Privacy Policy
Version 1.0. Effective May 16, 2026.
Who we are
Ensealed is a service operated by Mesquite Dev LLC, an Arizona limited liability company ("we," "us," "our"). This policy explains what personal data we collect, why, how long we keep it, and the rights you have.
Mailing address: Mesquite Dev LLC, Buckeye, AZ 85326, United States.
Contact for privacy questions: privacy@ensealed.com.
EU and UK representative
Under Article 27 of the EU GDPR and the UK GDPR, Ensealed will name a representative in the European Economic Area and the United Kingdom before we accept signups originating in those regions. Once appointed, this section will list their name, postal address, and contact email. Until then, please direct GDPR / UK GDPR enquiries to privacy@ensealed.com and we will respond within the statutory 30 day window.
What we collect
Account data
- Email address, password hash, workspace name, role.
- Authentication provider IDs if you sign in with Google or Microsoft (no password stored).
- Records of authentication events: timestamps of sign-in attempts, failed-login counts (used to throttle abuse), session IP addresses, and last-active timestamps.
Document data you upload
- PDF documents you upload to send for signature.
- Names, email addresses, and signature images of recipients you add.
- Any data your recipients enter into form fields you place on documents.
Signing event data (legally required)
- IP address, user agent, and approximate geographic country of every signer at the moment of signing.
- Timestamps of every view, sign, decline, and resend.
- Authentication artifacts (email OTP attempts, SMS OTP if used, ID verification result codes).
This data is part of the immutable audit trail attached to every document. Removing it would invalidate the legal force of the signature.
Product usage data
- Anonymized event data (which features you use, error counts) collected only if you accept analytics in the cookie banner.
- Server logs (request paths, status codes, response times) retained for 30 days for debugging and abuse detection.
Billing data
- If you pay for Ensealed, our payment processor Polar collects your billing address and tax data as required by law. We never see your card number.
Why we collect it
- To provide the service (contract performance).
- To create a legally valid audit trail for signed documents (legal obligation under ESIGN, UETA, eIDAS).
- To detect abuse and protect the service (legitimate interest).
- To send transactional email related to your documents (legitimate interest).
- To send marketing email only if you opt in (consent).
- To improve the product based on aggregated analytics if you accept analytics cookies (consent).
Subprocessors
We share data with the following service providers to operate Ensealed. Each has its own privacy policy and security posture.
| Vendor | Purpose | Data | Location |
|---|---|---|---|
| Cloudflare Inc. | CDN, Workers runtime, R2 storage, WAF, analytics | IP, request data, signed PDFs | Global |
| Supabase Inc. | Database, auth, realtime | Account, document metadata, signer records | United States |
| Polar Software Inc. | Billing and tax (Merchant of Record) | Billing address, tax ID | United States, European Union |
| Resend Inc. | Transactional email delivery | Recipient email, message contents | United States |
| Anthropic PBC | AI clause review (only when feature used) | Document text segments you submit to the feature | United States |
| Functional Software Inc. (Sentry) | Error tracking | Error stack traces, request metadata, scrubbed of PII | United States |
| PostHog Inc. | Product analytics (opt-in only) | Anonymized event data | United States |
| Better Stack | Uptime monitoring | No customer data, only health pings | European Union |
| HetrixTools LLC | Uptime monitoring (geographic diversity) | No customer data, only health pings | Global |
| Axiom Inc. | Application logs | Request logs, scrubbed of PII | United States |
We commit to 14 days notice before changing or adding any subprocessor that handles customer data.
International transfers
Ensealed is operated from the United States. If you are in the European Economic Area, the United Kingdom, or another region with cross-border transfer rules, your data is transferred to the United States under the Standard Contractual Clauses approved by the European Commission. Cloudflare and Supabase certifications include the EU-US Data Privacy Framework.
Retention
- Completed signed documents and their audit trails: 7 years from completion, unless you delete the document earlier.
- Draft documents: 90 days after last edit, then auto-purged.
- Account data: retained while your account is active, deleted within 30 days of account closure.
- Server request logs: 30 days.
- Backups: 30 days encrypted at rest.
Some data may be retained longer if required by law (for example, billing records retained for 7 years for tax purposes).
Your rights
Depending on where you live, you have one or more of the following rights:
- Access. Get a copy of personal data we hold about you.
- Rectify. Correct inaccurate data.
- Delete. Ask us to delete your data, subject to legal retention obligations.
- Port. Receive your data in a machine-readable format.
- Object to processing based on legitimate interest.
- Withdraw consent at any time without affecting prior processing.
- Not be discriminated against for exercising any of these rights.
To exercise any right, email privacy@ensealed.com. We respond within 30 days. If we cannot fulfill your request we will tell you why.
Appeal. If we deny your request, you may appeal by replying to our response email with the word "appeal" in the subject. We re-review appeals within 45 days. If you are still not satisfied, you may contact your state attorney general (US) or supervisory authority (EEA, UK, Switzerland).
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to lodge a complaint with your local data protection authority.
California specifics (CCPA / CPRA) - Your Privacy Choices
We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We honor Global Privacy Control (GPC) signals automatically: if your browser sends GPC, analytics tracking stays off and we will not enable any future "sale" of your data.
You have these rights under California law: know, access, delete, correct, port, limit use of sensitive personal information, opt out of sale or sharing (even though we do not sell or share), and freedom from retaliation for exercising any right. To exercise any of these, email privacy@ensealed.com.
We do not knowingly process the personal information of California residents under 16 without express opt-in consent.
AI features and disclosures
Ensealed offers an optional AI clause review feature. When you use it, the text you submit is sent to Anthropic via the Claude API for analysis and returned to you. Anthropic does not train on data submitted via their API. We do not use AI to make automated decisions that produce legal or similarly significant effects on you. You can disable the feature at any time in workspace settings.
This disclosure satisfies our obligations under the EU AI Act (limited-risk AI transparency), the Colorado AI Act, and the FTC AI guidance.
Children
Ensealed is for business use and is not directed at children under 16. We do not knowingly collect data from children under 16. If you believe we have, email privacy@ensealed.com and we will delete the data.
Security
We use TLS for data in transit, AES-256 for data at rest, and role-based access controls. We test our own application regularly. See our Security page for our responsible disclosure policy and bug bounty details.
Changes to this policy
If we make material changes we will email account holders at least 14 days in advance. The version number and effective date at the top of this page always reflect the current policy.