Your privacy matters to us. This Privacy Policy explains what personal information SignTogether collects, why we collect it, how we use it, and what rights you have over it. We are committed to handling your data responsibly and in accordance with applicable data protection law.
1. Who We Are
SignTogether operates the website at signtogether.co and provides a collaborative digital greeting card platform. If you have any questions about how we handle your data, please see the Contact Us section below.
2. Information We Collect
We collect personal information in the following ways depending on how you use the service:
Card creators (registered users): When you create an account, we collect your name and email address. You may also register via a social login provider (Google or others), in which case we receive the basic profile information you authorise that provider to share.
Card contributors (guests): When you add a message to a card without an account, we collect the name and message content you enter. We do not require you to provide a real name — you may use any name you choose.
Card content: Messages, names, and any media submitted to a card are stored and associated with that card.
Usage and analytics data: We may collect your IP address, browser type, operating system, and pages visited to understand how our service is used and to improve it.
Cookies: We use cookies and similar technologies as described in the Cookies section below.
We do not require card contributors to create an account or provide verified personal information.
3. How We Use Your Information
We use the information we collect to:
Create and manage your account (for registered users).
Display card content to the card creator and, when revealed, to the recipient.
Send transactional emails such as account notifications.
Analyse anonymised usage patterns to improve and develop our service.
Detect and prevent fraud or misuse.
Comply with our legal obligations.
Respond to your enquiries and support requests.
We do not sell your personal data. We do not use card messages or names for marketing purposes.
4. How We Share Your Information
We do not share your personal information with third parties except as follows:
Service providers: We use trusted third-party providers who process data strictly on our behalf under data processing agreements. They are not permitted to use your data for their own purposes.
Card sharing: By design, messages submitted to a card are visible to the card creator and, once revealed, to the recipient. Anyone with the card link may view contributions unless the card creator has closed the card.
Legal requirements: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of SignTogether, our users, or others.
Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
5. Third-Party Services
We use the following third-party services that may process your personal data:
Amazon Web Services (AWS) — cloud hosting and email delivery. Data is processed in accordance with AWS's Privacy Notice.
Google Analytics — anonymised website usage analytics. Data is processed in accordance with Google's Privacy Policy.
We review our third-party providers regularly and enter into appropriate data processing agreements with each.
6. Cookies and Tracking
We use cookies — small text files stored on your device — to operate and improve our service. The cookies we use fall into these categories:
Strictly necessary: Session cookies required for you to use the service, including staying logged in. These cannot be disabled without breaking core functionality.
Analytics: Cookies that help us understand how visitors use our site. These are placed only where we have a legitimate interest or your consent, and we use anonymised or aggregated data where possible.
You can disable cookies through your browser settings, though this may affect your ability to use certain features (such as staying logged in).
7. Data Retention
We retain your personal data only for as long as necessary:
Account data: Retained for the duration of your account. If you delete your account, your personal data is permanently deleted within 30 days, except where retention is required by law.
Card and message content: Retained until the card creator deletes the card or requests deletion.
Guest contributor data: Names and messages submitted by guests are retained as part of the card and deleted when the card is deleted.
Usage logs: Retained for up to 12 months for fraud detection and service improvement, then anonymised or deleted.
When data is no longer needed, it is securely deleted or anonymised.
8. Your Rights
Depending on where you are located, you may have the following rights regarding your personal data:
Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Ask us to correct inaccurate or incomplete data.
Right to erasure: Ask us to delete your data where there is no compelling reason for its continued processing.
Right to restrict processing: Ask us to pause processing of your data in certain circumstances.
Right to data portability: Receive your data in a structured, commonly used format.
Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
California (CCPA): If you are a California resident, you have the right to know what personal information we collect, the right to delete it, and the right to opt out of any sale (we do not sell personal information). To exercise your rights, contact us.
To exercise any of these rights, please contact us. We will respond within 30 days.
9. Data Security
We implement technical and organisational measures to protect your personal information, including:
Encrypted data transmission (HTTPS/TLS) for all web traffic.
Secure authentication with hashed passwords and OAuth via trusted social login providers.
Account-level access controls so your card data is only manageable by you.
Regular review of our security practices and third-party provider agreements.
No method of data transmission over the internet or electronic storage is completely secure. In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority as required by law.
10. Children's Privacy
Our service is intended for users aged 13 and over. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
11. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify registered users by email. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data — including requests to access, correct, or delete your data — please email us at hello@signtogether.co. We aim to respond to all enquiries within 5 business days.