hello@hitthosting.com
Hosting Sign
Get Started

Privacy Policy

Last updated: June 2026

Hitt Hosting Sign ("Sign", "we", "us") is an electronic-signature service. This policy explains what information we collect, why we collect it, and how we handle it — for account holders and for the people they send documents to.

Information we collect

Account information. Name, email address, and password (stored hashed) when you register; workspace name, branding (logo, accent color), and team-member email addresses you add.

Documents and envelope data. The PDFs you upload, the fields you place, the messages you attach, and recipient names and email addresses you enter.

Signing and audit-trail data. Because the product's purpose is a defensible record of who signed what and when, signing events are recorded in a tamper-evident audit trail: signer name and email, signature image, timestamps, IP address, browser user agent, and the sequence of envelope events. This data is part of the signed record your sender relies on and is retained with the envelope.

Billing information. Payments are processed by Stripe; we store plan, subscription status, and billing events, not your full card details.

How we use it

We use this information solely to provide the service: delivering signature requests, recording the audit trail, producing the signed PDFs and audit certificates, sending transactional email (signing links, reminders, completion notices, one-time passcodes), and billing. We do not sell your data, and we do not use the contents of your documents for advertising or to train machine-learning models.

If you were asked to sign a document

When someone uses Sign to request your signature, the sender — not Sign — chose to process your name and email address. We process your signing data on the sender's behalf to complete the transaction and to build the audit record both parties rely on. Questions about why you received a document should go to the sender; questions about how the platform handles your data can come to us.

Where your data lives

Documents and application data are stored in our hosted PostgreSQL database and object storage (Supabase), with per-organization isolation enforced by row-level security policies. Data is encrypted in transit (TLS) and at rest by our storage providers. Document downloads use short-lived signed URLs.

Service providers

We share data with a small set of processors only as needed to run the service: Supabase (database, storage, authentication), Stripe (payments), our transactional email provider (delivering signing and notification emails), and Sentry (error monitoring). Each receives only what it needs for its function.

Retention and deletion

Envelope data is retained while your account is active so the signed record stays verifiable. Workspace owners can configure a data-retention policy (minimum 30 days) and can run a personal-data purge on completed envelopes (a right-to-be-forgotten tool that removes signer personal data while preserving the envelope's integrity record). After account closure, data is deleted within 30 days except where law requires longer retention.

Your rights

You can access and export your documents and audit certificates at any time from the dashboard. Depending on where you live, you may have rights to access, correct, delete, or port personal data we hold about you. Contact us and we will respond to verified requests. Note that audit-trail entries for completed envelopes are tamper-evident by design — deletion requests are honored through the purge tool, which removes personal data without silently rewriting the signed record.

Cookies

The app uses cookies for authentication and session state. We do not run third-party advertising trackers.

Changes to this policy

We may update this policy from time to time. Material changes will be announced on this page with an updated "last updated" date.

Contact

Privacy questions? Reach us via the contact page.