Signed

Privacy Policy

Last updated: February 18, 2026

1. Introduction

Countersigned, Inc. ("we", "us", or "our") operates the Signed portfolio tracking platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, and password. Your password is cryptographically hashed and never stored in plain text.

Profile Information: You may provide additional profile details such as a bio, avatar, and URLs. This information is visible on your public profile page.

Portfolio Data: Information you provide about your investments, including company names, transaction details, valuations, notes, and attachments. Portfolio data is always private and never displayed publicly.

Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe. We do not store your credit card number or bank details on our servers. Please refer to Stripe's privacy policy for more information.

Emails: Signed can process emails you forward to or receive through the platform in order to automatically extract portfolio updates and communications from your investments.

Usage Data: We collect anonymous, aggregate analytics about how visitors use our website, such as pages viewed, referral sources, browser type, and country. This data is collected using self-hosted, privacy-focused analytics software on our own infrastructure. It does not use cookies, does not track individuals across sites, and does not collect personal information.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our portfolio tracking service
  • Process and display your investment data within your private account
  • Analyze forwarded emails to extract relevant portfolio information
  • Generate AI-powered insights about pitches and portfolio companies
  • Send you service-related communications (e.g. account verification, password resets)
  • Monitor and fix errors to improve service reliability
  • Protect against fraud and unauthorized access
  • Compile and use aggregate, anonymized, or de-identified data for analytics, benchmarking, marketing, and public reporting (e.g. total investment volume tracked across all users). Aggregate data does not identify any individual user or reveal any user's specific portfolio information.

4. AI and Automated Processing

Signed uses third-party artificial intelligence and machine learning services to power features such as pitch analysis, portfolio insights, and email processing. This means that your portfolio data, notes, forwarded emails, and other content you provide may be sent to AI service providers for analysis.

We select AI providers that offer enterprise or API terms under which your data is not used to train their general-purpose models. However, your data may be temporarily processed on their servers to generate results. AI providers we use may change over time as the technology evolves.

AI-generated outputs (such as summaries or insights) are stored within your account and are subject to the same privacy protections as any other data in your portfolio.

5. Third-Party Services

We use third-party services to help operate Signed. These providers may process your data in accordance with their own privacy policies. The categories of providers we use include, but are not limited to:

  • Hosting and infrastructure — cloud hosting, CDN, and database services (e.g. Render, Cloudflare)
  • Payment processing — billing and payment card handling (e.g. Stripe). We do not store credit card numbers on our servers.
  • Email — transactional email delivery and email ingestion (e.g. Resend)
  • AI and machine learning — analysis of portfolio data, pitches, and emails (e.g. OpenAI)
  • Error monitoring — tracking and resolving bugs and performance issues (e.g. Sentry)

Specific providers may change over time. We will update this list periodically, but may add or replace providers within these categories without notice, provided they meet our data protection standards.

6. Public vs. Private Information

Public: Your profile page (name, avatar, bio, and URLs) is visible to others if you have a public profile.

Private: Your portfolio data, investment details, transaction history, notes, forwarded emails, and all financial information are always private and never shared publicly or with other users. This data may be processed by the third-party services described above solely to provide features to you.

Aggregate Data: We may use your data in aggregate, anonymized, or de-identified form that does not identify you individually. For example, we may publicly report the total dollar amount of investments tracked across all Signed users. Such aggregate data is not considered personal or private information under this policy.

7. Data Sharing

We do not sell, rent, or trade your personal information. We share your data only in the following circumstances:

  • With third-party service providers, solely to operate the platform and provide features to you
  • When required by law, subpoena, or legal process
  • To protect the rights, safety, or property of Signed, our users, or the public

8. Data Security

We implement industry-standard security measures to protect your personal and financial information. Data is encrypted in transit using TLS and at rest. Passwords are hashed using bcrypt. Access to production systems and user data is restricted to authorized personnel only.

9. Data Retention

We retain your information for as long as your account is active or as needed to provide our services. If you delete your account, we will delete your personal data and portfolio information within 30 days, except where we are required to retain it by law. Some data may persist in encrypted backups for a limited period.

10. Cookies and Analytics

We use only essential cookies required to keep you signed in and maintain your session. We do not use third-party analytics, advertising, or tracking cookies.

Our website analytics are powered by self-hosted, privacy-focused software that runs entirely on our own infrastructure. It does not use cookies, does not collect personal information, and does not track you across websites. Analytics data is stored in aggregate and cannot be used to identify individual users.

11. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we fix inaccurate or incomplete data
  • Deletion: Request that we delete your personal data and account
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain types of processing of your data

To exercise any of these rights, please contact us using the information below. We will respond to your request within 30 days.

12. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

  • Contract: Processing necessary to provide you with the Signed service, including managing your account and portfolio data
  • Legitimate interest: Processing for service improvement, security, and error monitoring, where our interests do not override your rights
  • Consent: Where you have given us specific consent, such as forwarding emails for processing
  • Legal obligation: Where we need to comply with applicable law

In addition to the rights listed above, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not complied with applicable data protection laws.

13. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information. The categories of personal information we collect include:

  • Identifiers: name, email address, account credentials
  • Financial information: investment and transaction data you provide (payment card data is handled by Stripe)
  • Internet or network activity: usage data and interaction with the service
  • Professional information: investment portfolio and company relationship data

We do not sell or share your personal information as defined by the CCPA. We do not use or disclose sensitive personal information for purposes other than providing the service.

You have the right to request access to, deletion of, and correction of your personal information. We will not discriminate against you for exercising any of your CCPA rights.

14. International Users

Signed is hosted in the United States. If you access our service from outside the US, your data will be transferred to and processed in the United States. By using Signed, you consent to this transfer.

15. Children's Privacy

Signed is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child, we will delete it promptly.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of Signed after changes are posted constitutes your acceptance of the updated policy.

17. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at [email protected].