EEZYDOX logo

Privacy Policy

Last updated: May 30, 2026

Canonical English legal text

This Privacy Policy is currently provided in English as the controlling legal document for EEZYDOX v1.1. Localized FAQ and marketing pages are convenience explanations only; approved localized legal versions will be published only after legal review.

1. Introduction

Welcome to EezyDox* ("we", "us", or "our"). This Privacy Policy explains how we collect, use, disclose, retain, and protect personal data when you use our website, applications, document workflow software, billing features, BYOC AI-assisted contract tools, and electronic signing services (collectively, the "Service").

We operate in accordance with the Israeli Protection of Privacy Law, 5741-1981 ("IPPL") and, where applicable, the General Data Protection Regulation ("GDPR") and other privacy laws. This Policy should be read together with our Terms of Service.

EezyDox* is a SaaS document workflow and electronic signing platform. We are not a law firm, escrow provider, fiduciary, financial custody provider, or legal representative.

2. Our Roles: Controller and Processor

Controller

We generally act as a controller for account, billing, security, analytics, support, consent, fraud-prevention, and operational data because we determine why and how that data is processed.

Processor

We generally act as a processor or service provider for agreement content, uploaded contracts, counterparty details, and document workflow data that you submit for us to process on your behalf.

If your organization is subject to specific data processing terms, a separate Data Processing Addendum may be required before enterprise or regulated use.

3. Categories of Data We Collect

A. Identity, Account, and Contact Information

  • Name, email address, phone number, username, organization membership, role, country, language preference, and account settings.
  • Authentication data such as password hashes, session identifiers, passkey metadata, TOTP enrollment status, and security status.

B. Document, Agreement, and Workflow Data

  • Agreement text, uploaded files, generated documents, templates, fields, revisions, translations, comments, workflow state, party names, addresses, identifiers, emails, phone numbers, and signatures.
  • BYOC uploads, extracted contract structure, AI-assisted parsing outputs, clause metadata, field mappings, and document formatting data.
  • INTELLIDOX review inputs and outputs, including agreement text, selected clauses, detected issues, signer-private review visibility, finding status, advisor-referral choices, and whether you chose to include agreement context with an advisor referral.

C. Signature, Verification, and Audit Trail Data

  • Signature sequence, signature identifiers, consent timestamps, disclosure versions, document versions, content hashes, signed timestamps, and signer role information.
  • IP addresses, user-agent strings, browser/device metadata, login events, OTP request and verification events, passkey/TOTP step-up events, email verification logs, and security events.

D. Billing and Payment Metadata

  • Invoice details, billing name, billing email, company details, billing address, country, tax-related fields, coupon use, credit pack purchases, payment status, refund status, processor references, and payment metadata.
  • Full payment card numbers are handled by payment processors and are not intentionally stored by EezyDox*.

E. Device, Usage, Cookies, and Support Data

We collect device type, browser type, operating system, approximate location derived from IP address, pages visited, features used, session data, cookie preferences, support messages, diagnostic logs, and error information.

5. How We Use Data

We use personal data to:

provide, operate, maintain, and secure the Service
create, format, translate, store, and manage documents
parse BYOC contracts and generate AI-assisted structure, fields, and review guidance
run INTELLIDOX agreement analysis, signer-private reviews, finding actions, and advisor-referral workflows requested by users
authenticate users and manage sessions, passkeys, TOTP, SMS, and email verification
process payments, invoices, credits, refunds, taxes, coupons, and billing support
create audit trails and evidence records for electronic signatures
detect, investigate, prevent, and respond to fraud, abuse, chargebacks, and suspicious activity
send transactional emails, service notices, security alerts, and support responses
measure product performance and improve user experience
enforce our Terms and comply with legal obligations

6. AI, INTELLIDOX, and Signer-Private Reviews

INTELLIDOX is an optional AI-assisted agreement analysis feature. When you run INTELLIDOX, we may process agreement text, uploaded files, extracted clauses, party roles, status information, missing fields, billing eligibility, and related workflow metadata to return informational findings. INTELLIDOX is not legal advice and does not determine whether an agreement is valid, enforceable, complete, or safe to sign.

If a signer or invited participant runs a signer-private INTELLIDOX review, the review is private to that user by default. The agreement owner, other signing parties, and counterparties do not receive those findings unless the reviewing user deliberately shares selected findings or otherwise consents to disclosure through the Service.

If you ask to refer a selected INTELLIDOX finding to an independent advisor, we share only the materials you consent to share. The selected finding and referral details are required for the referral; agreement context or broader document content is shared only when you choose to include it. Advisor referrals may include your contact details so the advisor can respond.

AI, OCR, document processing, hosting, database, storage, monitoring, security, and communication subprocessors may process agreement content and review metadata solely to provide, secure, support, audit, and improve the requested Service. We do not intentionally use your agreement content to train public AI models.

7. Sharing and Disclosure

We do not sell personal data. We disclose personal data only as needed to provide, secure, support, and improve the Service or where legally required.

  • Cloud and infrastructure providers: hosting, database, storage, CDN, monitoring, and deployment providers such as Supabase and Vercel where configured.
  • Payment processors: payment gateways and financial providers such as AllPay or PayPlus where enabled, plus card networks and banks involved in transactions.
  • AI, OCR, and document processing providers: configured providers may process uploaded or generated document content to provide BYOC parsing, extraction, translation, drafting, INTELLIDOX review, and analysis requested by you.
  • Independent advisors you choose to contact: when you request advisor help, we may share the selected finding, referral metadata, contact details, and any agreement context you expressly choose to include. We do not share signer-private INTELLIDOX findings with an owner, counterparty, or advisor unless the reviewing user takes an action that authorizes the sharing.
  • Communication providers: email, SMS, notification, and support tools used to send authentication, signing, billing, invitation, and support messages.
  • Analytics and cookies: analytics or marketing providers may receive limited usage data only where enabled and permitted by your cookie preferences or applicable law.
  • Legal, compliance, and safety: courts, regulators, law enforcement, payment processors, financial institutions, fraud investigators, advisors, or counterparties where necessary to comply with law, investigate fraud, address chargebacks, enforce agreements, protect rights, or prevent harm.
  • Business transfers: personal data may be disclosed or transferred in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate protections.

8. International Data Transfers

We operate internationally and use cloud, payment, AI, communication, analytics, and security providers that may process data in countries other than where you live, including Israel, the EEA, the United Kingdom, the United States, and other locations where our providers operate.

Transfer Safeguards

Where required, we use appropriate safeguards for cross-border transfers, such as adequacy decisions, Standard Contractual Clauses, data processing terms, or other mechanisms permitted by applicable law.

9. Data Retention

We retain personal data for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, support auditability, and protect our legitimate interests. Retention periods vary by data type and context.

  • Account data: retained while your account is active and for a reasonable period after deletion to support security, legal, tax, backup, and dispute-resolution needs.
  • Draft and uploaded agreements: retained while needed to provide the workflow, unless deleted by an authorized user and no legal, security, billing, or audit reason requires retention.
  • Signed agreements and signature evidence: retained for the period needed to support document integrity, evidentiary use, fraud defense, legal claims, and applicable limitation periods, typically up to seven (7) years unless a different period applies.
  • Billing, invoices, refunds, and payment metadata: retained as required for tax, accounting, fraud, chargeback, processor, and legal obligations.
  • Security, audit, and access logs: retained as needed for authentication, fraud prevention, suspicious activity review, security investigations, and legal defense.
  • INTELLIDOX reviews and advisor referrals: retained while needed to show the requesting user their private or shared findings, support billing records, preserve audit metadata, track finding and referral status, investigate abuse, and maintain evidence of consent and sharing choices.
  • Backups and archives: deleted or overwritten on a delayed schedule according to our backup lifecycle and technical limitations.

Deletion requests may not apply immediately or fully to signed records, billing records, fraud evidence, legal holds, backups, audit trails, or records we must retain under applicable law.

10. Your Data Protection Rights

Depending on your location and the nature of our relationship, you may have rights to:

  • Access personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Delete personal data, subject to retention obligations and exceptions;
  • Export or receive a portable copy of certain data;
  • Object to or restrict certain processing;
  • Withdraw consent where processing is based on consent;
  • Complain to a competent privacy authority.

To exercise rights, contact [email protected]. We may verify your identity, authority, and relationship to the relevant account, organization, or document before fulfilling a request.

11. Security Measures

We use commercially reasonable technical and organizational safeguards designed to protect personal data. No system can be guaranteed 100% secure, and we cannot guarantee that unauthorized access, disclosure, alteration, or loss will never occur.

  • • encrypted connections for supported traffic
  • • access controls and role-based permissions
  • • email, phone, passkey, TOTP, and SMS verification where enabled
  • • session controls and inactivity timeouts
  • • rate limiting and abuse-prevention controls
  • • audit logging for sensitive document and signing events
  • • document hashing for integrity evidence
  • • payment tokenization handled by payment processors
  • • operational monitoring and incident response processes
  • • least-privilege handling of production access where feasible

You are responsible for maintaining secure devices, strong account credentials, and control over your email, phone number, authenticator app, passkeys, and organization access.

12. Cookies and Analytics

We use cookies, local storage, and similar technologies to operate the Service, keep you signed in, remember preferences, protect sessions, understand usage, and, where enabled and consented, support analytics or marketing.

Manage Preferences

Control which non-essential cookies you allow us to use.

Cookie Categories

  • Strictly Necessary: required for core site and account functionality, including security, authentication, session management, language, and cookie consent.
  • Performance and Analytics: help us understand how visitors use the Service and improve reliability and experience.
  • Marketing: may support campaign measurement, personalization, or advertising where enabled and consented.

13. Children

The Service is intended for adults and business users. We do not knowingly collect personal data from children under 18. If you believe a child has provided personal data to us, contact us so we can review and take appropriate action.

14. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us:

© 2026 EEZYDOX. All rights reserved.