California privacy disclosure (CCPA / CPRA)
Last updated 2026-05-03
This page sets out the additional disclosures required by the California Consumer Privacy Act and California Privacy Rights Act for California residents whose personal information eSigKit collects or processes. It supplements (but does not replace) our Privacy Policy.
1. Do not sell or share my personal information
eSigKit does not sell your personal information. We do not share it with third parties for cross-context behavioral advertising. We do not engage in any practice that would require an opt-out under CCPA §1798.135(a). There is therefore no “Do Not Sell” opt-out form to fill out — the right is honored by default for everyone, regardless of residency.
If our practices change, we will update this page and offer a real opt-out mechanism before any sale or sharing occurs.
2. Categories of personal information we collect
| CCPA category | Examples (from your interaction with eSigKit) | Sold or shared? |
|---|---|---|
| Identifiers | Name, email, organization id, IP address, account user id | No |
| Customer records (Cal. Civ. Code §1798.80) | Phone number, photo, business address (when supplied) | No |
| Commercial information | Subscription plan, billing history, plan changes | No |
| Internet/electronic activity | Browser type, request timestamps, correlation ids | No |
| Professional / employment-related | Job title, department | No |
3. Sources we collect from
- You, when you sign up or update your profile.
- Your organization’s administrators, when they invite you.
- Stripe, when you pay (we receive a customer id and status, not card data).
- Google, only if you authorize the optional Gmail signature deploy feature (we receive an OAuth token scoped to your Gmail signature settings).
4. Why we collect it
- To provide the Service you signed up for.
- To bill you and apply plan limits.
- To secure the Service against abuse.
- To comply with legal obligations.
5. Your rights
California residents have the right to:
- Know. Request the categories and specific pieces of personal information we have collected about you.
- Delete. Request that we delete personal information we have collected from you.
- Correct. Request correction of inaccurate personal information.
- Opt out of sale or sharing. See §1 — automatically honored.
- Limit use of sensitive personal information. We do not collect information that would qualify as “sensitive” under CPRA in a way that triggers this right.
- Non-discrimination. We will not deny service, charge a different price, or provide different quality of service because you exercised any CCPA right.
Most rights are self-service in Settings > Data export (Right to Know) and Settings > Delete organization (Right to Delete). For correction or anything that requires human handling, email privacy@esigkit.com; we respond within 45 days as required by §1798.130(a)(2).
6. How to make a request
Send an email to privacy@esigkit.com from the address associated with your eSigKit account. We may need to verify your identity before processing the request — we will respond outlining what verification is needed, if any.
You may also designate an authorized agent to make a request on your behalf. The agent must provide written permission signed by you, and we will verify both the agent and the underlying request.
7. Retention
We retain personal information only for as long as needed to provide the Service and meet legal obligations. See Privacy Policy §6 for the per-data-type retention schedule.
8. Contact
Email privacy@esigkit.com for any question about California privacy rights. We aim to respond within 10 business days; verified requests under CCPA are completed within 45 days.