Your documents stay yours. We just keep them safe.

1. Our approach

GingerDocs helps teams edit PDFs, route them for signature, and keep a verifiable record of what happened. GingerDocs is operated by Trigger Soft ("we," "us"), which is responsible for the personal data described on this page. The documents you upload are your business records — we treat them that way. We don't sell your data, we don't use the contents of your documents to train models, and we don't show them to advertisers.

2. Data we store

We collect only what we need to operate the service:

Account data

• Name, email address, and password hash for the account owner and team members.
• Team membership, role (owner / member), and invitation history.
• Profile preferences — signing defaults, notification settings, editor preferences, and (for owners) branding.

Document data

• The PDFs you upload, the overlay edits you make on them, and any flattened copies generated when a document is completed.
• Version history and amendment proposals tied to each document.
• Field data captured from signers — signatures, initials, dates, text, dropdowns, and uploaded images or files.

Activity data

• A hash-chained, append-only audit log of actions on each document, including the IP address and timestamp of each event.
• Lifecycle states (Draft, Sent, Viewed, Partially signed, Completed, Voided, Expired, Declined).
• Sign-in and security events for your account.

3. How we use it

We use your data to:

• Operate the product — render and edit your PDFs, route them to signers, deliver real-time status updates, and produce the final flattened document.
• Keep the record straight — the audit log proves who did what and when, which is the whole point of e-signature.
• Protect the account — detect suspicious sign-in activity, enforce share-link expirations, and honor revocations.
• Support you — respond to support requests and notify you of important account events.

We do not use the contents of your documents to train AI models, build advertising profiles, or share with third parties for marketing.

4. How it's protected

• Encryption at rest — documents and account data are stored encrypted with AES-256.
• Encryption in transit — every connection between your browser and GingerDocs uses TLS.
• Tamper-evident audit log — events are written to a SHA-256 hash-chained, append-only log. Any modification to a prior entry breaks the chain.
• Short-lived download URLs — signed download links to stored files expire within 5 minutes of being issued.
• Authenticated sessions — login uses httpOnly cookies (Laravel Sanctum). Signer access uses revocable, tokenized links scoped to one document.
• Optimistic locking — concurrent edits can't silently overwrite each other.

See the Security overview for the controls behind these guarantees.

5. Sharing & subprocessors

We share your data only with service providers required to run GingerDocs, and only to the extent each one needs to do its job:

• Cloud hosting and storage — to host the application and store your documents (S3-compatible object storage or local file storage, depending on deployment).
• Email delivery — to send signature requests, reminders, and account notifications.
• Real-time messaging — to power live status updates inside the editor and dashboard.

We do not sell your data and we do not share it with advertising networks. If law-enforcement or legal-process requests reach us, we evaluate each one and notify the affected customer unless we're legally prohibited from doing so.

6. Retention & deletion

Your documents and account data stay in GingerDocs for as long as your account is active. When you delete a document, it's removed from your workspace; the corresponding audit-log entries remain so the record of what happened isn't broken.

When an account owner deletes the account, GingerDocs enters a 30-day hold before permanent deletion. During the hold you can restore the account; after it expires, document data is purged from active systems.

7. Your controls

You stay in charge of your data:

• Export — account owners can export workspace data from settings.
• Delete — delete individual documents at any time. Account owners can delete the entire account from the danger zone in settings (subject to the 30-day hold above).
• Revoke access — remove team members or revoke an outstanding signer link to instantly cut off access.
• Tighten sharing — share links support password protection, view-count limits, and expiration dates.
• Adjust defaults — change signing defaults, notification preferences, and editor settings any time.

8. Signers & recipients

People who receive a document for signature don't need a GingerDocs account. They access the document via a tokenized link sent to their email and complete only the fields assigned to their role. We capture the field data, their signing method (draw, type, or upload), and audit metadata such as IP address and timestamps required for a defensible signature record.

If you signed something via GingerDocs and want a copy or have questions about how it was handled, contact the team that sent the document — they are the data controller for that record.

9. Cookies & logs

GingerDocs uses cookies that are strictly necessary to run the application — keeping you signed in, remembering your workspace, and protecting against cross-site request forgery. We don't use third-party advertising or cross-site tracking cookies.

Like any web service, our servers record standard request logs (IP address, user agent, timestamp, request path). These logs help us debug issues, investigate security events, and meet legal record-keeping obligations.

10. Changes & contact

When this policy changes in a material way, we'll update the "Last updated" date above and notify account owners by email before the changes take effect.

Questions about how GingerDocs handles your data, or want to exercise a right under your local privacy law (GDPR, UK GDPR, CCPA, and similar)? Get in touch with our team and we'll route it to the right place.