• Scope: This Privacy Policy applies to Convoia Docs a product of Convoia, 600 Broadway Suite 320C, Seattle, WA. It explains what personal data we collect, how we use it, and your rights. By using the Service, you consent to the practices described herein.

• Information We Collect: We collect personal information you provide when you register or use the Service. This includes your contact and identity details such as email address, first and last name, phone number and account data. We also collect Usage Data automatically: for example, your IP address, browser type, device identifiers, pages viewed, and the time and date of visits. If you use the Service on a mobile device, we may also collect device-specific data e.g. device model, operating system. We use standard web tracking technologies such as cookies, web beacons, and similar tools to collect this Usage Data. For instance, we use cookies to authenticate you and maintain your session, to enhance site functionality like remembering your preferences, and to analyze traffic. You can control cookies via your browser settings, but disabling necessary cookies may prevent you from using some Service features.

• How We Use Your Information: Convoia uses your personal data to provide, maintain, and improve the Service. For example, we use it to manage your account, authenticate you, and personalize your experience. We may use your information to communicate with you such as sending service-related announcements or security updates. We may also use data to understand Service usage patterns, to develop new features, and for internal analytics. If you have consented, we may send you newsletters or promotional materials about features or related services you may opt out of such communications at any time. We do not sell or otherwise share your personal information with unrelated third parties for their marketing purposes.

• Data Sharing: We do not share personal data with third-party advertisers or analytics providers, since there are no third-party service integrations in the Service. We may share data with service providers who help operate the Service for hosting or email, for example such providers are bound by confidentiality. If Convoia is involved in a merger, acquisition or asset sale, user data may be transferred to the new entity, but we will notify affected users. We will never transfer your data to countries or organizations unless adequate protections such as GDPR-standard safeguards are in place.

• Information Collected During Electronic Signing: When you use Convoia Docs to send or sign documents electronically, our platform collects and generates certain personal data as part of the electronic signing process. This data is necessary to create the above-mentioned audit trail and to comply with e-signature legal requirements. The information collected includes identifiers and contact information such as each signer’s name and email address and transactional details about the document and signature event. For example, Convoia will record the date and time when you opened, signed, or completed a document, as well as the IP address and device information from which you performed these actions. If additional authentication steps are used, we also collect the information associated with those steps for instance, the phone number used for an SMS verification and the one-time code entered, or a copy of a government ID that you provided for identity verification. In essence, Convoia gathers the same types of information that users of our service would expect us to record in order to prove the validity of the electronic transaction, such as the names of the persons involved, the devices or methods they used to sign, and key timestamps. This data becomes part of the electronic record of the transaction.

• Use of E-Signature Data (Audit Trail): Convoia uses the information above solely for the purpose of facilitating and documenting the electronic signature transaction. The event logs, timestamps, and personal identifiers are compiled into an audit trail or “certificate of completion” for each signed document, which serves as a neutral record of the transaction. This audit trail data allows Convoia to verify and attest to the details of the signing process for example, to provide evidence of who signed a document and when in the event of a legal dispute or for compliance audits. We do not use the personal data collected through the e-signature process for marketing or advertising purposes, nor do we sell or share that data with third parties except as necessary to provide the service e.g., sharing the completed documents and audit logs with the parties to the agreement or as required by law. In summary, information like email addresses, IP addresses, and identity verification data collected during signing is used only to log the transaction and ensure its legal enforceability, and for no other purpose.

• Storage & Security of Signature Records: Convoia takes the security of electronic signature records and personal data very seriously. All documents you upload for signing, as well as the associated audit trail records, are stored on secure servers with encryption. In particular, completed documents and audit logs are protected using strong encryption standards both in transit and at rest. We also implement strict access controls only authorized Convoia personnel with a valid business need can access the minimal data necessary to troubleshoot or support your transactions, and even Convoia’s staff cannot alter the signed documents or audit logs once they are completed. Our system uses tamper-evident technology and computer-generated timestamps to ensure that any unauthorized change to an electronic record would be detected. We are committed to maintaining confidentiality and integrity of your data in compliance with applicable privacy laws and regulations. Convoia’s data handling practices are designed to be GDPR-compliant for our EU users, and we follow industry best practices in data security similar to those of leading e-signature providers. The Certificate of Completion/audit trail itself is stored securely as part of our system records and contains key details like signers’ names, emails, IP addresses, etc. necessary to demonstrate the transaction’s validity These records are safeguarded with the same care as any sensitive personal information we hold.

• Retention of Electronic Signature Records: Convoia retains electronic signature data including audit trails and associated personal information for as long as is necessary to serve the purposes described above and to comply with our legal obligations. In many jurisdictions, electronic contract records must remain accessible to the parties for a certain period of time, and e-signature records must be capable of accurate retention and reproduction for reference by all parties. Accordingly, once a document is electronically signed through Convoia, we will keep the audit trail and related evidence of the transaction for a period that satisfies applicable laws and our internal retention policies. This ensures that you, and any other party entitled to a copy of the record, can obtain one from the system for your records or legal enforcement needs. If you are a Convoia account holder, you will typically have the ability to download copies of signed documents along with their audit trails directly. Even if you or the document sender deletes or archives the document on Convoia, Convoia may preserve the underlying signature log data to be able to demonstrate the validity of the signature if required. We store these records in a secure, encrypted form throughout the retention period. Once the retention period expires and provided the data is not required for any ongoing dispute, legal requirement, or legitimate business purpose, Convoia will dispose of or anonymize the electronic signature data in accordance with our Privacy Policy and applicable law. We offer features to purge documents while retaining a basic audit trail, and to redact personal data from logs when appropriate, to align with privacy regulations. By using Convoia Docs, you acknowledge that Convoia will maintain these logs and records of your electronic signature transactions as described, and that such retention is necessary to give your electronic agreements legal effect. All retained e-signature personal data remains subject to the privacy and security protections outlined in this Policy.

• Cookies and Tracking: We use cookies and similar technologies to improve and analyze our Service. Required session cookies enable basic functions like logging in. Preference cookies remember your settings like language. Analytics cookies help us see how people use the Service so we can improve it. You may manage cookie preferences through your browser refusing cookies may limit functionality. We do not use cookies for third-party advertising. In compliance with applicable laws, we inform users about cookies and how to disable them.

• Your Privacy Rights: Convoia respects your rights under international privacy laws. If you are located in the European Union or United Kingdom, you have rights under the GDPR, including the right to access and obtain a copy of your personal data, to correct inaccurate data, to request deletion of your data, and to restrict or object to certain processing. For example, GDPR Article 15 gives you the right to confirm and access your data, and Article 17 provides the “right to be forgotten” by erasing data under qualifying conditions. You may withdraw consent to processing at any time where processing is based on consent and request portability of your data. If you are a California resident, the CCPA/CPRA gives you rights including the right to know what personal data we collect, the right to request deletion of data, the right to correct inaccuracies, and the right to opt out of any future sale of data. Californians also have the right not to be discriminated against for exercising these rights. To exercise any of these rights or if you have questions about your privacy, please contact us at Privacy@convoia.com or at our address below. We will respond to verifiable requests in accordance with applicable law.

• Data Delete/Portability Requests: You can review, update, or delete much of your information through your account settings. You may also submit requests to access, correct, or delete your personal data by contacting us as above. We will respond in a reasonable timeframe and in accordance with law. Note that we may need to retain certain information if required by law.

• Children’s Privacy: The Service is not intended for children under 18, and we do not knowingly collect data from them. If we learn we have inadvertently received personal information from a child under 18, we will delete it.

Contact Information: For privacy inquiries or to exercise your rights, you can reach us at:

Email: Privacy@convoia.com

Phone: (206) 787-0784 

• Address: Convoia (Convoia Docs)
  600 Broadway Suite 320C
  Seattle, WA 98122
  United States

• Updates to This Policy: We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect changes. We encourage you to review this page periodically. Continued use of the Service after changes indicates your acceptance.

• International Transfers: Information you submit will be stored and processed in the United States. If you are located outside the U.S., your personal data will be transferred to the U.S. where our servers and staff operate. We will protect your data in accordance with this Policy and with GDPR-compliant safeguards for such transfers.

• Compliance: This Privacy Policy is designed to meet global privacy requirements, including the EU/UK GDPR, California’s CCPA/CPRA, and other applicable laws. For example, as the CCPA requires, this Policy includes instructions on how California consumers can request deletion of their data and information about consumer privacy rights. We take our obligations seriously and update our practices as needed to remain compliant.

• Consent: By using Convoia Docs and providing your personal data, you consent to this Privacy Policy and to the collection, use, and disclosure of your information as described above.

• Links to Third-Party Sites: Convoia Docs may contain links to other websites. We are not responsible for the privacy practices of those sites. Please read any other privacy policies carefully when you visit other sites.
• Effective Date: This Privacy Policy is effective as of the date shown above.