Privacy Policy

We use the information we collect to:

• Create and manage your account
• Provide, operate, and improve the Service
• Process transactions and send related information, including purchase confirmations and invoices
• Facilitate the e-signature process and maintain legally required audit trails
• Store and retrieve your document templates and instances
• Send transactional emails (account verification, password reset, signing notifications)
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns to improve the Service
• Detect, investigate, and prevent fraudulent transactions and other illegal activities
• Comply with legal obligations

We do not sell your personal information to third parties. We do not use your document content for marketing purposes or to train AI models.

If you are located in the European Union or European Economic Area, our legal bases for processing your personal data are:

• Contract Performance: Processing necessary to provide the Service you’ve signed up for.
• Legitimate Interests: Improving and securing the Service, fraud prevention, and communicating with you about your account.
• Legal Obligation: Maintaining e-signature audit trails as required by applicable law (ESIGN Act, UETA, eIDAS).
• Consent: Where we have obtained your consent for specific processing activities (such as marketing communications).

We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf, including Stripe (payments), Supabase (database), Vercel (hosting), Railway (backend), SendGrid (email delivery), and GoDaddy (domain registration). These parties are bound by contractual obligations to keep your information confidential and secure.
• E-Signature Recipients: When you send a document for signature, the recipient’s name, email, and signature are shared between parties to the transaction as necessary to complete the signing process.
• Legal Requirements: When required by applicable law, court order, or governmental authority.
• Business Transfers: In connection with a merger, acquisition, or sale of all or substantially all of our assets. We will provide notice before your personal information becomes subject to a different privacy policy.
• Protection of Rights: When necessary to protect the rights, property, or safety of SetCounsel, our users, or others.

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

• Account Data: Retained for the life of your account plus 3 years after account closure.
• Document Instances and Signature Records: Retained for 7 years to comply with legal and audit requirements associated with electronic signatures.
• Payment Records: Retained for 7 years as required by tax and financial regulations.
• Log Data: Retained for up to 12 months.

You may request deletion of your account and personal data at any time (see Your Rights, below). Note that we may be required to retain certain records — particularly e-signature audit trails — even after account deletion.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption in transit (TLS) and at rest
• Access controls limiting employee access to personal data
• Regular security assessments
• Use of industry-standard infrastructure providers (Supabase, Vercel) with their own security programs

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request a machine-readable export of your personal data (EU/EEA users).
• Objection/Restriction: Object to or request restriction of certain processing activities.
• Withdrawal of Consent: Where processing is based on consent, withdraw that consent at any time.
• Opt-Out of Sale: California residents have the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at privacy@setcounsel.com. We will respond within 30 days.

We use essential cookies necessary for the Service to function. See our Cookie Policy for full details.

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected such information, we will take steps to delete it promptly.

SetCounsel is operated from the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. For EU/EEA users, we rely on Standard Contractual Clauses and our service providers’ data processing agreements to ensure adequate protection.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service before the change becomes effective. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: