Get Stuff Signed
Sign InStart Free Trial

Privacy Policy

Your privacy matters. Here's exactly how we handle your data.

Last Updated: March 9, 2026

1. Introduction

Final Approach Software (“we,” “us,” or “GetStuffSigned”) operates the Get Stuff Signed platform at getstuffsigned.com. We are committed to protecting the privacy of our users and the people who sign forms through our platform.

This Privacy Policy describes what information we collect, how we use it, who we share it with, how long we keep it, and what rights you have over your data. This policy applies to all users of the Service, including business account holders and their customers (signers).

If you have questions about this policy, contact us at hello@getstuffsigned.com.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and business name. You may optionally provide additional profile information.

Form Content

We store the forms, waivers, and templates you create, including the text content, field configurations, and settings you apply.

Submission Data (Signer Data)

When someone signs a form through your account, we collect and store:

  • Signer's name and email address (as provided on the form)
  • Signature image data
  • All form field responses
  • Timestamp of submission (UTC)
  • IP address of the signing device
  • Browser user agent string
  • Geolocation data (city/region level, only if permitted by the signer's browser)
  • Generated PDF of the signed document

Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVC, or full card details. We store only the billing information Stripe returns to us (e.g., last four digits, card type, expiration month/year) for display purposes.

Usage Data

We collect information about how you use the Service, including pages visited, features used, time spent, and actions taken. This data is used to improve the product.

Cookies and Local Storage

We use session cookies for authentication and preference cookies to remember your settings. We do not use third-party advertising cookies or tracking pixels for ad networks.

3. How We Use Information

We use the information we collect to:

  • Provide the Service: Store and manage your forms, collect signatures, generate PDFs, and make your data accessible to you
  • Improve the Service: Analyze usage patterns to identify bugs, improve performance, and prioritize new features
  • Process payments: Manage your subscription billing via Stripe
  • Send transactional emails: Deliver form submission confirmations, account notifications, and support responses via Resend. We do not send marketing emails without your explicit opt-in.
  • Generate AI-powered forms: When you use the AI form generation feature, your prompt is sent to the Anthropic Claude API to generate form content. We do not send signer data or submission data to Anthropic.
  • Ensure legal compliance of e-signatures: Capture and store the metadata required to validate electronic signatures under the E-SIGN Act and UETA
  • Customer support: Respond to your questions and resolve issues

4. Third-Party Services

We use the following third-party services to operate the platform. Each service receives only the data necessary for its function.

Supabase

Database hosting, authentication, and file storage. Supabase stores all application data including accounts, forms, submissions, and signed PDFs. Data is stored on US-based servers.

Stripe

Payment processing. Stripe receives your billing information (name, address, card details) when you subscribe. We never see or store your full card number.

Anthropic Claude API

AI form generation. When you use the AI feature, your form generation prompt is sent to Anthropic. We do NOT send signer data, submission data, or any personal information about your customers to Anthropic.

Resend

Transactional email delivery. Resend receives email addresses and message content for the purpose of delivering emails (e.g., form submission confirmations, account notifications).

Cloudflare

DNS and CDN services. Cloudflare may process IP addresses and request metadata as part of routing traffic to our platform and providing DDoS protection.

Vercel

Application hosting. Vercel processes web requests to serve the application. Request logs may include IP addresses and user agent strings.

5. Data Storage and Security

All application data is stored on US-based servers via Supabase. We implement the following security practices:

  • Encryption in transit using TLS (HTTPS) for all data communications
  • Encryption at rest for stored data via Supabase's default encryption
  • Access controls limiting data access to authenticated users and their own organization's data
  • Row-level security policies enforced at the database level
  • Regular security reviews and dependency updates

While we take reasonable measures to protect your data, no system is perfectly secure. We encourage you to use strong passwords and to notify us immediately if you suspect unauthorized access to your account.

6. Data Retention

  • Active account data: Retained for as long as your account is active.
  • Submission data and signed PDFs: Retained in accordance with e-signature legal requirements. Under E-SIGN Act guidance, electronic records should be retained for the duration required by the applicable underlying transaction (typically 5–7 years for business records). Your subscription plan determines how long submission data is accessible to you.
  • Deleted account data: Upon account deletion, your account and form data are removed from active systems within 30 days, except where legal retention requirements apply (e.g., signed records).
  • Backups: Data may persist in encrypted backups for a limited period after deletion as part of disaster recovery procedures.

7. Your Rights

General Rights (All Users)

  • Access: View your account data and submission records in your dashboard
  • Export: Download your signed PDFs and submission data at any time
  • Deletion: Request deletion of your account and associated data
  • Opt-out: Unsubscribe from any marketing communications at any time

California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information

We do not sell personal information to third parties. To exercise your rights, contact us at hello@getstuffsigned.com.

EU Residents (GDPR)

Get Stuff Signed primarily serves US-based businesses. If you are located in the European Union or European Economic Area, you have rights under the GDPR, including the right to access, rectify, erase, restrict processing, and data portability. To submit a data subject request, contact us at hello@getstuffsigned.com.

8. Cookies

We use a minimal set of cookies necessary to operate the Service:

  • Session cookies: Used for authentication — required to keep you logged in during your session
  • Preference cookies: Remember your settings (e.g., theme preference)

We do not use third-party advertising cookies, tracking pixels for ad networks, or any cookies designed to track you across other websites.

You can configure your browser to block or delete cookies. Note that blocking session cookies will prevent you from logging in to the Service.

9. Children's Privacy

The Service is intended for business use and requires account holders to be at least 18 years old. We do not knowingly collect personal information directly from children under the age of 13.

Note that businesses using Get Stuff Signed may create forms that collect information from or about minors (for example, a daycare collecting signed permission forms from parents or guardians on behalf of children). In these cases, the business is responsible for obtaining appropriate parental consent and operating in compliance with applicable laws, including COPPA. GetStuffSigned acts as a data processor for the business and is not responsible for the business's compliance obligations toward minors.

10. Changes to Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or via an in-app notice and update the “Last Updated” date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

11. Contact

If you have any questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, please contact us:

Final Approach Software

Operating as GetStuffSigned

hello@getstuffsigned.com

See also our Terms of Service for the complete terms governing your use of the platform.