Privacy Policy

Last Updated: June 2, 2026 (Version 1.4)

Evenstar Services, LLC, a Texas limited liability company, doing business as eSign Launchpad ("Company," "we," "us," or "our"), operates the eSign Launchpad electronic-signature platform (the "Platform"). This Privacy Policy explains how we collect, use, disclose, store, retain, and protect personal information when you visit our website, register an account, send packages for signing, sign documents, or use our REST API or MCP server.

By accessing or using the Platform you consent to the practices described in this Policy. If you do not agree, you must discontinue use of the Platform. This Policy supplements our Terms of Service and is incorporated into them by reference.

1. Who This Policy Covers

This Policy applies to two distinct groups of individuals, and we treat the data we hold about each group differently:

Tenants - individuals or organizations that register an eSign Launchpad account, log in to the Portal or API, manage subscriptions, configure settings, and send documents for signature. We are the data controller for Tenant account data.
Signers - individuals who receive documents from a Tenant and complete a signing ceremony. We act as a data processor for Signer data: the sending Tenant decides what documents to send, what authentication to require, and what becomes of the resulting record. The Tenant is the controller of the Signer's personal data.

2. Information We Collect

2.1 Information Tenants Provide Directly

When you register and use the Platform as a Tenant, we collect:

Account registration: name, email address, phone number, password, time zone, and (optional) company name
Phone verification: the SMS one-time code returned by you during signup, used solely to confirm ownership of the phone number
Billing information: payment card and billing details collected and tokenized by Stripe (we do not store full card numbers); subscription tier; auto-refill preferences; tax identification numbers where required for 1099 reporting on signer-payment collection
Stripe Connect onboarding (optional): if you enable signer-payment collection, the bank account and identity information required by Stripe to fund payouts. Stripe collects this directly; we receive only the resulting account identifier and capability flags.
Branding and configuration: logos, colors, custom email templates, webhook URLs, API key labels, SSO/SCIM configuration (SAML metadata, OIDC issuer URLs, signing certificates)
Documents and templates: any document, template, annotation, or supporting attachment you upload
Communications: support requests, in-product chats, contact-form submissions, and feedback

2.2 Information Collected from Signers (Processed on Behalf of Tenants)

When a Signer participates in a signing ceremony hosted by one of our Tenants, the Platform processes the following on the Tenant's behalf:

Data Point	Purpose	Standard Retention
Name and email address	Identify the Signer; deliver invitations, reminders, and completion notifications	7 years from completion
Phone number (if SMS authentication required)	Send the one-time-passcode used to authenticate before signing	7 years from completion
Drawn or typed signature image and initials	Apply to the document and the certificate of completion	7 years from completion (with the signed document)
Knowledge-Based Authentication (KBA) result	Pass/fail outcome of identity-quiz authentication, plus the question-set identifier. The actual question content and Signer answers are not stored by the Platform.	7 years from completion (audit trail)
Identity-Verification (IDV) result	Pass/fail outcome, document-type identifier, and a redacted reference to the verification record held by the IDV provider. The Platform does not store the government-ID image or the selfie capture itself; those remain with the IDV provider.	7 years from completion (audit trail)
IP address and browser/device fingerprint	ESIGN/UETA audit trail; fraud detection; geographic verification	7 years from completion
Approximate geolocation	Derived from the IP address via MaxMind GeoLite2; recorded in the audit trail	7 years from completion
Interaction timestamps	Audit trail: invitation viewed, document opened, page scrolled, fields completed, ceremony submitted	7 years from completion
Uploaded attachments	Supporting documents the Signer provides as part of the ceremony	7 years from completion
Payment information (signer-paid packages only)	Tokenized card details collected by Stripe directly from the Signer; we receive only the resulting payment identifier and amount	7 years from completion

Free-tier and trial accounts may be subject to shorter retention periods. The Tenant who sent the package controls deletion timing within the bounds of our standard retention policy and any applicable legal-hold obligations.

2.3 Information Collected Automatically

Whenever you visit the Platform we automatically collect:

Device and browser information: IP address, browser name and version, operating system, device type, viewport size, language preference, and (when consented) timezone
Usage data: pages and ceremony screens visited, features used, click and scroll patterns, referring URLs, performance and error telemetry
Cookies, local storage, and session storage: to maintain login sessions, the anti-forgery token, branding cache, and the in-app preferences described in Section 9
Server logs: request method, path, response status, timing, the request identifier, and error stack traces

2.4 Information Generated by the Platform's Audit Engine

The Platform records every signing-related event (invitation sent, viewed, signed, completed, declined, voided), every billing event (subscription renewal, refund, dispute, credit deduction), and every privileged user-lifecycle action (invite, approve, deactivate, role change) into an append-only, hash-chained audit log. Audit entries are sealed with a SHA-256 hash that includes the previous entry's hash, so any post-hoc tampering breaks the chain and is detectable. This audit data is integral to the legal weight of an eSignature and cannot be selectively edited or deleted by any party (including the Tenant) before its retention period expires.

2.5 Cloud-Storage Imports (Optional)

The Platform offers an optional convenience feature that lets you import documents directly from third-party cloud-storage providers (Dropbox, Google Drive, and Microsoft OneDrive / SharePoint) into a signing package. We disclose how each integration works because, in some cases, OAuth scopes from the third-party provider are involved. Use of cloud-import is entirely optional; the same documents can always be uploaded from your local device instead.

Dropbox. We use the Dropbox Chooser, a drop-in JavaScript widget hosted by Dropbox. When you click the Dropbox button, Dropbox itself (not eSign Launchpad) authenticates you to your own Dropbox account and shows you a file picker. Dropbox returns a temporary direct-download URL to your browser; your browser fetches the file's bytes and uploads them to our document storage through our standard chunked-upload pipeline. We do not receive a Dropbox OAuth token, and we do not retain access to your Dropbox at any point.
Google Drive. We use the Google File Picker, which requires the OAuth scope https://www.googleapis.com/auth/drive.file. This scope is intentionally narrow: it grants our application access only to files you explicitly select via Google's File Picker, never to other files in your Drive. The OAuth token is held in your browser memory for the duration of a single import action, used to download the file's bytes via the Google Drive API directly from your browser, and then discarded. The token is never sent to or stored on our servers. Google Workspace native files (Google Docs, Sheets, Slides) are exported to PDF on the fly via the Drive API for inclusion in the package; we do not modify or write back to your original Drive file. We do not poll, sync, or maintain background access to your Drive. You can revoke our access at any time at https://myaccount.google.com/permissions.
Microsoft OneDrive / SharePoint. We use the Microsoft File Picker (v8) hosted by Microsoft. The OAuth scopes requested are Files.Read.All and Sites.Read.All on Microsoft Graph plus AllSites.Read and MyFiles.Read on SharePoint, which are required by Microsoft's File Picker design. As with Google Drive, the OAuth token is held in browser memory only, used to download the picked file's bytes via the Microsoft Graph API directly from your browser, and then discarded. The token never reaches our servers. If you sign in with a personal Microsoft account, the equivalent OneDrive.ReadOnly Live OneDrive scope is used. We do not poll, sync, or maintain background access to your OneDrive or SharePoint. You can revoke our access at any time at https://myaccount.microsoft.com/permissions.

Across all three providers: we treat the imported file's bytes the same as any document uploaded from your local device. Once imported, the file is subject to the same retention, encryption, and access-control policies described elsewhere in this Policy. We do not log, transmit, or analyze the content of imported documents beyond what is required to ingest them into the signing package and complete the signing ceremony you direct.

Revoking your consent at the third-party provider does not delete documents that were already imported into a completed signing package. Those become part of the immutable evidence record for that ceremony. Revocation only blocks future imports until you re-grant access.

3. How We Use Your Information

We use the information we collect for the following purposes:

Service delivery: operating the Platform end-to-end - package creation, document conversion, signing ceremonies, certificate-of-completion generation, payment collection, and webhook delivery
Authentication: verifying the identity of Tenants on login (including multi-factor codes) and Signers (via access codes, SMS one-time-passcode, KBA, or government-ID verification, as the Tenant configures)
Billing and payments: processing subscription renewals, settling overage charges, fulfilling credit-pack purchases and auto-refills, and routing signer-collected funds through Stripe Connect
Compliance and audit: generating ESIGN/UETA-compliant audit trails, hash-chained tenant-lifecycle audits, and certificate-of-completion PDFs
Communications: transactional notifications (signing invitations, reminders, completion notices, billing alerts, security alerts, MFA codes); product updates; with your consent, marketing communications you can opt out of at any time
Security and abuse prevention: detecting fraudulent signups (duplicate-IP clustering, datacenter-IP and disposable-email detection, sanctioned-country blocking), automatically screening outbound email message content and its web links (and, where applicable, text and links extracted from uploaded documents) for phishing, fraud, impersonation, and prohibited-use patterns before a package is sent, enforcing rate limits, investigating chargebacks and disputes, and responding to suspected unauthorized access
Platform improvement: analysing usage patterns in aggregate to improve features, performance, accessibility, and reliability
Customer support: responding to your inquiries, troubleshooting issues, and providing technical assistance
Legal compliance: meeting tax-reporting obligations (1099-K via Stripe), responding to lawful requests from authorities, and enforcing our Terms of Service

4. Data Processing Roles

Under applicable data-protection laws (including the EU/UK General Data Protection Regulation and the California Consumer Privacy Act / California Privacy Rights Act), our role depends on whose data is at issue:

For Tenant data (your own account, billing, and configuration): we are the data controller. We decide what we collect and why, and this Policy is our notice to you.
For Signer data (the people your packages are sent to): the Tenant is the data controller and we are the data processor. We process Signer data only to deliver the services the Tenant has configured. Tenants are responsible for: (i) having a lawful basis to send each package; (ii) providing Signers with their own privacy notice; (iii) responding to Signer data-subject rights requests; and (iv) configuring authentication, retention, and routing appropriately for the documents being signed.

If you are a Signer and you want to exercise rights over data the Platform holds about you, your first point of contact is the Tenant who sent you the document. We will support that Tenant in honoring your request as required by the Terms of Service and applicable law.

5. How We Share Your Information

We do not sell, rent, or trade personal information for any third party's marketing purposes. We share information only in the circumstances described below.

5.1 With the Sending Tenant

Audit-trail data captured during a signing ceremony - the Signer's IP address, derived geolocation, browser and device, interaction timestamps, signature image, and authentication result - is shared with the Tenant who sent the package, because that audit trail is the legal evidence of the Signer's consent. This is the core function of the Platform.

5.2 With Other Signers on the Same Package

Where a package has multiple Signers, each Signer's name and applied signature image are visible to other parties to the same document, as is necessary for any multi-party signing workflow.

5.3 With Sub-Processors

We use the following categories of trusted sub-processors to operate the Platform. Each operates under contracts that restrict their use of your data to the services they provide to us, and each is subject to its own privacy policy:

Microsoft Azure - cloud hosting, database, blob storage, key vault, and managed services. All Platform data is hosted on Azure infrastructure in the United States.
Stripe, Inc. - subscription billing, credit-pack purchases, and Stripe Connect destination charges for signer-paid packages. Stripe receives Tenant billing details, signer payment details (for paid packages), and tax-reporting data. Stripe's use of your data is governed by Stripe's Privacy Policy.
Persona - government-ID identity verification (IDV) for signing ceremonies that require it. Persona receives the document image, selfie, and biometric comparison data the Signer provides during their flow. Persona retains this data subject to Persona's Privacy Policy; the Platform stores only the pass/fail outcome and a redacted reference identifier.
Authenticate.com - Knowledge-Based Authentication (KBA) for signing ceremonies that require it. Authenticate.com queries credit-bureau and public-records data to generate identity questions and grade the Signer's answers. The Platform receives only the pass/fail outcome.
Twilio Inc. - SMS delivery for one-time passcodes (signup, login, signer SMS authentication) and signer notifications where SMS is configured. Twilio receives the phone number and message content.
MaxMind - IP-to-geolocation lookups (city/region/country accuracy only) used to seal an approximate location into the audit trail.
Twilio SendGrid - delivery of transactional email including signing invitations, reminders, completion notices, billing alerts, and security alerts. SendGrid receives recipient email addresses and message content; its handling of that data is governed by Twilio's Privacy Notice.
Hangfire / Microsoft Azure Functions - background-job execution. These run inside our Azure tenancy and process the same data the Platform itself processes.
Document conversion services - we operate Gotenberg (LibreOffice-based) and Syncfusion conversion components inside our Azure tenancy to convert uploaded DOCX and image files into PDF before signing.
Microsoft Azure AI services - automated classification of outbound email message content for abuse and fraud prevention. The email message body a Tenant composes for a package is processed by an artificial-intelligence model operating within our own Microsoft Azure tenancy (currently the Azure OpenAI Service alongside Azure AI Content Safety), in the same Microsoft Azure environment that hosts the rest of the Platform, solely to produce an allow/block decision before the package is sent. This is a private deployment inside our Azure environment, not a public or consumer AI service: the content stays within that environment, is not shared with OpenAI or any other third party, and is not used to train any artificial-intelligence model. The Platform may also submit text and web links extracted from uploaded documents to these services for the same screening purpose. Microsoft's handling of data processed by its Azure AI services is governed by Microsoft's Privacy Statement.
Google Safe Browsing - reputation checks on the web links contained in outbound email messages, which may also include links extracted from uploaded documents. Each such link is submitted to Google's Safe Browsing service to be checked against Google's lists of known phishing and malware destinations before the package is sent. Google's handling of this data is governed by Google's Privacy Policy.
Google Analytics 4: provided by Google LLC for aggregated traffic and product analytics on our marketing site, documentation pages, and the authenticated dashboard. Google receives event data including page paths, referrers, anonymized IP-derived region, browser and device type, and session duration. Google Analytics is intentionally not loaded on signing-ceremony pages, so personal information processed during a signing ceremony is never sent to Google. Google's handling of this data is governed by Google's Privacy Policy and the Google Analytics Terms of Service.
Dropbox, Inc.: hosts the Dropbox Chooser drop-in widget used by the optional Dropbox cloud-import feature described in Section 2.5. The Chooser runs in your browser and authenticates you against your own Dropbox account; we receive only the file bytes you explicitly select. Dropbox's handling of your data is governed by Dropbox's Privacy Policy.
Google LLC (Drive API + Picker API): hosts the Google Picker and Drive download endpoints used by the optional Google Drive cloud-import feature described in Section 2.5. The OAuth token stays in your browser; we receive only the file bytes you explicitly select. Google's handling of your data is governed by Google's Privacy Policy.
Microsoft Corporation (Microsoft Graph + File Picker v8): hosts the Microsoft File Picker and Graph download endpoints used by the optional OneDrive / SharePoint cloud-import feature described in Section 2.5. The OAuth token stays in your browser; we receive only the file bytes you explicitly select. Microsoft's handling of your data is governed by Microsoft's Privacy Statement.

We may add or replace sub-processors from time to time. We will give Tenants reasonable advance notice (typically 30 days) of material sub-processor changes via in-product notification or email. A Tenant who objects to a new sub-processor may terminate their subscription as their sole remedy.

5.4 Legal Requirements and Lawful Requests

We may disclose information when we believe in good faith that disclosure is necessary to:

Comply with applicable laws, regulations, valid legal process, or enforceable governmental requests
Enforce our Terms of Service, including investigation of suspected violations
Detect, prevent, or address fraud, security incidents, or technical issues
Protect the rights, property, or safety of Company, our users, or the public

5.5 Business Transfers

If we are involved in a merger, acquisition, reorganization, financing, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will provide notice (via in-product banner and email to the Tenant Admin on file) before any transfer that would change the controller of your data, and successors are bound by this Privacy Policy until they publish their own.

5.6 Aggregated and De-Identified Data

We may use and share aggregated or de-identified information that cannot reasonably be used to identify you for purposes such as benchmarking, capacity planning, security research, and product improvement.

6. Data Retention

We retain personal information for as long as needed to provide the Platform, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

Tenant account data: retained for the life of the account plus 30 days after deletion or cancellation, after which it is deleted unless we have a separate legal-retention obligation
Completed packages, signed documents, and audit trails: retained for 7 years from signing completion on paid tiers; Free-tier packages may be subject to shorter retention as published in the Platform. Audit trails cannot be edited or selectively deleted within the retention window because they are the evidence of the signature.
Tenant-lifecycle audit blob (user invites, approvals, role changes, suspensions): retained for the life of the Tenant plus 7 years
Billing and payment records: retained for at least 7 years for tax and financial-regulation purposes
Authentication-evidence references (KBA pass/fail outcomes, IDV provider reference IDs): retained with the audit trail for 7 years; the underlying source data held by the IDV provider is subject to that provider's own retention policy
Server logs and security telemetry: typically 90–180 days, longer where retained for an active security investigation
Support and contact-form submissions: retained for the duration of the inquiry and a reasonable period afterward (typically 24 months) for issue trend analysis

Post-termination export window: upon Tenant cancellation, you have at least 30 days to download your packages, audit trails, and certificates of completion through the Platform's export tools. Tenants on regulated workloads may request extended retention by contacting us in writing before the export window expires.

7. Data Security

We implement industry-standard technical and organizational measures to protect personal information:

Encryption in transit: all data exchanged between your browser, our API, and our infrastructure is encrypted using TLS 1.2 or higher
Encryption at rest: all stored data is encrypted using AES-256 in our cloud data centers (Microsoft Azure)
Document sealing: signed PDFs are sealed using PAdES-compatible digital signatures with SHA-256 integrity hashes
Audit-trail integrity: per-tenant audit blobs are append-only, hash-chained with SHA-256, and rolled monthly; cross-month chain continuity is verifiable on demand
Infrastructure security (Azure): the Platform is hosted on Microsoft Azure, whose data centers maintain third-party attestations including ISO/IEC 27001, SOC 1/2/3, FedRAMP, and HIPAA at the underlying cloud-infrastructure layer. These attestations cover Azure's controls; Company does not currently hold its own application-layer attestation.
Access controls: role-based access control inside the Platform, multi-factor authentication options for users, SAML/OIDC SSO and SCIM provisioning for enterprise Tenants, and least-privilege access for our personnel
Credential isolation: API keys, SSO signing certificates, and Stripe Connect identifiers are stored separately from general application data and protected as confidential
Continuous monitoring: automated security monitoring, intrusion detection, and abuse-clustering reports
Incident response: we will notify affected Tenants of confirmed security incidents involving their personal data without undue delay and, where feasible, no later than 72 hours after we become aware of the incident, including available details on scope, impact, and our remediation plan

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

8.1 Access and Portability

You may request a copy of the personal information we hold about you by emailing privacy@esignlaunchpad.com from the address on file. We will respond within 30 days of a verified request and will provide your data in a commonly used, machine-readable format.

8.2 Correction

Tenants may update their account information at any time through their account settings or by contacting support. Signers should contact the Tenant who sent the document to correct information associated with that signing.

8.3 Deletion

You may request deletion of your personal information by contacting us. We will comply with your request unless we are required to retain the data for legal or compliance reasons (the most common being audit-trail retention attached to a signed document, which is the evidence of the signature itself). In such cases we will identify the specific obligation and the date the retention period ends.

8.4 Marketing Communications

You may opt out of marketing emails at any time by clicking "unsubscribe" in any marketing message or by emailing us. You may opt out of marketing SMS at any time by replying STOP. Transactional notifications (signing invitations, completion notices, billing alerts, MFA codes, security alerts) cannot be opted out of while your account remains active because they are necessary to deliver the service.

8.5 California Residents (CCPA / CPRA)

If you are a California resident, in addition to the rights above you have the right to:

Know what categories of personal information we collect, the sources, the purposes, and with whom we share it
Request deletion of your personal information (subject to legal-retention exceptions)
Request correction of inaccurate personal information
Limit the use of sensitive personal information (such as IDV evidence) to that necessary to provide the service
Opt out of the "sale" or "sharing" of your personal information - we do not sell or share personal information for cross-context behavioral advertising
Not receive discriminatory treatment for exercising any of these rights

To exercise these rights, email privacy@esignlaunchpad.com from the address on file. You may designate an authorized agent to make a request on your behalf, in which case we will require proof of your authorization.

8.6 European / United Kingdom Residents (GDPR / UK GDPR)

The Platform is hosted in the United States. We do not currently offer data-residency options inside the European Economic Area or the United Kingdom. Tenants that intend to process EU/UK Signer data through the Platform should contact us before doing so to confirm a suitable contractual basis (Standard Contractual Clauses or UK International Data Transfer Agreement) is in place. Where GDPR applies, you have additional rights including the right to object to processing, restrict processing, and lodge a complaint with your local supervisory authority.

9. Cookies and Similar Technologies

We use cookies and similar technologies for the following purposes:

Strictly necessary: session cookies for authenticated login, the ASP.NET anti-forgery token, the two-factor binding token, and the SuspendedUserGate cache key. Without these the Platform will not function.
Functional: remembering your preferences (theme, language, dashboard layout, recently-viewed packages).
Analytics and performance: aggregated usage telemetry via Google Analytics 4 to understand which Platform features are working well, where users encounter friction, and which integrations are failing. GA4 sets cookies named _ga and _ga_4JTLSL5P9M that persist for up to two years and identify a returning browser without identifying you personally. We do not use these to build a profile of you across the broader internet, and Google Analytics is not loaded during signing ceremonies.

You can control cookies through your browser settings. Disabling strictly-necessary cookies will prevent the Platform from functioning.

10. Third-Party Links

Our website and the Platform contain links to third-party websites and services (sub-processors, documentation hosts, marketing partners). We are not responsible for the privacy practices, content, or security of those third parties. Review their privacy policies before providing them with personal information.

11. Children's Privacy

The Platform is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If you believe we have inadvertently received information from a person under 18, contact us at privacy@esignlaunchpad.com and we will take steps to delete it.

12. International Data Transfers

The Platform and all of its sub-processors process data primarily in the United States on Microsoft Azure infrastructure. If you access the Platform from outside the United States, your information will be transferred to and processed in the United States. By using the Platform you consent to that transfer. We take reasonable steps, including the contractual restrictions described in Section 5.3, to ensure your data receives an adequate level of protection wherever it is processed.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes we will:

Update the "Last Updated" date at the top of this page
Notify registered Tenants via email and/or in-product notice
Where required by law, obtain renewed consent before applying the change

Continued use of the Platform after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

For privacy-related questions, data-access requests, breach notifications, or to exercise any of your rights:

Evenstar Services, LLC d/b/a eSign Launchpad
Email: privacy@esignlaunchpad.com
Web: www.esignlaunchpad.com