Privacy Policy
Effective date: April 28, 2026
Permissio, Inc.
1. Introduction
This Privacy Policy explains how Permissio, Inc. ("Permissio," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with Permissio websites, applications, APIs, signer experiences, developer tools, and related services (collectively, the "Services").
Permissio processes different categories of information in different roles:
- Controller / Business. For account registration, billing, marketing, website activity, platform administration, and support, Permissio acts as a business or data controller and this Policy applies directly.
- Processor / Service Provider. For documents, envelopes, recipient data, signer data, templates, and workflow content submitted by a customer, Permissio acts as a service provider or data processor on behalf of that customer under the customer's instructions. If you are a signer or recipient of a document sent through Permissio, the customer who sent the document controls that data. Please contact that customer directly for privacy questions about the document or the underlying transaction.
This Policy should be read together with the Terms of Service, Data Processing Addendum, Cookie Notice, and Subprocessor List.
2. Information We Collect
| Category | Examples | Source |
|---|---|---|
| Account data | Name, email address, company name, workspace membership, role, account settings | Customer or Authorized User |
| Authentication data | Login identifiers, session identifiers, multi-factor status, access tokens, revoked session records | Identity provider and user activity |
| Billing data | Plan, subscription status, invoice records, payment processor customer identifiers | Customer and payment processor |
| Customer Content | Documents, templates, envelopes, recipients, signer details, form submissions, signature fields, metadata | Customer, Authorized Users, signers, recipients, and API integrations |
| Developer and API data | API key prefixes, scopes, request identifiers, webhook endpoints, delivery records | Customer and system activity |
| Security and audit data | IP address, user agent, audit events, request logs, access records, security settings | System activity |
| Email and notification data | Recipient email, message status, delivery events, suppression records | Customer and system activity |
| Website and usage data | Device information, browser information, pages visited, cookie identifiers | Browser and device |
| Support and communications | Support requests, messages, attachments, call notes | Customer or user |
3. How We Use Information
We use personal information to:
- Provide, operate, maintain, and secure the Services
- Create accounts, manage workspaces, authenticate users, and enforce permissions
- Create, send, sign, stamp, store, and retrieve envelopes and documents
- Generate audit trails, certificates, and security logs
- Send service emails, signing invitations, completion notices, and account alerts
- Process payments, subscriptions, invoices, and plan changes
- Provide developer tools, API access, webhooks, and sandbox environments
- Detect, prevent, and respond to abuse, fraud, and unauthorized access
- Comply with legal obligations and enforce our agreements
- Improve the Services using aggregated or de-identified information where permitted
4. Customer Content and Processor Role
Customers control the documents, envelopes, recipients, signer authentication methods, metadata, templates, and API payloads submitted to the Services. Permissio processes Customer Content solely to provide the Services under customer instructions.
If Customer Content contains personal information about signers or recipients, the customer is responsible for providing required notices, obtaining required permissions, and determining whether Permissio's electronic signature workflows are appropriate for the intended transaction.
5. How We Share Information
We disclose personal information only as described below:
- Service providers and subprocessors that support hosting, authentication, payment processing, email delivery, storage, security, and support. See the Subprocessor List.
- Customer administrators and Authorized Users according to workspace permissions and settings.
- Recipients, signers, and participants in a transaction as needed to complete the workflow.
- Customer-configured webhook endpoints and integrations.
- Professional advisors, auditors, and legal counsel under confidentiality obligations.
- Government authorities or third parties when required by law, valid legal process, or to protect rights and safety.
- A successor entity in a merger, acquisition, or sale of assets, with notice to affected users where required.
Permissio does not sell personal information. Permissio does not use Customer Content for cross-context behavioral advertising.
6. Cookies and Similar Technologies
Permissio uses cookies and similar technologies as described in the Cookie Notice. Where required by law, Permissio will request consent before placing non-essential cookies.
7. Legal Bases for Processing
Where GDPR, UK GDPR, or similar laws apply, Permissio relies on legal bases including:
- Contract performance — to provide Services to customers and Authorized Users
- Legitimate interests — to operate and secure the Services, prevent fraud, enforce agreements, and support customers
- Consent — where required for certain processing, including non-essential cookies
- Legal obligations — to comply with applicable law
- Processing on behalf of Customer — under the Data Processing Addendum where Permissio acts as a processor
8. Privacy Rights
Depending on your location and applicable law, you may have rights to:
- Access personal information we hold about you
- Correct inaccurate personal information
- Delete personal information (subject to retention obligations and legal holds)
- Port your personal information
- Restrict or object to certain processing
- Opt out of certain data uses
- Appeal a privacy request decision
To submit a privacy request, contact privacy@permissio.us.
If your request relates to Customer Content controlled by a Permissio customer, we may refer you to that customer or process the request under that customer's instructions. Permissio will not discriminate against you for exercising privacy rights.
9. Retention
Permissio retains personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Customer Content retention depends on customer settings, legal holds, backup cycles, plan features, and the Retention and Deletion Policy. After account termination, we retain data as required by law and delete the rest within applicable backup and deletion cycles.
10. Security
Permissio uses administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of storage or transmission is completely secure. Vulnerability reports may be submitted under the Security Disclosure Policy.
11. International Transfers
Permissio processes information in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. Where required, Permissio uses appropriate transfer mechanisms, which may include standard contractual clauses or other lawful transfer tools.
12. Children
The Services are not directed to children under 13. Permissio does not knowingly collect personal information from children under 13, except where a customer lawfully submits such information as part of Customer Content with all required permissions.
13. Changes to This Policy
Permissio may update this Privacy Policy from time to time. Material changes will be posted through the website, application, email, or other reasonable means. The updated Policy will state its effective date.
14. Contact
Privacy questions: privacy@permissio.us