Privacy Policy
Last updated: February 21, 2026
Signature Studio ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website and email signature generator service (the "Service").
1. Information We Collect
a. Information You Provide
- Account information: email address and password when you register.
- Signature content: name, job title, company, phone number, website, and social media links you enter into the signature builder.
- Uploaded assets: logos and images you upload for use in your signatures.
b. Information Collected Automatically
- Session data: we use server-side sessions (stored in our database) to keep you logged in. We do not use third-party tracking cookies.
- CSRF tokens: a security cookie used to protect against cross-site request forgery. This cookie contains no personal information.
- Server logs: standard web server logs that may include your IP address, browser type, and pages visited. These are used for security monitoring and debugging.
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Email & password | Account creation, authentication, and password recovery |
| Signature content | Generating and rendering your email signatures |
| Uploaded logos | Embedding in your signatures; stored on our servers |
| Session tokens | Keeping you logged in securely |
| Server logs | Security, abuse prevention, and debugging |
We do not sell, rent, or share your personal information with third parties for marketing purposes.
3. Data Storage & Security
- Passwords are hashed using bcrypt and are never stored in plain text.
- All data is stored in a MySQL database with encrypted connections.
- Session tokens are cryptographically random and expire automatically.
- We apply rate limiting to authentication endpoints to prevent brute-force attacks.
- All user-facing output is sanitized to prevent cross-site scripting (XSS).
4. Cookies
We use only essential cookies:
- session_token: identifies your logged-in session. HttpOnly, secure, same-site.
- csrf_token: protects form submissions from cross-site request forgery.
We do not use analytics cookies, advertising cookies, or third-party tracking pixels.
5. Data Retention
- Account data: retained for as long as your account is active.
- Signatures & assets: retained while your account is active. Deleted when your account is terminated.
- Sessions: expired sessions are automatically cleaned up via a scheduled task.
- Server logs: retained for up to 90 days, then automatically purged.
6. Your Rights
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate information in your account.
- Delete your account and all associated data by contacting us.
- Export your signature data.
To exercise any of these rights, contact us at support@signaturestudio.app.
7. Third-Party Services
We may use third-party services for hosting and infrastructure. These services process data on our behalf under contractual obligations to protect your information. We do not integrate third-party analytics, ad networks, or social login providers.
8. Children's Privacy
The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
9. International Users
If you are accessing the Service from outside the United States, please be aware that your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically.
11. Contact Us
If you have questions or concerns about this Privacy Policy or your data, please contact us at support@signaturestudio.app.