Skip to content
MailSigCraft
EditorTemplatesPricingInstall Guides
Log inGet Started

Privacy Policy

Last updated: April 14, 2026

This Privacy Policy explains how MailSigCraft (“MailSigCraft”, “we”, “our”, or “us”) collects, uses, shares, and protects your personal information when you use our website at mailsigcraft.com and any related services (together, the “Service”). MailSigCraft is the data controller for the personal information processed through the Service. We are committed to protecting your privacy and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and India’s Digital Personal Data Protection Act, 2023 (DPDP Act).

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Data we collect

We only collect the data we need to run the Service and give you a good experience. This includes:

  • Account information: your email address, hashed password (if you sign up with email/password), and basic profile data such as your name and profile picture returned by your identity provider (e.g. Google) when you sign in with OAuth.
  • Signature content: everything you enter into the signature editor — name, job title, company, phone, email, website, social links, and any photos or logos you upload.
  • Uploaded files: images you upload for your signature (photos, logos, banners). These are stored on our hosting providers and served over HTTPS.
  • Billing information: if you subscribe to a paid plan, our payment processor Dodo Payments collects and stores your billing details. We do not store your full card number on our servers.
  • Usage data: pages visited, buttons clicked, features used, approximate location derived from your IP address, device type, browser, and referrer. We use this to improve the product and detect abuse.
  • Communications: the content of emails or support requests you send us, so we can respond and keep a history of the conversation.
  • Click-tracking data: if you enable click tracking in your signature, we log when a recipient clicks a tracked link, along with the approximate timestamp and IP.

2. How we use your data

We use the personal data described above to:

  • Provide, operate, and maintain the Service.
  • Create and manage your account and authenticate your sessions.
  • Render, preview, and deliver your email signatures.
  • Process payments, send invoices, and manage subscriptions.
  • Send you transactional emails (account confirmations, payment receipts, security alerts, and important product updates).
  • Respond to your support requests and communicate with you.
  • Improve the product through aggregated, anonymized usage analytics.
  • Detect, prevent, and investigate fraud, abuse, and security incidents.
  • Comply with our legal obligations.

We do not sell your personal data to third parties, and we do not use your signature content to train AI models.

3. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA) or the United Kingdom, we rely on the following legal bases under Article 6 of the GDPR:

  • Contract: to deliver the Service you signed up for.
  • Legitimate interest: to keep the Service secure, prevent abuse, and improve our product.
  • Consent: for optional features like click tracking or marketing emails. You can withdraw consent at any time.
  • Legal obligation: to comply with tax, accounting, or law-enforcement requirements.

4. Who we share data with

We only share your data with the vendors we need to run the Service, and only to the extent necessary. Each of them is contractually required to protect your information.

  • Supabase — database, authentication, and file storage.
  • Vercel — application hosting and edge network.
  • Cloudflare R2 — object storage for uploaded images at scale.
  • Dodo Payments — payment processing for paid plans.
  • OpenAI — when you use the AI signature generator, the minimum data needed to produce a result is sent to OpenAI. OpenAI does not use API inputs to train its models by default.
  • Google — if you sign in with Google OAuth, your basic profile and email are provided to us by Google.
  • Resend — transactional email delivery.

We may also disclose your information if required by law, court order, or a legitimate request from a government authority, or to protect our rights, property, or safety.

5. Cookies and similar technologies

We use a small number of cookies and similar technologies to run the Service:

  • Strictly necessary cookies: session cookies issued by Supabase Auth so you stay logged in. These cannot be disabled without breaking the product.
  • Preference cookies: to remember your theme (light/dark) and language.
  • Analytics: aggregated, privacy-respecting analytics that do not track individual users across other sites.

We do not run third-party advertising cookies. You can clear cookies at any time from your browser settings; clearing session cookies will log you out.

6. Data retention

We keep your data for as long as your account is active. If you delete your account, we remove your signatures, uploads, and profile data within 30 days, except where we are legally required to keep certain records (for example, billing and tax records, which we retain for up to 7 years). Backups that include your data are rotated and fully purged within 90 days.

7. International transfers

Some of our vendors are located outside your country, including in the United States, the European Union, and other regions. When we transfer personal data out of the EEA or the UK, we rely on adequate safeguards such as the European Commission’s Standard Contractual Clauses or the vendor’s own approved transfer mechanisms.

8. Your rights

Depending on where you live, you may have the following rights over your personal data:

  • Access — ask for a copy of the data we hold about you.
  • Rectification — ask us to correct data that is inaccurate or incomplete.
  • Erasure— ask us to delete your data (the “right to be forgotten”).
  • Restriction — ask us to pause processing in certain situations.
  • Portability — ask for a machine-readable copy of your data to move to another service.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at info.stilak@gmail.com. We will respond within 30 days.

9. Security

We take security seriously. All traffic is encrypted in transit with TLS, passwords are hashed by Supabase Auth, secrets are stored only on the server, and our database uses row-level security so users can only read their own data. We regularly review our access controls and update dependencies. No system is perfectly secure, so if you believe your account has been compromised, please contact us immediately.

10. Children’s privacy

MailSigCraft is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of the page and, if appropriate, notify you by email or an in-app notice before the change takes effect.

12. Contact us

If you have questions about this Privacy Policy or how we handle your data, email us at info.stilak@gmail.com. See also our Terms of Service, Refund Policy, and Contact page.

MailSigCraft

Professional email signatures in seconds. Free to start.

Product

  • Signature Editor
  • Templates
  • Pricing

Install Guides

  • Gmail
  • Outlook
  • Apple Mail

Company

  • Contact
  • Privacy Policy
  • Terms of Service
  • Refund Policy
© 2026 MailSigCraft. All rights reserved.