud prevention, security, improving Our Platform, and direct marketing to existing customers, where Our interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): Processing based on your affirmative consent, including non-essential cookies, SMS communications, and certain marketing activities. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)): Processing necessary to comply with applicable laws, such as retaining electronic signature audit records as required by law.

SMS/Text Messaging and Mobile Communications

We may offer you the option to receive text messages (SMS/MMS) from Verdocs for purposes such as account notifications, document signing alerts, and other transactional or service-related communications. The following terms govern our mobile messaging program:

  • By providing your mobile phone number and opting in to receive SMS communications from Us, you expressly consent to receive text messages from Verdocs at the mobile number provided. Consent to receive SMS messages is not a condition of purchasing any product or service.
  • No Sharing of Mobile Opt-In Data. We do not sell, rent, share, or otherwise disclose your mobile phone number or SMS opt-in consent data to third parties or affiliates for their marketing purposes. Mobile opt-in data will not be shared with any third party or affiliate except as required to operate Our SMS messaging program.
  • Message Frequency. Message frequency will vary based on your activity and preferences. Standard message and data rates may apply.
  • How to Opt Out. You may opt out of receiving SMS messages from Us at any time by replying STOP to any text message you receive from Us or by contacting hello@verdocs.com.
  • For help with SMS communications, reply HELP to any text message you receive from Us or contact Us at hello@verdocs.com.

6. Cookie and Consent Management

We use cookies and similar tracking technologies on Our Website. We manage cookie consent through CookieYes, a consent management platform (CMP), which presents a cookie banner to visitors and records consent preferences in compliance with GDPR and other applicable privacy laws.

What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They allow the website to recognize your device and remember certain information about your visit. We also use web beacons, pixel tags, and similar technologies that function similarly to cookies.

Categories of Cookies We Use

Based on Our current cookie scan, We use approximately 19 cookies across 4 categories. You may view and manage all cookies at any time through Our cookie preference center, accessible via the cookie banner or the “Cookie Settings” link on Our Website. The categories are:

  • Strictly Necessary Cookies. These cookies are essential for the Website and Platform to function and cannot be switched off. They are set in response to actions you take, such as logging in or filling in forms. These cookies do not require your consent.
  • Functional Cookies. These cookies enable enhanced functionality and personalization, such as remembering your preferences and settings.
  • Analytics/Performance Cookies. These cookies allow Us to count visits and traffic sources so We can measure and improve the performance of Our Website. All information collected is aggregated and anonymous. These cookies require your consent.
  • Targeting/Advertisement Cookies. These cookies may be set through Our Website by Our advertising partners to build a profile of your interests. They require your consent.

Your Cookie Choices

When you visit Our Website, a cookie consent banner will appear. You may accept all cookies, reject all non-essential cookies, or customize your preferences by category. You may change your cookie preferences at any time by clicking “Cookie Settings” in the footer of Our Website.

Third-Party Cookies

Some cookies on Our Website are set by third-party service providers. A full list is available in Our cookie preference center powered by CookieYes.

Do Not Track Signals

Our Website does not currently respond to Do Not Track (DNT) signals. You may manage your tracking preferences through Our cookie consent banner.

7. Disclosure of Your Information

We may disclose aggregated and anonymized information about Our users, and information that does not identify any individual, without restriction.

We may disclose Personal Information that we collect or you provide as described in this Privacy Policy:

  • To Our subsidiaries and affiliates, provided that mobile opt-in data (including mobile phone numbers and SMS consent) will never be shared with subsidiaries or affiliates for marketing or any other purpose not directly necessary to provide Our services to you.
  • To contractors, service providers, and other third parties we use to support Our business (including cloud infrastructure providers, analytics providers, payment processors, and Our cookie consent management provider, CookieYes). Where required by applicable law, We enter into data processing agreements with these service providers to ensure they protect your Personal Information.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Verdocs’ assets.
  • To third parties to market their products or services to you only if you have affirmatively consented to such disclosure. For the avoidance of doubt, your mobile phone number and mobile opt-in consent data will never be shared with third parties for marketing purposes, regardless of any other consent you may have provided.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by Us when you provide the information.
  • With your consent.

We may also disclose your Personal Information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply Our terms of use and other agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Verdocs, Our customers, or others.
  • International Data Transfers (GDPR). If you are located in the EEA, United Kingdom, or Switzerland, We may transfer your Personal Information to the United States. Where We do so, We rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA). You may request a copy of the applicable safeguards by contacting Us at hello@verdocs.com.

8. Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the Personal Information you provide to Us:

  • Tracking Technologies / Cookies. You can manage your cookie preferences at any time through Our CookieYes cookie preference center, accessible via the “Cookie Settings” link in the footer of Our Website.
  • Promotional Offers from the Company. If you do not wish to have your contact information used by the Company to promote Our own products or services, you can opt-out by emailing hello@verdocs.com. We do not use your mobile phone number to promote third-party products or services, and we do not share your mobile phone number with third parties for their marketing purposes.
  • SMS/Text Messages. To opt out of SMS/text messages from Verdocs, reply STOP to any message you receive from Us, or contact Us at hello@verdocs.com. Standard message and data rates may apply.
  • Withdrawal of Consent (GDPR). Where We process your Personal Information based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of prior processing. To withdraw consent, please contact Us at hello@verdocs.com or use the relevant opt-out mechanism.

Residents of certain states may have additional Personal Information rights and choices. See Sections 9 and 10 below.

9. U.S. State Privacy Rights

Several U.S. states have enacted comprehensive privacy laws that grant their residents specific rights regarding their Personal Information. Depending on your state of residence, you may have some or all of the rights described below.

California Residents (CCPA/CPRA)

California residents have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These include:

  • Right to Know. You have the right to request that We disclose the categories and specific pieces of Personal Information We have collected about you, the categories of sources, the business purpose, and the categories of third parties with whom We share it.
  • Right to Delete. You have the right to request that We delete Personal Information We have collected from you, subject to certain exceptions.
  • Right to Correct. You have the right to request that We correct inaccurate Personal Information about you.
  • Right to Opt Out of Sale or Sharing. We do not sell Personal Information as traditionally understood. To the extent Our use of cookies may constitute “sharing” for cross-context behavioral advertising under CPRA, you may opt out through Our CookieYes cookie preference center.
  • Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise your California rights, contact Us at hello@verdocs.com with the subject line “California Privacy Request.” We will respond within 45 days as required by law.

Other U.S. State Residents

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with active comprehensive privacy laws may have rights including: right to access, right to correct, right to delete, right to data portability, and right to opt out of targeted advertising or profiling.

To exercise your state privacy rights, contact Us at hello@verdocs.com with the subject line “State Privacy Request.” If We deny your request, you may appeal by contacting Us at the same address.

10. Rights Under GDPR (EEA, UK, and Switzerland)

If you are located in the EEA, United Kingdom, or Switzerland, GDPR or applicable national implementing legislation grants you the following rights:

  • Right of Access (Art. 15). You have the right to obtain confirmation of whether We process your Personal Information and, if so, a copy of it.
  • Right to Rectification (Art. 16). You have the right to request correction of inaccurate or incomplete Personal Information.
  • Right to Erasure (Art. 17). You have the right to request deletion of your Personal Information in certain circumstances.
  • Right to Restriction of Processing (Art. 18). You have the right to request that We restrict the processing of your Personal Information in certain circumstances.
  • Right to Data Portability (Art. 20). Where processing is based on consent or contract and carried out by automated means, you have the right to receive your Personal Information in a portable format.
  • Right to Object (Art. 21). You have the right to object to processing where We rely on legitimate interests, including for direct marketing purposes.
  • Right to Withdraw Consent (Art. 7(3)). Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint. You have the right to lodge a complaint with your local supervisory authority. In the EU: edpb.europa.eu. In the UK: ico.org.uk.

To exercise these rights, contact Us at hello@verdocs.com. We will respond within 30 days, extendable by 60 days for complex requests with notice to you.

11. Data Retention

We retain Personal Information for as long as necessary to fulfill the purposes for which it was collected, comply with Our legal obligations, resolve disputes, and enforce Our agreements.

Important distinction: the retention periods below apply to Verdocs’ own operational, compliance, and administrative records. Customer Data — data submitted by customers or their end users through the Services — is governed by the applicable customer agreement. Under Verdocs’ standard Subscription Terms and Conditions, Customer Data is made available for export during a wind-down period and deleted ninety (90) days after the end of the applicable wind-down period or, if no wind-down is requested, ninety (90) days after termination or expiration, unless retention is required by law. Customers should consult their agreement for the applicable terms.

  • Verdocs account and administrative records. Retained for the duration of your active account and for a period of up to 3 years after account closure, to allow for dispute resolution and compliance with Our legal obligations.
  • Electronic signature and audit trail data. Retained for a minimum of 7 years after the date of signing, as required to support the legal validity of signed documents under applicable electronic signature laws (including the U.S. ESIGN Act). Clients may configure longer retention periods.
  • Usage and analytics data. Retained in identifiable form for up to 2 years, after which it is aggregated or deleted.
  • Cookie consent records. Retained for up to 3 years, as required by GDPR to demonstrate proof of consent.
  • Marketing communications data. Retained until you opt out or for up to 3 years from your last interaction with Us, whichever is earlier.
  • Legal and compliance records. Retained for the period required by applicable law, which may exceed the periods above.

At the end of the applicable retention period, We securely delete or anonymize your Personal Information.

12. Accessing and Correcting Your Information

You can review and change your Personal Information by logging into Our Website and visiting your account profile page.

You may also send Us an email at hello@verdocs.com to request access to, correct or delete any Personal Information that you have provided to Us. We cannot delete your Personal Information except by also deleting your user account.

For requests under applicable state privacy laws or GDPR, see Sections 9 and 10 above for the applicable procedures and response timeframes.

13. AI and Automated Processing

Verdocs does not use Customer Data or Personal Information submitted through the Services to train, fine-tune, test, or otherwise improve any artificial intelligence or machine learning model, whether operated by Verdocs or any third party, without explicit prior consent. Aggregated, de-identified, and system-generated usage and performance data — which does not identify any customer, end user, or individual — may be used to improve service quality, reliability, and performance.

To the extent that Verdocs introduces AI-assisted features (such as document field detection, template suggestions, or workflow automation), We will describe such processing in this Privacy Policy as those features are made available.

We do not currently make solely automated decisions that produce legal or similarly significant effects about individuals. If this changes, We will update this Privacy Policy and, where required by applicable law (including GDPR Art. 22), provide you with the right to obtain human review of such decisions.

14. Data Security

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to Us is stored on Our secure servers. Any payment transactions and certain other information will be encrypted using TLS (Transport Layer Security) encryption.

Our security program includes the following controls:

  • Encryption of data in transit and at rest.
  • Access Controls. Logical access controls and least-privilege practices to limit access to Personal Information to authorized personnel.
  • Logging and Monitoring. Logging and monitoring of privileged and production system access.
  • Secure Development. Secure development practices, vulnerability management, and patching processes.
  • Incident Response. Documented incident response procedures.
  • Backup and Recovery. Backup and disaster recovery practices designed to ensure availability of Customer Data.
  • Workforce Controls. Workforce confidentiality and access management controls.

The safety and security of your information also depends on you. You are responsible for keeping your account credentials confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do Our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to Our Website.

Security Incident Notification. In the event of a confirmed security incident affecting your Personal Information, We will notify affected individuals, applicable customers, and regulatory authorities as required by applicable law, including applicable U.S. state breach notification laws and GDPR Articles 33 and 34.

15. Changes to Our Privacy Policy

It is Our Privacy Policy to post any changes we make to Our Privacy Policy on this page with a notice that the Privacy Policy has been updated on Our Website home page. If we make material changes to how we treat Our users’ Personal Information, we will notify you through a notice on Our Website home page. The date the Privacy Policy was last revised is identified at the top of the page.

Customers operating under a Verdocs Subscription Agreement will receive at least 30 days’ prior notice of material changes to this Privacy Policy, consistent with the notice requirements of that agreement.

16. Contact Information

To ask questions or comment about this Privacy Policy and Our privacy practices, contact Us at:

Verdocs, Inc.

hello@verdocs.com

For GDPR-related inquiries or to exercise your data subject rights, please include “GDPR Request” in the subject line of your email. For U.S. state privacy requests, please include “State Privacy Request” in the subject line.

17. HIPAA and Regulated Data

If you or your organization use the Services to create, receive, maintain, or transmit protected health information (PHI or ePHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), additional terms apply, including a Business Associate Agreement (BAA). If a signed BAA is in place, that agreement controls solely with respect to PHI and ePHI.

Similarly, if your use of the Services involves other categories of regulated data — including financial data subject to the Gramm-Leach-Bliley Act (GLBA), consumer report information subject to the Fair Credit Reporting Act (FCRA), or other industry-regulated data — additional terms or addenda may apply. Please contact hello@verdocs.com to discuss the appropriate addendum for your use case.

18. Dispute Resolution

This Privacy Policy is governed by the laws of the State of Delaware and controlling United States federal law, without regard to conflict of laws principles.

Before either party initiates arbitration, the party asserting the dispute will provide written notice to the other party describing the nature and basis of the dispute in reasonable detail. Within ten (10) business days after receipt of such notice, knowledgeable representatives of the parties will meet by video conference or other mutually agreed means and attempt in good faith to resolve the dispute.

If the dispute is not resolved through that process, then except as provided below, any dispute, claim, or controversy arising out of or relating to this Privacy Policy will be finally resolved by binding arbitration administered through New Era ADR, Inc., in accordance with its then-current rules and procedures for virtual expedited commercial arbitrations, by a neutral with relevant commercial and technology experience. Judgment on the award may be entered in any court having jurisdiction.

Notwithstanding the foregoing, either party may seek temporary, preliminary, or injunctive relief in any court of competent jurisdiction to prevent actual or threatened misuse of intellectual property, Confidential Information, security controls, or proprietary rights.

The prevailing party in any arbitration or court proceeding arising out of or relating to this Privacy Policy may be awarded its reasonable attorneys’ fees and costs, in the discretion of the neutral or court.

EACH PARTY WAIVES ANY RIGHT TO A JURY TRIAL IN CONNECTION WITH ANY DISPUTE ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY.

TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY AGREES THAT ANY DISPUTE WILL BE BROUGHT ONLY IN ITS INDIVIDUAL CAPACITY, AND NOT AS A PLAINTIFF OR CLASS MEMBER IN ANY PURPORTED CLASS OR REPRESENTATIVE PROCEEDING.

Note for EEA/UK Residents: Notwithstanding the arbitration clause above, EEA and UK residents retain the right to lodge a complaint with their applicable supervisory authority and to seek remedies under GDPR. Those rights are not affected by this arbitration clause.