Privacy Policy & Terms of Service

The short version

Signet /Draft records that you wrote, not what you wrote. The extension counts edit events in Google Docs. It never reads your document text, never logs which keys you pressed, and never captures clipboard content. Your writing stays private.

What we collect

Account info — your email and name from Google sign-in. Used to identify your account and send transactional email.

Session metadata — when each writing session started and ended, total edit event counts by category (insertions, deletions, undo, redo, cut), pause patterns, and the length (not content) of paste events.

Document fingerprints — mathematical hashes of your document's state at intervals. Hashes cannot be reversed to reveal text — the text itself never leaves your device.

Certificate records — when you generate a Certificate of Authorship, we store its metadata (timing, session summary, document title) to support permanent verification URLs.

What we never collect

Document text or draft content. Which specific keys you pressed. Clipboard content. Data from any site outside Google Docs. Browsing history.

This is architectural, not just policy — the code that sends data to our servers has no access to document content.

How we use your data

To operate the service, generate and verify certificates, and send transactional emails (certificate confirmations, account notifications). We do not sell your data. We do not use your data for advertising. We do not run third-party analytics or tracking inside the Chrome extension.

Where your data is stored

Session data is encrypted in your browser before being synced to your Signet account. The local copy is cleared after sync is confirmed. Signet's infrastructure runs on third-party providers based in the United States, including providers of application hosting, database and authentication services, and transactional email. None of these providers have access to your document content — only the session metadata described above.

Your data is not training data

We do not use your data — including session metadata, document fingerprints, certificate records, or any behavioral signals — to train AI systems, our own or anyone else's. Our infrastructure providers (linked above) operate under their own terms, but none have access to your document content, and we do not authorize our metadata to be used as training data for AI systems of any kind.

Your control

Exclude any document from recording at any time via the extension.

Download a signed copy of your complete record from your dashboard.

Delete your account by contacting support@getsignet.app.

Data retention

Session metadata — kept while your account is active. Deleted 90 days after account cancellation.

Certificate records — kept indefinitely to support permanent verification URLs. On account deletion, certificate records are anonymized rather than deleted, so verification keeps working.

Account data — deleted on request in accordance with GDPR and CCPA.

Your rights

You may request access to, correction of, or deletion of your personal data at any time by emailing support@getsignet.app. We respond within 30 days.

The Chrome extension

The Signet /Draft extension operates only on docs.google.com. It does not run on any other site. It does not intercept network traffic or modify the Google Docs interface beyond a small, dismissable indicator.

Age requirements

Signet /Draft is not directed to children under 13. By creating an account, you confirm that you are at least 13 years of age. If you are under 18, you should review these terms with a parent or guardian. If we become aware that we have collected personal information from a child under 13, we will delete that information.

California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) give you specific rights regarding your personal information:

Right to know what personal information we have collected about you.

Right to delete personal information we have collected about you, subject to certain exceptions (including certificate records, which are preserved for permanent verification).

Right to correct inaccurate personal information.

Right to opt out of the sale or sharing of personal information. Signet does not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Right to non-discrimination for exercising any of these rights.

To exercise these rights, contact us at support@getsignet.app. We respond within 45 days as required by California law. You may also designate an authorized agent to make a request on your behalf — we will verify your identity before fulfilling the request.

Changes to this policy

If we make material changes, we will update the date above and notify active users by email. Continued use after changes take effect constitutes acceptance.

Contact

Privacy questions: support@getsignet.app

Agreement

By using Signet /Draft you agree to these terms. If you don't agree, don't use the service. These terms form a binding agreement between you and Signet Proof, Inc. ("Signet", "we", "us").

The service

Signet /Draft is a Chrome extension and web app that records writing process metadata from Google Docs and generates portable certificates of authorship. Use of Signet /Draft requires the Google Chrome browser and a Google account, and operates within Google Docs. Your use of Google services is governed by Google's own terms and privacy practices, available at policies.google.com.

We provide the service "as is" and may modify, suspend, or discontinue features. Material changes will be communicated by email where reasonable.

Your account

You are responsible for keeping your credentials secure and for all activity under your account. You agree to provide accurate information when signing up and to update it if it changes.

Acceptable use

You may use Signet /Draft for any lawful purpose. You may not:

• Use the service to misrepresent the authorship of a document
• Attempt to record documents you do not own or have permission to record
• Reverse-engineer, decompile, or extract the source code of the extension or web app
• Resell, sublicense, or redistribute access to the service without our written permission
• Use the service in any way that infringes third-party rights or applicable law

Your content

You own everything you write. We claim no rights to your documents or session data. You grant us a limited, non-exclusive license to process your session data solely to provide the service — storage, sync, and certificate generation. This license ends when you delete your account, subject to the certificate retention terms below.

Certificates

Certificates we generate include cryptographic signatures and verification URLs. We commit to keeping verification URLs working indefinitely, even after account cancellation. To preserve this, certificate records may be anonymized rather than deleted when an account is closed.

Certificates are a tool to support your writing record. They are not a substitute for institutional academic-integrity processes, expert opinion, or legal proceedings.

Wind-Down Protocol

Signet Proof, Inc. is committed to ensuring that certificates issued through its services remain verifiable for the long term — regardless of our continued operation. To that end, we make the following binding commitments:

Trigger Events. This Wind-Down Protocol is triggered if any of the following occurs: (a) our voluntary dissolution; (b) our bankruptcy or insolvency; (c) acquisition of Signet by an entity that materially changes or discontinues the verification service; (d) an interruption of the verification service exceeding 180 consecutive days without a published recovery plan.

Notification. Upon a Trigger Event, we will provide ninety (90) days advance written notice to all institutional customers and post public notice at getsignet.app.

Open Source Release. Within thirty (30) days of a Trigger Event, we will publish under an OSI-approved open source license: the reference verifier source code, the certificate format specification, the verification page server source code, and the documentation necessary for an independent party to operate the verification service.

Institutional Data Transfer. Upon written request from any institutional customer received within one hundred eighty (180) days of the Trigger Event, we will transfer to that institution all certificate records and verification metadata associated with users at that institution's verified domain — in machine-readable format suitable for ingestion by an independent verification system.

Successor Designation. We will make best efforts to identify and engage a nonprofit digital preservation successor — such as the Internet Archive, the Software Preservation Network, or a similar mission-aligned organization — to assume hosting of public verification infrastructure for certificates not otherwise transferred to institutional customers. Where no successor can be engaged, we will publish all verification data as a public archive with documentation sufficient to allow third parties to reconstruct verification capabilities.

Binding on Successors. This Wind-Down Protocol binds Signet Proof, Inc., its successors, assignees, and any acquiring entity that continues to operate the verification service. Any acquisition or merger involving Signet must include explicit acknowledgment and assumption of these commitments.

Service availability

We aim for high availability but do not guarantee uninterrupted service. Scheduled maintenance and unplanned outages may occur. We are not liable for losses arising from service interruptions.

Disclaimers

The service is provided "as is" and "as available" without warranties of any kind, express or implied, including warranties of merchantability, fitness for a particular purpose, and non-infringement.

Limitation of liability

To the maximum extent permitted by law, our total liability for any claim arising out of or relating to the service is limited to the amount you paid us in the twelve months preceding the claim, or $100, whichever is greater. We are not liable for indirect, incidental, consequential, special, or punitive damages.

Termination

You may cancel your account at any time by contacting support@getsignet.app. We may suspend or terminate accounts that violate these terms, with notice where reasonable.

Changes to these terms

We may update these terms. Material changes will be communicated by email and reflected in the date above. Continued use after changes take effect constitutes acceptance.

Governing law

These terms are governed by the laws of the State of Delaware, without regard to conflict-of-law principles. Disputes will be resolved exclusively in the state or federal courts located in Wilmington, Delaware.

Contact

Terms questions: support@getsignet.app