Politique de confidentialité
Comment pdfsignpad traite vos données : en résumé, vos documents et signatures ne quittent jamais votre appareil.
Cette page n’est disponible qu’en anglais. Le texte en anglais fait foi ; le reste de l’interface de pdfsignpad est disponible dans les 7 langues prises en charge.
Effective date: July 5, 2026.
0. The short version
Here's the plain-language version. The rest of this page fills in the legal detail, but this is what actually matters.
- Your document is never our business. Loading, signing, filling, and flattening a PDF all happen inside your own browser. We never see, receive, upload, or store the document you're signing — not even for a second on a server.
- Your signature works the same way — unless you choose to save it. Drawing, typing, or uploading a signature to place on your document also happens entirely in your browser and is never sent to us. If you tick "Save to this browser for reuse" — off by default, your choice — that one signature image is kept only in your own browser's storage, never on our servers, and you can delete it anytime (see §2.2).
- No account, no upload, no cap. There's nothing to sign up for and nothing to lose access to.
- Our analytics are privacy-friendly by design — no cookies, no consent popup. We run a self-hosted, cookieless analytics tool (Plausible) to see aggregate traffic and whether people complete the sign flow. It sets no cookie, stores nothing on your device, and can't identify you individually — never anything about your document or signature (see §5).
- No advertising in this version. This version of PDF Sign Pad doesn't include Google AdSense, or any other ad network — nothing to turn on, nothing to opt out of (see §7).
- Nothing to configure. Because our analytics tool needs no consent and there's no advertising in this version, there's no cookie banner or preference center to manage — the small amount of data described above is all there is.
- Questions, requests, or something feels off? Email contact@zixdev.com any time — see §14.
Want the full detail — exactly what we collect, why, for how long, and your rights under GDPR, CCPA, and similar laws? Read on below.
1. Who we are
pdfsignpad.com is operated by:
ZIX DEV Inc, a Delaware corporation
1111B S Governors Ave STE 40023, Dover, DE 19904, United States
Data controller for your personal data in connection with this website
Contact (privacy, data-subject requests, and legal notices): contact@zixdev.com
If you're in the European Economic Area or the United Kingdom, ZIX DEV Inc is the controller responsible for your personal data as described here.
2. Your document, your text, and your signature — private by design
2.1 What never leaves your device
Your document never leaves your device. Loading a PDF, drawing/typing/uploading a signature, placing text, and flattening the finished file into `<name>-signed.pdf` — every one of these runs entirely inside your browser, using self-hosted, open-source libraries (`pdf.js`, `pdf-lib`) that run locally on your machine. We never receive, see, upload, or store the document, the text you add, or the signature you use in that session.
This is built into the code, not just promised:
- Our security policy (Content-Security-Policy: `connect-src 'self'`, planned) is designed to make it technically impossible for the app to send a network request carrying your document or signature anywhere except pdfsignpad.com itself.
- No account, sign-up, or login exists for any part of the sign flow.
- Nothing is uploaded, transmitted, copied, or retained on our side. Close the tab, refresh, or click "Start over," and whatever you loaded is released from memory.
- We're building this to survive independent security review, and to verify it automatically before every release with our own zero-network-egress and offline-mode tests (mirroring the pattern already proven on our sibling product, pdf-combiner.com).
2.2 If you choose to save a signature for reuse
There is one, and only one, exception to "nothing persists," and it only happens if you choose it:
- Inside the signature tool, a "Save to this browser for reuse" toggle is off by default — you have to explicitly turn it on. Nothing is saved unless you do.
- If you turn it on, the signature you just drew, typed, or uploaded is also written to your own browser's storage (technically: `localStorage`, so it survives closing the tab), so you can reuse it with one tap next time — up to 12 saved signatures.
- This copy is never sent to us. It stays on your device, in your browser, the whole time. We have no server, no database, and no mechanism to receive, view, or copy it.
- You control it completely: delete any single saved signature with its ✕ at any time in the signature tool, or clear all of them at once by clearing your browser's site data/storage for pdfsignpad.com (your browser's settings, under "Site data," "Cookies and site data," or similar — exact steps vary by browser).
- Why we're telling you this so specifically: a saved signature is personal data — a handwritten, identifying mark — even though it never reaches us. Treating it as a footnote would understate what it is; we'd rather be precise about a low-risk feature than vague about a personal-data one.
Everything else on this page is about the small amount of *other* information involved in running a public website — described precisely below, not with a vague "we collect nothing."
3. What we collect — and what we don't
| Category | Do we collect it? | Details |
|---|---|---|
| Your PDF document | No. | Processed 100% locally in your browser. Never uploaded, transmitted, or stored — not even briefly on a server. |
| Text you place (names, dates, form answers) | No. | In-browser memory only; gone when you close the tab, refresh, or click "Start over." |
| Your signature (drawn / typed / uploaded, this session) | No. | Rendered and flattened locally; never sent to us. |
| Saved signature (only if you opt in) | Only on your own device, and only if you turn the save toggle on. | Kept in your browser's `localStorage` (max 12), never transmitted to us; delete anytime (§2.2). |
| Accounts, names, emails, passwords | No. | There are no accounts, sign-ups, or logins. |
| Usage analytics (Plausible, self-hosted) | Yes — aggregate only; no consent needed (cookieless). | Aggregate traffic + sign-flow-funnel signals (load → signature added → download) and your approximate country/region (derived from your IP, never stored); never anything about your document/signature/text. See §5. |
| Advertising (Google AdSense or any other ad network) | No — not included in this version. | No ad code or ad-network integration ships in v1. See §7. |
| Server / network logs | Yes — standard for any website. | Our host, Cloudflare, automatically logs technical request data for every visit — at least your IP address and browser type. Standard practice; not used to build a profile of you. |
| Cookies | No — not even once analytics is live. | Plausible sets no cookie. There is no advertising in this version to set one either. See §5/§7. |
| Local storage (functional) | Yes. | Remembers your theme (light/dark) and language. Stays on your device; never sent to us. |
| Local storage (saved signature) | Only if you opt in. | See row above / §2.2. |
| Third-party trackers | None. | Our planned analytics tool (Plausible) is self-hosted on our own infrastructure — not a third-party tracker. There is no advertising in this version. See §9. |
| Special-category or children's data | No. | We don't target children (§12) or ask for sensitive data like health or biometric information — a saved signature is a visual mark, not biometric authentication data, and is never processed by us at all. |
| Payment data | Not applicable. | pdfsignpad.com is free; there is no payment or checkout in the app. |
In short: what we can ever see is (a) ordinary website access logs, and (b) aggregate, content-blind traffic/funnel data from our own self-hosted analytics. There is no advertising partner in this version. Your document, your placed text, and your signature — saved or not — never reach us or anyone else.
4. Why we use this data — and our legal bases
| What we use it for | What data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Run the sign flow itself | None — nothing personal reaches us to process | Not applicable |
| Let you save and reuse a signature in this browser | The signature image, kept on your device only | Your explicit, opt-in action (the save toggle, off by default) — this doubles as your GDPR Art. 6(1)(a) consent for the local write, and independently satisfies ePrivacy Art. 5(3)'s exemption for storage "strictly necessary" for a feature you explicitly asked for. No server-side processing occurs either way. |
| Keep the service secure and reliable | IP address / browser type in access logs | Legitimate interests — protecting the service and its users from abuse and outages |
| Remember your display preferences | Local theme/language setting (device only) | Not applicable — never sent to us; exempt from cookie-consent rules as "strictly necessary" storage |
| Measure aggregate traffic and whether people complete the sign flow (Plausible Analytics, self-hosted) | Page path, referrer, a tagged event, and your approximate country/region derived from your IP address (never stored) — see §5 | Legitimate interests (GDPR Art. 6(1)(f)) — no consent gate applies; Plausible is cookieless and stores/accesses nothing on your device, so ePrivacy's consent trigger never attaches (see §5 for the reasoning) |
| Advertising | Not applicable | No advertising in this version — no ad code ships, so there is no basis to state (see §7) |
If you're in California (or a similar U.S. state): because our analytics tool is self-hosted (not shared with any third party) and there is no advertising in this version, using it does not count as a "sale" or "share" of personal information under the CCPA/CPRA (Cal. Civ. Code §1798.140) — there's no third party receiving anything to trigger that framework. We still describe the "Do Not Sell or Share" right, including Global Privacy Control (GPC), in §10 for completeness, and because it would apply if that ever changes.
5. Analytics in detail
We run Plausible Analytics — a self-hosted, cookieless analytics tool (the same one already running on our sibling product, pdf-combiner.com) — from launch, to see aggregate traffic and whether people complete the sign flow:
- What it sends: the page path you visited, the referring site (if any), your approximate country/region (derived at our server from your IP address, which is never stored), and — where it applies — a tagged event such as "signature added" or "download completed" (the sign-flow funnel, PRD US-23). Nothing else.
- What it never sends: your document, your placed text, your signature (saved or not), or anything derived from them — like every other tool on this page, Plausible only ever sees page-level metadata; it has no way to see the document you're signing, which is processed and stays entirely inside your browser (§2).
- No cookies, no persistent identifier. To count same-day unique visitors without cookies, Plausible computes a one-way, scrambled combination of your IP address, browser, our domain, and a secret that's thrown away and re-created every 24 hours. Nothing is stored that could later identify you or link your visits across days or devices.
- Self-hosted — not a third party. This runs on ZIX DEV Inc's own server (`plausible.zixdev.com`), not an outside analytics company. Your data stays inside ZIX DEV Inc; it is never sold, shared, or sent to Google or anyone else (see §9).
- Why no consent toggle is needed. Plausible stores or accesses nothing on your device — no cookie, no local storage, no fingerprinting script — so it doesn't trigger the cookie-consent rule in the first place. That means it runs for every visitor, everywhere, with no "Accept"/"Reject" choice to make. It also isn't affected by your browser's Global Privacy Control signal: that signal asks us to stop selling/sharing your data or tracking you across sites, and Plausible does neither to begin with (see §6/§10).
- How long the data is kept: aggregate statistics (e.g. "this page had N visits today") are retained per our own dashboard configuration — to be finalized; see §8. The daily de-duplication hash described above is discarded within 24 hours regardless.
- No advertising link. There is no advertising in this version of the product (§7) for analytics to ever be linked to.
6. Cookies, local storage & your choices
We don't use cookies, and we don't need a cookie-consent banner.
| What | Sets a cookie? | Needs your permission? | Details |
|---|---|---|---|
| The site itself | No | No | Nothing to consent to. |
| Theme & language preference | No — `localStorage` only, never sent to us | No | See §3. |
| Analytics (Plausible) | No — cookieless by design | No — it stores/accesses nothing on your device, so the cookie-consent rule never applies to it (§5). | Runs for every visitor, everywhere. |
| Advertising | Not applicable | Not applicable | No advertising exists in this version (§7) — there's nothing to consent to. |
- The saved-signature toggle is separate from this table — and separate from cookies entirely. It's a product feature inside the signature tool (§2.2), off by default, and only you can turn it on. Nothing about analytics, or the absence of advertising, affects it either way.
- Nothing here needs a "Cookie preferences" control, because nothing on this page requires your permission to run. If that changes in a future version (for example, if we ever add advertising), we'll build the appropriate consent mechanism at that point and update this policy before it goes live — not after.
- California and other U.S. states: because our analytics tool is self-hosted (data never leaves ZIX DEV Inc) and there's no advertising in this version, using it doesn't count as a "sale" or "share" of your personal information — see §10 for the full "Do Not Sell or Share"/Global Privacy Control explanation, which would apply if that ever changes.
7. Advertising
PDF Sign Pad shows no ads, and this version of the product includes no advertising code at all — no Google AdSense, no other ad network, nothing built in, dormant or otherwise. This is a deliberate trust decision for a signing tool (vision.md R-06).
If we ever decide to add advertising in a future version, that would be a genuinely new feature, not a switch we flip — it would need its own product decision, its own architecture and security review, and its own privacy assessment and consent mechanism, built and independently reviewed before anything runs. This policy would be updated, and — where the law requires it — your consent asked for, before any ad ever loads.
Our analytics tool (§5) is never used to serve or personalize ads, and would stay structurally separate from any future advertising the same way it does from the sign-flow processing engine in §2 — a page-level measurement script has no code path into either.
8. Data retention
| Data | Retention |
|---|---|
| Your document, placed text, in-session signature | Not retained at all — only in your browser's memory for your session, gone when you close, refresh, or click "Start over." |
| Saved signature (opt-in) | Kept in your browser's `localStorage` until you delete it (per-item ✕) or clear your browser's site data. We hold no copy and cannot delete it remotely — see §2.2. |
| Analytics events | Aggregate Plausible statistics retained per our own dashboard configuration — exact figure to be finalized (see §5). The daily de-duplication hash is discarded within 24 hours regardless. |
| Server / edge logs (IP, browser type) | Kept by our host, Cloudflare, under its standard operational logging practices — exact number of days not yet independently confirmed. |
| Local storage (theme/language) | Stays on your device until you clear your browser storage; we never see it. |
| Advertising | Not applicable — no advertising ships in this version (see §7). |
| Analytics — cookies | Not applicable — Plausible sets no cookies (see §5). |
| Consent records | Not applicable in this version — nothing here requires your consent, so there's no cookie-consent choice to record (see §6). |
9. Sharing, subprocessors & international transfers
- We don't sell your data, and nothing in this version of the product creates a "sale" or "share" under California law either — see §10.
- Plausible Analytics (self-hosted) — not a third party. Plausible runs on ZIX DEV Inc's own server (`plausible.zixdev.com`) — we do not send your data to an outside analytics company. No subprocessor, no new vendor, no data flow beyond what already exists inside ZIX DEV Inc for running this site.
- Cloudflare (hosting). Our website runs on Cloudflare's global network. This is the only third party that sees the technical logs in §3 in the normal course of serving the site — and, since your document/text/signature never leave your browser, Cloudflare never sees them either.
- Cross-border transfers. None for your document, text, or signature — they never leave your device, so there is nothing to transfer. Cloudflare's global network may process the technical logs in §3 outside your home country, including in the United States (where we're based). Our analytics tool (Plausible) is self-hosted on ZIX DEV Inc's own infrastructure — no cross-border transfer question arises the way it would for a third-party vendor. There is no advertising in this version to raise a transfer question at all.
- Today, the only party handling any personal data for pdfsignpad.com is Cloudflare (hosting logs). No one else — our analytics runs on our own infrastructure, not a third party's, and there is no advertising in this version.
10. Your privacy rights
Depending on where you live, you may have the right to:
- Know / access what personal data we hold about you.
- Correct inaccurate data.
- Delete personal data we hold about you.
- Restrict or object to certain processing.
- Port your data to another provider.
- Withdraw consent — not applicable in this version: our analytics tool needs no consent to begin with, and there's no advertising to consent to (§6).
A note specific to this product: there is very little of the above to "hold" on our side. We have no server-side copy of your document, your placed text, or any signature — saved or not. If you want to exercise "access," "delete," or "correct" over a saved signature, the operative mechanism is already in your hands: view and delete it directly in the signature tool (§2.2), or clear your browser's site data. Emailing us about a saved signature won't produce anything we can look up — we genuinely don't have it — but we will confirm this plainly if you ask, rather than run you through a request process that can't return anything.
- California (CCPA/CPRA): the rights above, plus the right to know what categories we've collected, and to opt out of "sale" or "share." Nothing in this version currently qualifies as a "sale" or "share" (§9) — but we still plan to honor your browser's Global Privacy Control (GPC) signal automatically, so you're covered if that ever changes. You won't be discriminated against for using any of these rights.
- Other U.S. states (Virginia, Colorado, Connecticut, Utah, and similar laws): a comparable right to opt out of targeted advertising — not applicable today since this version has no advertising or targeting mechanism; we'll build the appropriate opt-out if that ever changes.
How to use these rights: email us at contact@zixdev.com. Since there are no accounts and almost nothing is held on our side, we may ask for a little information just to confirm a request is really about you, and will tell you plainly when there's nothing on file to act on.
How fast we respond: within 30 days (GDPR) or 45 days (CCPA/CPRA), whichever applies.
Not happy with our answer? If you're in the EEA or UK, you can complain to your local data protection authority — though we'd appreciate the chance to make it right first, at contact@zixdev.com.
11. The legal effect of your signature
This page is about privacy — what data we collect and how. It does not explain what your signature is worth legally (whether it's valid for your document, in your jurisdiction). That's a separate, dedicated disclosure: see our (drafted by our legal team, not by this policy) and our . In short, and without pre-empting that disclaimer: PDF Sign Pad produces a simple electronic signature — not a qualified, certified, or identity-verified one — read the disclaimer before relying on it for an important document.
12. Children's privacy
pdfsignpad.com isn't directed at children, and we don't knowingly collect personal data from anyone under 13 (or the relevant age where you live). Since there's no account and your document, text, and signature are processed only in your browser, we don't knowingly collect personal information from children through the core product. Our analytics tool is configured as general-audience only. This version of the product includes no advertising, so there's no ad-personalization question to address for children either. If you believe a child has given us personal information, contact us at contact@zixdev.com and we'll address it.
13. Changes to this policy
We'll update this policy as our practices change — for example if we add advertising in a future version, add new features, or regulators issue new guidance. We'll post the revised version here with a new effective date, and for material changes (like adding advertising or any new tracking), we'll give clear notice and, where the law requires it, ask for your consent again before the change takes effect.
14. Contact us
ZIX DEV Inc 1111B S Governors Ave STE 40023, Dover, DE 19904, United States Email: contact@zixdev.com