Privacy Policy

Last updated 10 July 2026

Private beta draft. Signet is in private beta. This document is accurate to how the product works today, but it has not yet had formal legal review and may change before general release. We will tell you before anything material changes. Questions? Email [email protected].

This policy explains how Signet handles personal data. Signet is a product operated by Senso Ventures Limited ("we", "us"), a brand, product and venture studio. It applies to people who use Signet to send agreements ("senders") and to people who open a link to sign one ("signers").

The short version

  • Your documents are yours. We do not sell them, and we do not use them to train AI models.
  • Data is stored with UK and EU residency and encrypted at rest.
  • When an agreement is verified, only its cryptographic fingerprint is involved. The contents never leave the document and are never made public.
  • We use a small number of trusted providers to run the service, listed in our sub-processors page.

Who the data controller is

For a sender's account data, Senso Ventures Limited is the data controller. For the contents of the agreements a sender creates and sends, the sender is the controller and Signet is a processor acting on their instructions. If you are a signer, the sender who invited you is the controller of that agreement; contact them with questions about its contents.

What we collect

When you create a Signet account (senders)

  • Account details: your name, email address, and a password (stored only as a secure hash), or the details from a Google sign-in if you choose that.
  • Workspace details: your organisation name, the people you invite, their roles, and your plan.
  • Sessions: a session record and the device and browser you signed in from, so you can see and revoke active sessions.
  • Content you add: the agreements, templates, contacts, companies, spaces and branding you create.

When you sign an agreement (signers)

  • Signing details: your name and email as entered by the sender, the signature you draw or type, and your explicit consent to sign electronically.
  • Evidence of signing: the time you opened and signed, your IP address, and your browser's user-agent string. This is recorded in the agreement's audit trail so the signature is attributable and provable.

Automatically

  • Essential cookies to keep you signed in and remember your theme. We do not use advertising or third-party analytics cookies. See our cookie policy.
  • Operational logs needed to run and secure the service.

What we do not do

  • We do not sell your data or your documents.
  • We do not use your documents to train AI models.
  • We do not put your documents, or their contents, on any public ledger. Verification only ever uses a one-way fingerprint.
  • We do not run third-party advertising or behavioural tracking.

How we use data

  • To provide the service: render agreements, send them as secure links, collect signatures, seal completed documents, and let anyone verify them.
  • To keep a tamper-evident audit trail, which is a core part of what Signet proves.
  • To send necessary service email (a signing link, a completed document, a security notice) and, where relevant, product updates you can opt out of.
  • To take payment for paid plans.
  • To keep the service secure and to meet our legal obligations.

Legal bases (UK GDPR / EU GDPR)

  • Contract: to provide the service you have signed up for.
  • Legitimate interests: to secure the service, prevent abuse, and improve Signet, balanced against your rights.
  • Legal obligation: to keep records we are required to keep, including evidence of electronic signatures.
  • Consent: for optional product marketing, which you can withdraw at any time.

Where your data lives

Signet stores data with UK and EU residency. Documents and files are held in encrypted object storage; account and agreement records are held in our own PostgreSQL database. Files are encrypted at rest. We do not host customer data outside the UK and EU. See security for more detail.

Who we share data with

We use a small set of trusted providers ("sub-processors") to run Signet, such as our email, payment and storage providers. We share only what each needs to do its job, and every one is bound to protect it. The current list is on our sub-processors page.

Some integrations, such as connecting your own CRM, are set up by you inside the app. When you connect one, you are choosing to send your data to that service under its own terms; it is not one of our sub-processors.

We may disclose data if the law requires it, or to protect the rights and safety of people and the service.

How long we keep data

We keep account and agreement data for as long as your workspace is active. Completed agreements and their audit trails are kept so they stay provable. You can delete individual agreements and export or delete your whole workspace from Settings. When you delete a workspace, we remove its data from our active systems; backups age out on a rolling basis.

Your rights

Subject to UK and EU data protection law, you can request access to your data, correction, deletion, a copy in a portable format, or that we restrict or stop certain processing. Senders can do much of this directly: export your workspace or delete agreements, contacts or the whole workspace from Settings. For anything else, email [email protected]. You also have the right to complain to your data protection regulator (in the UK, the Information Commissioner's Office).

Children

Signet is not intended for anyone under 18, and we do not knowingly collect their data.

Changes

If we make a material change to this policy, we will let you know in the app or by email before it takes effect.

Contact

Questions, requests or concerns: email [email protected].

Questions about this?

We're happy to explain anything here in plain terms.

Email us