← Back to Home
Your Privacy Matters: This Privacy Policy explains how
Red Box Software LTD collects, uses, and protects your personal
information when you use our website and document signing services.
1. Information We Collect
1.1 Personal Information
We collect personal information that you voluntarily provide when
using our services:
| Information Type |
Examples |
Purpose |
| Account Information |
Name, email address, phone number |
Account creation, authentication, communication |
| Profile Data |
Display name, company, role, preferences |
Service personalization, user experience |
| Document Metadata |
Document titles, descriptions, signer lists |
Document management, signing workflows |
| Signature Data |
Electronic signatures, signature images |
Legal document execution, authentication |
| Communication Data |
Email addresses of signers, message content |
Document notifications, workflow management |
1.2 Technical Information
We automatically collect technical information to provide and improve
our services:
-
Device Information: Browser type, operating system,
device identifiers
-
Usage Data: Pages visited, features used, time
spent on platform
-
Network Information: IP address, location data
(country/city level)
-
Performance Data: Load times, error logs, system
performance metrics
-
Security Data: Login attempts, session information,
security events
1.3 Document Content
When you upload documents for signing:
- Document files (PDFs) and their contents
- Signature positions and annotation data
- Signing timestamps and completion status
- Audit trail information for compliance
Document Security: All documents are encrypted both
in transit and at rest. We cannot read the contents of your documents
unless explicitly granted access for support purposes.
2. How We Use Your Information
2.1 Primary Purposes
-
Service Provision: Provide document signing,
storage, and management services
-
Authentication: Verify your identity and secure
your account
-
Communication: Send notifications about document
status, signing requests, and service updates
-
Workflow Management: Coordinate multi-party
document signing processes
-
Legal Compliance: Maintain audit trails and comply
with electronic signature laws
2.2 Secondary Purposes
-
Service Improvement: Analyze usage patterns to
enhance features and performance
-
Customer Support: Respond to inquiries and
troubleshoot issues
-
Security: Detect and prevent fraud, abuse, and
security threats
-
Business Operations: Generate usage statistics and
business analytics
2.3 Legal Bases for Processing
We process your personal information based on:
-
Contract Performance: To fulfill our service
agreement with you
-
Legitimate Interests: For security, fraud
prevention, and service improvement
-
Consent: Where you have explicitly agreed to
specific processing
-
Legal Obligation: To comply with applicable laws
and regulations
3. Firebase and Google Services Integration
3.1 Firebase Services Used
Our platform utilizes Google Firebase services, which process data
according to Google's privacy practices:
-
Firebase Authentication: Secure user login and
session management
-
Cloud Firestore: Document metadata and user data
storage
-
Firebase Storage: Secure document file storage with
encryption
-
Firebase Functions: Server-side processing for
document workflows
-
Firebase Hosting: Website and application hosting
3.2 Data Processing Location
Firebase services may process and store data in Google's global
infrastructure. Data is primarily stored in the us-central1 region but
may be replicated for redundancy and performance.
3.3 Google's Privacy Practices
Google Firebase is subject to Google's privacy policies. For detailed
information, please review
Google's Privacy Policy
and
Firebase Privacy Information.
4. Data Sharing and Disclosure
4.1 No Sale of Personal Data
We do not sell, rent, or trade your personal information to third
parties for their marketing purposes.
4.2 Limited Sharing
We may share your information only in these specific circumstances:
4.2.1 Document Signing Workflows
-
Sharing document titles and signer information with designated
recipients
- Sending email notifications to document signers and creators
- Providing access to completed documents to authorized parties
4.2.2 Service Providers
-
Google Firebase: Cloud infrastructure and data
processing
-
Email Services: Document notification delivery
-
Analytics Tools: Anonymized usage analytics (when
enabled)
4.2.3 Legal Requirements
-
Compliance with valid legal requests (subpoenas, court orders)
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activities
- Enforcement of our Terms of Service
4.2.4 Business Transfers
In case of merger, acquisition, or sale of assets, your information
may be transferred as part of the business transaction, subject to
confidentiality obligations.
5. Data Security Measures
Security is Our Priority: We implement comprehensive
security measures to protect your data from unauthorized access,
disclosure, alteration, or destruction.
5.1 Technical Safeguards
-
Encryption: AES-256 encryption for data at rest,
TLS 1.3 for data in transit
-
Access Controls: Multi-factor authentication and
role-based access
-
Network Security: Firewalls, intrusion detection,
and DDoS protection
-
Data Isolation: Logical separation of customer data
and systems
-
Secure Tokens: JWT tokens for document access with
expiration controls
5.2 Operational Safeguards
-
Regular Audits: Security assessments and
vulnerability testing
-
Monitoring: Continuous monitoring for unauthorized
access attempts
-
Incident Response: Procedures for detecting and
responding to security breaches
-
Staff Training: Regular security awareness training
for team members
-
Compliance: Adherence to industry security
standards and best practices
5.3 Document-Specific Security
- Documents are encrypted with unique keys per user/document
-
Access is restricted to document creators and designated signers
only
- Secure token-based sharing prevents unauthorized access
- Complete audit trails track all document interactions
- Automatic deletion of access tokens after document completion
6. Data Retention and Deletion
6.1 Retention Periods
| Data Type |
Retention Period |
Reason |
| Account Information |
Account lifetime + 1 year |
Service provision, legal compliance |
| Document Metadata |
7 years after completion |
Legal record keeping, audit requirements |
| Signed Documents |
7 years minimum or as legally required |
Legal validity, compliance obligations |
| Audit Logs |
7 years |
Legal compliance, fraud prevention |
| Technical Logs |
90 days |
Security monitoring, troubleshooting |
| Email Communications |
2 years |
Support, dispute resolution |
6.2 Deletion Process
- Automated deletion based on retention schedules
- Secure overwriting of deleted data
- Backup purging according to retention policies
- Manual deletion available upon valid request
Important: Some data may be retained longer if
required by law, ongoing legal proceedings, or legitimate business
needs.
7. Your Privacy Rights
7.1 Access and Control
You have the following rights regarding your personal information:
- Access: Request copies of your personal data
-
Correction: Update or correct inaccurate
information
-
Deletion: Request deletion of your personal data
(subject to legal requirements)
-
Portability: Receive your data in a
machine-readable format
-
Restriction: Limit how we process your information
-
Objection: Object to certain types of processing
7.2 How to Exercise Your Rights
To exercise your privacy rights:
-
Send a request to
stiaan@red-box-software.com
-
Include your name, email address, and specific request details
- Provide verification of your identity if requested
- We will respond within 30 days of receiving your request
7.3 Account Management
You can also manage your information through your account:
- Update profile information and preferences
- View your document history and activity
- Download your signed documents
- Delete individual documents you've created
- Manage notification preferences
8. Cookies and Tracking
8.1 Types of Cookies
We use the following types of cookies and similar technologies:
-
Essential Cookies: Required for website
functionality and security
-
Authentication Cookies: Maintain your login session
-
Preference Cookies: Remember your settings and
preferences
-
Performance Cookies: Analyze website usage and
performance (anonymized)
8.2 Third-Party Services
Some third-party services may set their own cookies:
-
Firebase/Google: Authentication and analytics
services
-
Security Services: Fraud detection and prevention
8.3 Cookie Control
You can control cookies through your browser settings, but disabling
essential cookies may affect website functionality.
9. International Data Transfers
9.1 Global Infrastructure
Our services utilize global cloud infrastructure, which may involve
transferring your data across international borders. All transfers are
protected by appropriate safeguards including:
-
Standard contractual clauses approved by regulatory authorities
- Adequacy decisions recognizing equivalent protection levels
- Certification schemes and codes of conduct
- Technical and organizational security measures
9.2 Primary Storage Locations
-
Primary: United States (Google Cloud us-central1)
-
Backup: Multi-region replication for disaster
recovery
-
Processing: May occur in various Google Cloud
regions
10. Children's Privacy
Our services are not intended for children under 16 years of age. We
do not knowingly collect personal information from children under 16.
If we become aware that we have collected personal information from a
child under 16, we will take steps to delete such information
promptly.
If you are a parent or guardian and believe your child has provided
personal information to us, please contact us immediately.
11. Data Breach Notification
11.1 Our Commitment
In the unlikely event of a data breach that may affect your personal
information:
- We will investigate the incident immediately
- Take steps to contain and remediate the breach
- Notify relevant authorities as required by law
- Inform affected users within 72 hours when feasible
- Provide guidance on protective measures you can take
11.2 What We'll Tell You
Breach notifications will include:
- Nature of the breach and data involved
- Likely consequences of the breach
- Measures taken to address the breach
- Recommendations for protecting yourself
- Contact information for questions
12. Business Analytics and Research
12.1 Anonymized Analytics
We may use anonymized and aggregated data for business purposes:
- Service usage statistics and trends
- Performance optimization and capacity planning
- Feature development and improvement
- Market research and competitive analysis
12.2 Data Anonymization
Analytics data is processed to remove all personally identifiable
information:
- Names, email addresses, and contact information are removed
- IP addresses are anonymized or aggregated
- Document contents are never included in analytics
- Data is aggregated to prevent individual identification
13. Updates to This Privacy Policy
13.1 Change Notification
We may update this Privacy Policy periodically to reflect changes in
our practices, services, or legal requirements. When we make changes:
- The "Last Updated" date will be revised
- Significant changes will be highlighted on our website
- Material changes may be communicated via email
-
Continued use of our services constitutes acceptance of updates
13.2 Review Frequency
We recommend reviewing this Privacy Policy periodically to stay
informed about how we protect your information.
14. Regulatory Compliance
14.1 Applicable Laws
Our privacy practices comply with relevant data protection laws,
including:
- New Zealand Privacy Act 2020
- GDPR (for EU users)
- CCPA (for California residents)
-
Electronic signature laws in applicable
jurisdictions
14.2 Legal Basis Documentation
We maintain documentation of our legal bases for processing personal
information and can provide this upon request to regulatory
authorities.