Privacy Policy

1. Introduction

Popularis, Inc. ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our electronic signature platform and services (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. We comply with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our Service:

• Account Information: Name, email address, password, company name, job title, phone number
• Profile Information: Profile photo, signature image, preferences, and settings
• Document Content: Documents you upload, create, or sign through our Service
• Payment Information: Billing address, payment method details (processed securely through our payment processor)
• Communications: Messages, feedback, and support requests you send to us

2.2 Information Collected Automatically

When you access our Service, we automatically collect certain information:

• Usage Data: Pages viewed, features used, time spent, click patterns, and navigation paths
• Device Information: IP address, browser type and version, operating system, device identifiers
• Log Data: Access times, error logs, and system activity
• Cookies and Tracking: Session cookies, preference cookies, and analytics cookies (see Section 8)
• Audit Trail Data: Timestamps, IP addresses, and authentication events for signed documents

2.3 Information from Third Parties

We may receive information from third-party services you connect to Popularis, such as cloud storage providers, CRM systems, or authentication services. We only collect information necessary to provide the integration functionality you request.

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Delivery: To provide, maintain, and improve our electronic signature platform
• Document Processing: To facilitate document creation, signing, storage, and management
• Authentication: To verify your identity and secure your account
• Communication: To send service updates, security alerts, and support messages
• Billing: To process payments and manage subscriptions
• Analytics: To understand usage patterns and improve user experience
• Security: To detect, prevent, and respond to fraud, abuse, and security incidents
• Legal Compliance: To comply with legal obligations and enforce our Terms of Service
• Marketing: To send promotional communications (with your consent, where required)

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Obligation: To comply with applicable laws and regulations
• Consent: For marketing communications and optional features (you may withdraw consent at any time)

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

• Cloud hosting providers (AWS, Google Cloud)
• Payment processors (Stripe)
• Email service providers (Amazon SES, SendGrid)
• Analytics providers (Google Analytics, Mixpanel)
• Customer support tools (Intercom, Zendesk)

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Document Recipients

When you send documents for signature, we share those documents and related information with the recipients you specify. You are responsible for ensuring you have the right to share this information.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change in ownership.

6. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: 256-bit AES encryption at rest, TLS 1.3 in transit
• Access Controls: Role-based access, multi-factor authentication, and principle of least privilege
• Infrastructure Security: Secure data centers, firewalls, intrusion detection systems
• Compliance: SOC 2 Type II certified, GDPR and CCPA compliant
• Monitoring: 24/7 security monitoring and incident response
• Regular Audits: Third-party security audits and penetration testing
• Employee Training: Regular security awareness training for all staff
• Data Backups: Encrypted, geographically distributed backups

While we implement industry-leading security measures, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 90 days after account closure
• Signed Documents: Retained for 7 years to comply with legal and regulatory requirements
• Audit Trails: Retained for 7 years for legal compliance and dispute resolution
• Billing Records: Retained for 7 years for tax and accounting purposes
• Marketing Data: Retained until you unsubscribe or request deletion

After the retention period, we securely delete or anonymize your information. You may request earlier deletion subject to our legal obligations.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies

• Essential Cookies: Required for authentication, security, and basic functionality
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use the Service
• Marketing Cookies: Used to deliver relevant advertisements (with your consent)

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality. You can opt out of analytics cookies through our cookie preferences center.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

9.1 GDPR Rights (EEA Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing at any time
• Lodge a Complaint: File a complaint with your data protection authority

9.2 CCPA Rights (California Users)

• Know: Request disclosure of data collection and sharing practices
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we do not sell data)
• Non-Discrimination: Equal service regardless of privacy rights exercise

9.3 Exercising Your Rights

To exercise any of these rights, contact us at privacy@popularis.com. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection laws
• Privacy Shield certification (where applicable)
• Binding Corporate Rules for intra-group transfers

11. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete it.

12. Marketing Communications and Anti-Spam Policy

12.1 Our Commitment

Popularis is committed to responsible email practices and strict compliance with anti-spam laws, including CAN-SPAM Act, GDPR, and CASL (Canada's Anti-Spam Legislation).

12.2 Marketing Emails

We only send marketing emails to users who have:

• Explicitly opted in to receive marketing communications
• An existing business relationship with us (for service-related updates)
• Provided consent in compliance with applicable laws

12.3 Email Content Standards

All our marketing emails include:

• Clear identification of Popularis as the sender
• Accurate subject lines that reflect email content
• Our physical mailing address
• A clear and easy unsubscribe mechanism
• Prompt processing of unsubscribe requests (within 10 business days)

12.4 Transactional Emails

We send transactional emails (account notifications, document signing requests, security alerts) that are necessary for Service operation. These are not marketing emails and cannot be unsubscribed from while you maintain an active account.

12.5 Unsubscribe Options

You can unsubscribe from marketing emails by:

• Clicking the unsubscribe link in any marketing email
• Updating your email preferences in your account settings
• Contacting us at unsubscribe@popularis.com

12.6 Email List Management

We maintain strict email list hygiene practices:

• Regular removal of bounced and invalid email addresses
• Immediate processing of unsubscribe requests
• Suppression lists to prevent re-subscription of opted-out users
• No purchase or rental of third-party email lists
• Double opt-in confirmation for new subscribers (where required by law)

12.7 Spam Prevention

We prohibit the use of our Service for spam or unsolicited communications. Users who send spam through our platform will have their accounts immediately suspended or terminated. We implement:

• Rate limiting to prevent bulk sending abuse
• Monitoring for suspicious sending patterns
• Complaint feedback loops with email providers
• Immediate investigation of spam reports

12.8 Reporting Spam

If you receive spam or unsolicited emails claiming to be from Popularis, please report it to abuse@popularis.com. We take all reports seriously and investigate promptly.

13. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice in the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with privacy laws. You can contact our DPO at:

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: