Privacy Policy

PropperDocs, Inc. (“PropperDocs,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information entrusted to us. This Privacy Policy describes how we collect, use, disclose, retain, and protect personal information in connection with our websites, applications, platforms, and related services (collectively, the “Services”).

This Privacy Policy is designed to align with widely accepted privacy, security, and compliance frameworks, including SOC 2, ISO/IEC 27001, GDPR, and CCPA/CPRA.

1. Roles and Responsibilities

PropperDocs processes personal information in one of two roles:

• Data Controller – where PropperDocs determines the purposes and means of processing (e.g., account administration, billing, marketing).
• Data Processor – where PropperDocs processes personal information solely on behalf of customers and in accordance with their documented instructions (e.g., documents uploaded for signature or approval).

Where PropperDocs acts as a data processor, the customer is responsible for determining the lawful basis for processing and for responding to data subject requests.

2. Categories of Personal Information Collected

Information Provided by Users

• Identifiers and contact information (name, email, phone number)
• Account credentials and profile information
• Billing and payment information
• Electronic signature and transaction participation data
• Customer support communications

Information Collected Automatically

• IP address and device identifiers
• Browser type, operating system, and application metadata
• Usage logs, audit trails, and activity timestamps
• Approximate or precise geolocation (where enabled)

Information from Third Parties

• Customer-provided transaction participant data
• Authorized integrations and service providers
• Affiliates and business partners, where legally permitted

3. Purpose Limitation and Use of Data

PropperDocs processes personal information strictly for legitimate business purposes, including:

• Provision, operation, and maintenance of the Services
• Identity verification, authentication, and access control
• Transaction integrity, auditability, and non-repudiation
• Billing, invoicing, and contract administration
• Customer support, training, and service communications
• Security monitoring, incident detection, and fraud prevention
• Compliance with legal, regulatory, and contractual obligations
• Internal analytics, service improvement, and product development

Personal information is not used for purposes incompatible with those listed above without notice or consent where required by law.

4. Cloud Integrations and API Access

PropperDocs supports optional integrations with third-party cloud services (e.g., Google Drive, Google Contacts, Dropbox).

• Access is explicitly user-initiated and read-only
• Data access is limited to user-selected content only
• All transfers occur over encrypted HTTPS connections
• Data is stored and processed within secure cloud environments
• PropperDocs complies with the Google API Services User Data Policy

PropperDocs does not sell, mine, or monetize cloud-sourced data.

5. Information Security Controls (SOC 2 / ISO Alignment)

PropperDocs maintains a comprehensive Information Security Management System (ISMS) designed to protect personal information against unauthorized access, disclosure, alteration, or destruction.

Security controls include, but are not limited to:

• Role-based access controls and least-privilege enforcement
• Encryption of data in transit and at rest
• Logical and physical access restrictions
• Continuous monitoring and logging
• Vulnerability management and patching
• Incident response and breach notification procedures
• Employee security awareness and confidentiality obligations
• Vendor risk management and contractual safeguards

Access to personal information is limited to authorized personnel with a legitimate business need.

6. Data Retention and Deletion

Personal information is retained only for as long as necessary to:

• Fulfill contractual and service obligations
• Meet legal, regulatory, or audit requirements
• Resolve disputes and enforce agreements

Upon termination of Services or upon customer instruction (where applicable), personal information is deleted, anonymized, or securely archived in accordance with documented retention schedules and technical limitations.

7. Data Sharing and Disclosure

PropperDocs may disclose personal information to:

• Service providers performing services under contractual confidentiality and security obligations
• Affiliates under common ownership, subject to this Policy
• Transaction participants as required to complete electronic transactions
• Legal or regulatory authorities where required by law
• Successor entities in connection with corporate transactions

PropperDocs does not sell personal information.

8. International Data Transfers

Personal information may be processed in jurisdictions outside the user’s country of residence, including the United States. Where required, PropperDocs relies on appropriate safeguards, including contractual protections and recognized transfer mechanisms.

9. User Rights and Requests

Depending on jurisdiction, individuals may have rights to:

• Access, correct, or delete personal information
• Restrict or object to certain processing activities
• Withdraw consent where applicable
• Request data portability

Requests may be submitted to support@propper.ai and will be handled in accordance with applicable law and contractual obligations.

10. Children’s Data

The Services are not intended for use by individuals under the age of 18. PropperDocs does not knowingly collect personal information from minors.

11. Changes to This Policy

PropperDocs may update this Privacy Policy to reflect changes in legal requirements, security practices, or business operations. Material changes will be communicated as required by law.