Privacy Policy
Last updated: July 2026
Who we are
Signatura is a private e-signature service personally operated by Gal Reshef (the "Operator"). The service is invite-only. Privacy inquiries: sign@galos (temporary address — will be updated when a permanent domain is set).
What data is collected
The service collects and stores:
- Account details: name, email address, preferred language, and the invite code redeemed.
- Documents uploaded for signature, including their full contents.
- Recipient details entered by senders: names and email addresses.
- Signature images (drawn, typed, or uploaded) and a saved signature if you choose to keep one.
- An audit trail: timestamps, IP addresses, browser/device details, view and signature events, code verifications and biometric verifications (the fact of verification only — no biometric data itself).
How the data is used
Data is used solely to operate the service: delivering documents for signature, evidencing the signing process (legal evidence), sending document-related notifications, and securing the service. Providing data is voluntary; the service cannot be used without it. Data is never sold or used for advertising.
Subprocessors
The service relies on established infrastructure providers:
- Vercel — application hosting (USA/EU).
- Supabase — database and file storage (EU — Frankfurt).
- Brevo — email delivery (EU).
Document access & operator privacy
Document contents are private to the parties of each document. The Operator's admin interface shows usage metadata only (document counts, statuses) — it has no capability to view document contents, document titles, or recipient details. As the infrastructure owner, the Operator technically holds database access (as any hosting provider does) — but the product contains no content-reading mechanism, and the Operator commits not to use such access except where required by law.
Retention & deletion
Documents are kept until the sender deletes them or configures auto-deletion. Deletion is staged: files are permanently removed after 14 days, and all parties receive a notice with a final download window.
Important: the signature certificate and audit trail are retained even after a document is deleted. They are the evidence that the signature happened, kept for the benefit of all parties in line with Section 3A of the Electronic Signature Law, 5761-2001.
Deleting your account removes all your documents and files, subject to the same audit-trail exception for completed documents involving other parties.
Your rights
Under the Israeli Privacy Protection Law, 5741-1981 (as amended by Amendment 13), you may inspect data held about you, request correction of inaccurate data, and request deletion. Exercise these rights via account settings or by contacting the Operator.
Security
All traffic is encrypted (TLS). Files and data are encrypted at rest by our subprocessors. Access is role-scoped (Row-Level Security), signing links use single-purpose expiring tokens, and the admin area requires biometric verification. Completed documents are sealed with a cryptographic digital signature — any modification of the file after completion is detectable.