Privacy Policy
SignoffRoom (“SignoffRoom,” “we,” “our”) provides a version-specific approval platform for press releases, investor updates, and other public-facing copy. This Privacy Policy describes what information we collect, how we use it, and the choices you have. It applies to signoffroom.com and the SignoffRoom application.
1. What we collect
We collect only what we need to operate SignoffRoom and provide an audit-quality record of approvals.
Account information
- Name, work email, and organization name when you sign up.
- A password hash (we never store plaintext passwords).
- Your role within your organization.
Release content
- The text you enter into each release: headline, sub-headline, body, quote, boilerplate, contacts, and any attachments you upload.
- Comments, suggested edits, and reviewer-state metadata.
Audit metadata
- Edits (who, what changed, when), approvals (who, which version, when), locks, exports, and external-reviewer link activity. This is the core of how SignoffRoom proves who approved which version.
Usage data
- Limited technical logs (IP, user agent, timestamps) for security and abuse prevention.
2. How we use it
- Operating the SignoffRoom service and showing you your data.
- Producing the Signoff Certificate when you lock a release — including identifying approvers and timestamps.
- Sending transactional notifications (mentions, re-approval requests, etc.).
- Securing the service against fraud and abuse.
- Aggregated, anonymized analytics to improve the product.
We do not sell your data. We do not use your release content to train any machine learning model.
3. How we share it
- Within your organization — every member of your organization can see releases shared with their role.
- External reviewers — token-scoped links you create allow specific external reviewers to see the specific release you shared, and nothing else.
- Service providers — limited subprocessors that help us operate (hosting, database, transactional email). The current list is available on request.
- Legal requirements — when required by law or to protect SignoffRoom or our users.
4. Where data lives
SignoffRoom data is stored in encrypted form on infrastructure located in the United States. We use TLS in transit and AES-256 at rest for primary data stores. Backups are retained for 30 days.
5. Security
We take the security of release content seriously — for many of our customers, the wrong text leaking early is a regulated event.
- Authentication via email and password (passwords stored only as a modern hash with salt). Single sign-on available on Enterprise.
- Encrypted storage and transit (TLS 1.2+).
- Role-based access controls within an organization.
- External reviewer links are token-scoped to a single release.
- Audit log captures every edit, approval, lock, unlock, and export event — exportable on the Pro plan and above.
- Annual penetration test by an independent third party.
- Responsible disclosure: please email security@signoffroom.com.
6. Retention & deletion
- Releases and certificates are retained for as long as your organization is active, plus 30 days after deletion.
- You can request deletion of any release. Locked Signoff Certificates may be retained separately for our and your audit purposes — we will flag this in any deletion confirmation.
- On Enterprise, retention windows are configurable.
7. Your rights
Depending on where you live, you may have rights to access, correct, export, or delete personal information we hold about you. Email privacy@signoffroom.comand we’ll respond within 30 days.
8. Changes
We will update this policy from time to time. Material changes will be announced by email to organization administrators at least 14 days before they take effect.
9. Contact
Questions about this policy? Email privacy@signoffroom.com.