Skip to main content

Privacy Policy

Effective date: April 28, 2026

Permissio, Inc.


1. Introduction

This Privacy Policy explains how Permissio, Inc. ("Permissio," "we," "us," or "our") collects, uses, discloses, and protects personal information in connection with Permissio websites, applications, APIs, signer experiences, developer tools, and related services (collectively, the "Services").

Permissio processes different categories of information in different roles:

  • Controller / Business. For account registration, billing, marketing, website activity, platform administration, and support, Permissio acts as a business or data controller and this Policy applies directly.
  • Processor / Service Provider. For documents, envelopes, recipient data, signer data, templates, and workflow content submitted by a customer, Permissio acts as a service provider or data processor on behalf of that customer under the customer's instructions. If you are a signer or recipient of a document sent through Permissio, the customer who sent the document controls that data. Please contact that customer directly for privacy questions about the document or the underlying transaction.

This Policy should be read together with the Terms of Service, Data Processing Addendum, Cookie Notice, and Subprocessor List.


2. Information We Collect

CategoryExamplesSource
Account dataName, email address, company name, workspace membership, role, account settingsCustomer or Authorized User
Authentication dataLogin identifiers, session identifiers, multi-factor status, access tokens, revoked session recordsIdentity provider and user activity
Billing dataPlan, subscription status, invoice records, payment processor customer identifiersCustomer and payment processor
Customer ContentDocuments, templates, envelopes, recipients, signer details, form submissions, signature fields, metadataCustomer, Authorized Users, signers, recipients, and API integrations
Developer and API dataAPI key prefixes, scopes, request identifiers, webhook endpoints, delivery recordsCustomer and system activity
Security and audit dataIP address, user agent, audit events, request logs, access records, security settingsSystem activity
Email and notification dataRecipient email, message status, delivery events, suppression recordsCustomer and system activity
Website and usage dataDevice information, browser information, pages visited, cookie identifiersBrowser and device
Support and communicationsSupport requests, messages, attachments, call notesCustomer or user

3. How We Use Information

We use personal information to:

  • Provide, operate, maintain, and secure the Services
  • Create accounts, manage workspaces, authenticate users, and enforce permissions
  • Create, send, sign, stamp, store, and retrieve envelopes and documents
  • Generate audit trails, certificates, and security logs
  • Send service emails, signing invitations, completion notices, and account alerts
  • Process payments, subscriptions, invoices, and plan changes
  • Provide developer tools, API access, webhooks, and sandbox environments
  • Detect, prevent, and respond to abuse, fraud, and unauthorized access
  • Comply with legal obligations and enforce our agreements
  • Improve the Services using aggregated or de-identified information where permitted

4. Customer Content and Processor Role

Customers control the documents, envelopes, recipients, signer authentication methods, metadata, templates, and API payloads submitted to the Services. Permissio processes Customer Content solely to provide the Services under customer instructions.

If Customer Content contains personal information about signers or recipients, the customer is responsible for providing required notices, obtaining required permissions, and determining whether Permissio's electronic signature workflows are appropriate for the intended transaction.


5. How We Share Information

We disclose personal information only as described below:

  • Service providers and subprocessors that support hosting, authentication, payment processing, email delivery, storage, security, and support. See the Subprocessor List.
  • Customer administrators and Authorized Users according to workspace permissions and settings.
  • Recipients, signers, and participants in a transaction as needed to complete the workflow.
  • Customer-configured webhook endpoints and integrations.
  • Professional advisors, auditors, and legal counsel under confidentiality obligations.
  • Government authorities or third parties when required by law, valid legal process, or to protect rights and safety.
  • A successor entity in a merger, acquisition, or sale of assets, with notice to affected users where required.

Permissio does not sell personal information. Permissio does not use Customer Content for cross-context behavioral advertising.


6. Cookies and Similar Technologies

Permissio uses cookies and similar technologies as described in the Cookie Notice. Where required by law, Permissio will request consent before placing non-essential cookies.


Where GDPR, UK GDPR, or similar laws apply, Permissio relies on legal bases including:

  • Contract performance — to provide Services to customers and Authorized Users
  • Legitimate interests — to operate and secure the Services, prevent fraud, enforce agreements, and support customers
  • Consent — where required for certain processing, including non-essential cookies
  • Legal obligations — to comply with applicable law
  • Processing on behalf of Customer — under the Data Processing Addendum where Permissio acts as a processor

8. Privacy Rights

Depending on your location and applicable law, you may have rights to:

  • Access personal information we hold about you
  • Correct inaccurate personal information
  • Delete personal information (subject to retention obligations and legal holds)
  • Port your personal information
  • Restrict or object to certain processing
  • Opt out of certain data uses
  • Appeal a privacy request decision

To submit a privacy request, contact privacy@permissio.us.

If your request relates to Customer Content controlled by a Permissio customer, we may refer you to that customer or process the request under that customer's instructions. Permissio will not discriminate against you for exercising privacy rights.


9. Retention

Permissio retains personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Customer Content retention depends on customer settings, legal holds, backup cycles, plan features, and the Retention and Deletion Policy. After account termination, we retain data as required by law and delete the rest within applicable backup and deletion cycles.


10. Security

Permissio uses administrative, technical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. No method of storage or transmission is completely secure. Vulnerability reports may be submitted under the Security Disclosure Policy.


11. International Transfers

Permissio processes information in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. Where required, Permissio uses appropriate transfer mechanisms, which may include standard contractual clauses or other lawful transfer tools.


12. Children

The Services are not directed to children under 13. Permissio does not knowingly collect personal information from children under 13, except where a customer lawfully submits such information as part of Customer Content with all required permissions.


13. Changes to This Policy

Permissio may update this Privacy Policy from time to time. Material changes will be posted through the website, application, email, or other reasonable means. The updated Policy will state its effective date.


14. Contact

Privacy questions: privacy@permissio.us