Last updated: March 2026
We collect information you provide directly, including: name, email address, phone number, electronic signatures, and document content. We also automatically collect technical information such as IP address, browser type, device information, and usage data to improve our Service and maintain security.
We use your information to: (a) provide and maintain the Service; (b) process electronic signatures; (c) send notifications about document status; (d) generate AI-powered video explanations of documents; (e) maintain audit trails for legal compliance; (f) improve the Service; and (g) comply with legal obligations.
When processing HIPAA authorization forms, we may collect Protected Health Information including dates of birth, partial Social Security numbers, and medical record date ranges. This information is encrypted at rest and in transit, access-controlled, and handled in accordance with HIPAA requirements. We will enter into a Business Associate Agreement (BAA) with covered entities as required.
We do not sell your personal information. We may share your information with: (a) service providers who assist in operating the Service (cloud hosting, email delivery, SMS services); (b) the organization that sent you a document to sign; (c) law enforcement when required by law; and (d) in connection with a merger, acquisition, or sale of assets.
We implement comprehensive security measures including: AES-256-GCM encryption for sensitive data at rest, TLS 1.2+ encryption for data in transit, rate limiting on all API endpoints, session management with automatic timeouts, audit logging of all security-relevant actions, and regular security assessments. Access to production systems is restricted to authorized personnel only.
We retain signed documents and associated audit trails for a minimum of 7 years to comply with legal requirements. Account data is retained for the duration of your account plus 30 days after deletion. You may request deletion of your data at any time, subject to legal retention requirements.
Depending on your jurisdiction, you may have the right to: (a) access your personal information; (b) correct inaccurate data; (c) delete your data (subject to legal retention requirements); (d) object to processing; (e) data portability; and (f) withdraw consent. To exercise these rights, contact us at [email protected].
We use essential cookies for authentication and session management. We use analytics to understand how the Service is used and to improve it. We use email tracking pixels to confirm document delivery. You can control cookie settings through your browser preferences.
The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete it promptly.
Your information may be transferred to and processed in the United States. By using the Service, you consent to the transfer of your information to the United States, which may have different data protection laws than your country of residence.
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.
For privacy-related inquiries, contact us at [email protected] or write to: Heritage Personal Injury Firm LLC, Privacy Department.