Signate

1. Introduction

Signate ("we", "us", "our") provides an enterprise email signature management platform that enables organizations to design, manage, and deploy email signatures across their Microsoft Exchange environment. This Privacy Policy explains how we collect, use, store, and protect your information when you use our application and services.

By using Signate, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the application.

2. Information We Collect

2.1 Account & Organization Data

When you register an organization or sign in, we collect:

• Organization username — a unique identifier chosen during registration.
• Display name — the human-readable name for your organization.
• Password — collected during registration and stored only as a bcrypt hash (work factor 12). We never store your password in plain text.
• Microsoft Azure AD tenant ID — linked to your organization when you grant admin consent for the Signate app.

2.2 Single Sign-On (SSO) Data

When you sign in with Microsoft or Google SSO, we receive and process:

• Email address / User Principal Name (UPN) — used to identify you within your organization.
• Display name — your name as set in your Microsoft or Google account.
• Object ID (OID) — a unique Microsoft Azure AD identifier for your user account.
• Directory roles — we check whether you hold a Global Administrator or Exchange Administrator role in Azure AD to determine if you qualify as a head administrator in Signate.

2.3 User Management Data

For organizations using multi-user access, the following is stored for each tenant user:

• Email address, display name, and object ID.
• Role — one of head_admin, admin, or user.
• Last login timestamp.
• Whether the user was added automatically (via admin role detection) or manually by an administrator.

2.4 Signature Design Data

We store the email signature content you create:

• Signature HTML — the rendered email signature.
• Signature design state — JSON-serialized builder configuration (colors, fonts, field values, layout settings, image URLs, etc.).
• Templates — saved signature templates, template groups, and template change history.

2.5 Deployment & Audit Logs

When a signature is deployed to Microsoft Exchange, we log:

• The signature HTML and design state at the time of deployment.
• A diff of changes between the previous and new version.
• The identity of the user who initiated the deployment (name, email, role).
• Deployment timestamp.

Deploy logs are automatically cleaned up after 60 days for active deployments and 30 days for the deploy history list.

2.6 Security Logs

We record security-relevant events for your organization, including:

• Login events (SSO and access key logins).
• User additions and removals.
• Role changes and access key operations.
• The actor's name and email for each event.

Security logs are automatically purged after 90 days.

2.7 Access Keys

Organizations may generate access keys for non-SSO login. Access keys are encrypted at rest using AES-256-GCM authenticated encryption, derived from the server's signing key. The plain-text access key is only shown once at generation time and is never stored in readable form.

3. Microsoft Azure AD Application Permissions

When your organization connects to Signate, you grant admin consent for our Azure AD application. The app requests the following permissions:

Permission	Type	Purpose
User.Read	Delegated	Allows users to sign in and read their own profile during SSO authentication.
User.Read.All	Application	Used to look up user profiles in your Azure AD directory when administrators add users to the organization, and to populate the user directory picker. This is read-only access — we do not modify any user data in Azure AD.
Exchange Administrator	Directory Role	Required to deploy email signatures as Exchange transport rules across your organization. This role allows Signate to create and update the signature disclaimer rule in Exchange Online. It does not grant access to mailbox content.

4. How We Use Your Data

We use the collected information for the following purposes only:

• Authentication & authorization — verifying your identity and determining your access level within your organization.
• Signature management — storing, rendering, and deploying email signatures to your Exchange environment.
• Audit trail — maintaining deployment and security logs so administrators can review changes and access history.
• User management — allowing administrators to add, remove, and manage users within their organization.
• Auto-admin detection — checking Azure AD directory roles to automatically identify head administrators.

5. Data Storage & Security

5.1 Database

All data is stored in a SQLite database on the server where Signate is hosted. Data is not replicated to external cloud services or third-party databases.

5.2 Encryption & Hashing

• Passwords are hashed using bcrypt with a work factor of 12. Passwords are never stored in plain text and cannot be reversed.
• Access keys are encrypted at rest using AES-256-GCM with authenticated encryption, ensuring both confidentiality and integrity.
• JWT tokens are signed using HMAC-SHA256 and are short-lived (configurable, default 30 minutes). Tokens are stored in the browser's sessionStorage and are cleared when the browser tab is closed.
• OAuth state parameters are protected with HMAC-SHA256 signatures to prevent cross-site request forgery (CSRF) attacks during authentication flows.

5.3 Security Measures

• Rate limiting — login endpoints are protected with sliding window rate limiting (8 attempts per 5 minutes per IP address) to prevent brute-force attacks.
• Security headers — all responses include X-Content-Type-Options, X-Frame-Options (DENY), Referrer-Policy, and X-XSS-Protection headers.
• Token revocation — when a user is removed from an organization, all their active session tokens are immediately revoked.
• Password complexity — passwords must be 8–128 characters and include uppercase, lowercase, digit, and special character.
• Certificate-based authentication — communication with Microsoft Azure AD and Exchange Online uses X.509 certificate authentication rather than client secrets.

5.4 Session Management

Authentication tokens are stored in the browser's sessionStorage, meaning they are automatically cleared when you close the browser tab. Tokens are never stored in URLs, cookies, or localStorage. The Authorization header (Bearer scheme) is used for all authenticated API requests.

6. Data Sharing & Third Parties

We do not sell, rent, trade, or share your data with any third parties.

The only external services Signate communicates with are:

• Microsoft Identity Platform — for SSO authentication and admin consent flows. Only standard OAuth 2.0 / OpenID Connect protocol data is exchanged.
• Microsoft Graph API — to look up directory users (User.Read.All) and check directory roles. This is read-only and only occurs when administrators use the user management feature or during SSO login.
• Microsoft Exchange Online — to deploy the email signature as a transport rule. Only the signature HTML content is sent to Exchange.
• Google Identity Platform — for Google SSO authentication. Only standard OpenID Connect profile data (name, email) is received.

No analytics services, advertising networks, or other third-party tracking tools are used.

7. Data Retention

Data Type	Retention Period
Account & organization data	Until the organization account is deleted by the head administrator.
Signature designs & templates	Until the organization account is deleted.
Deployment logs	Automatically purged after 30–60 days.
Security logs	Automatically purged after 90 days.
Session tokens	Short-lived (default 30 minutes); cleared on tab close.
SSO session cache	In-memory only; automatically expires after 10 minutes and is cleared on server restart.

8. Account Deletion

Head administrators can delete their organization's account through the application settings. Account deletion requires confirmation via the organization's temporary access key, which can be found in the User Management tab — visible only to Head Administrators. Head Administrator status is automatically granted to users who hold a Global Administrator role in the Microsoft organization. Providing the access key will permanently remove:

• The organization record and all associated data.
• All signature designs, templates, and template groups.
• All deployment and security logs.
• All tenant user records.

This action is irreversible. The database uses CASCADE DELETE, ensuring all related records are removed when the organization account is deleted.

9. Your Rights

As a user of Signate, you have the right to:

• Access — view the data we hold about you through the application dashboard and settings.
• Correction — update your organization's display name and signature data at any time.
• Deletion — request complete deletion of your organization's account and all associated data.
• Revocation — disconnect your Microsoft Azure AD tenant from Signate, which revokes the application's access to your organization's directory and Exchange environment.

10. Children's Privacy

Signate is designed for business use and is not intended for individuals under the age of 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. When we make changes:

• The "Last Updated" date at the top of this page will be revised.
• Continued use of Signate after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, please contact your organization's head administrator, who can reach out to us through the application's support channels.