1. Overview — What This Policy Covers
This Privacy Policy explains how DoneWith.ink ("we," "our," or "us") handles information when you visit our website at donewith.ink (the "Site") or use our PDF editing and electronic signature services (the "Service"). It describes what data we collect — and, critically, what we don't collect — how we use that data, with whom we share it, and the rights you have over it.
This policy applies to all users of the Service, including registered Pro subscribers, anonymous free-tier users, and recipients of signing links ("Signers"). It covers interactions through the website, the Progressive Web App (PWA), and any related communications.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of the Service immediately.
2. Our Privacy Philosophy
DoneWith.ink was built on a simple premise: your documents are yours, and nobody else's. We believe that uploading contracts, agreements, and other sensitive documents to third-party servers is an unnecessary risk. That's why we designed the Service so that the original PDF, the signing process, and the signed PDF all stay in your browser. None of them touch our server — at any point, for any reason.
We don't run analytics scripts, we don't embed tracking pixels, and we don't profile our users. We built the product we wished existed: a document signing tool that is genuinely private by design, not just private in marketing copy.
This philosophy informs every decision in this policy. We collect as little data as technically possible to operate the Service, and we don't monetize data — period.
Our privacy guarantees are enforced by the architecture of the application itself, not just by legal promises. Open your browser's DevTools → Network tab while using DoneWith.ink and verify for yourself: you will see zero outbound requests containing your PDF data. The entire document pipeline runs locally in your browser using client-side JavaScript.
3. What We Never Collect
This section is the most important part of our policy. The following categories of data never reach our servers:
| Data Category | Status | Explanation |
|---|---|---|
| Your PDF documents | Never collected | The original PDF, the edited PDF, and the signed PDF are processed entirely in your browser. The file bytes never leave your device. |
| Document contents | Never collected | We cannot read, index, or scan the text, images, or metadata inside your documents. |
| Signatures (visual) | Never collected | Your drawn, typed, or uploaded signature images are stored only in your browser's local storage and embedded directly into the signed PDF client-side. |
| Signer identities | Never collected | When someone opens a signing link, we do not ask for their name, email, or any identifier. The link alone is the invitation. |
| IP addresses (free tier) | Never collected | We do not log or store the IP addresses of visitors who use the free editor without authentication. |
| Device fingerprints | Never collected | We do not build or store device fingerprints for tracking or analytics. |
| Browsing behaviour | Never collected | We don't track which pages you visit, how long you stay, or what you click. No analytics, no heatmaps, no session recordings. |
| Signing-link recipient data | Never collected | When you share a signing link via WhatsApp, email, Signal, or any other channel, we have no visibility into who receives it or who opens it. |
When you click Generate Link (Pro feature), the link you receive contains an encrypted bundle of the document structure and field positions. This bundle is generated entirely in your browser, encrypted with a key that only the sender and signer possess, and transmitted peer-to-peer. We relay the encrypted blob between peers, but we cannot decrypt it. The signing-link relay is the only server-mediated part of the Service, and it is end-to-end encrypted by design.
4. What We Do Collect, and Why
We collect the minimum data required to operate the Service, process payments, and communicate with customers. Here is a complete inventory:
| Data | Who | Purpose | Storage |
|---|---|---|---|
| Email address | Pro subscribers | Account identification, login, billing receipts, service communications | Authentication database (encrypted at rest) |
| Authentication tokens | Pro subscribers | Session management (signed-in state) | Secure HTTP-only cookies and/or browser local storage |
| Subscription status | Pro subscribers | Enforce Pro feature access and link-generation limits | Application database |
| Link-generation counters | Pro subscribers | Track monthly usage against the 100-link allowance | Application database (anonymised counter only) |
| Encrypted signing-link payloads | Pro subscribers | Relay end-to-end encrypted signing bundles between sender and signer | Temporary (auto-deleted after 7 days or upon completion) |
| Payment transaction IDs | Pro subscribers | Billing reconciliation, fraud prevention | Stripe (see Section 6) |
| Support communications | Anyone who contacts us | Respond to inquiries, troubleshoot issues | Email or helpdesk system |
4.1 Data we collect automatically
Our web server may log standard HTTP access data — such as timestamps, requested URLs, HTTP status codes, and bytes transferred — without IP addresses attached (or with IP addresses truncated to the first octets, making them non-identifiable). These logs are used solely for security monitoring, abuse detection, and aggregate traffic metrics. They are not linked to individual users and are rotated regularly.
4.2 Data we do not collect from free-tier users
If you use the free PDF editor without creating a Pro account, we collect no personal data from you. No email, no name, no IP-address-linked logs, no analytics identifiers. The editor runs entirely in your browser, and we have no server-side record of your visit beyond the anonymised HTTP access logs described above.
4.3 Data we do not collect from signers
When someone receives a signing link and opens it to sign a document, we collect no personal data from them. They are not asked to create an account, provide an email address, or identify themselves in any way. The signing interface loads in their browser, they sign, and the signed file is returned peer-to-peer.
5. How We Use Your Data
We use the limited data we collect for the following purposes, and for no other purpose:
- Service delivery: To authenticate Pro subscribers, manage subscriptions, and enable the signing-link relay.
- Billing and payments: To process subscription payments, send receipts, and handle billing-related communications.
- Account management: To allow you to manage your subscription, view usage, and access your account.
- Security and abuse prevention: To detect and prevent fraudulent transactions, unauthorized access, and abuse of the Service.
- Customer support: To respond to inquiries, troubleshoot technical issues, and provide assistance.
- Legal compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
What we do NOT do:
- We do not sell, rent, or trade your personal data to third parties.
- We do not use your data for advertising, marketing automation, or cross-site tracking.
- We do not train machine learning models on your data.
- We do not build profiles, behavioural segments, or "shadow profiles" of our users.
- We do not share your data with data brokers or ad-tech platforms.
6. Payment Processing and Stripe
All payments for Pro subscriptions are processed by Stripe, Inc. ("Stripe"), a PCI DSS Level 1 certified payment processor. When you subscribe to DoneWith.ink Pro, your payment card details, billing address, and transaction data are collected and processed directly by Stripe — they are not transmitted to, stored on, or accessible from our servers.
We receive from Stripe only the information necessary to manage your subscription: a customer identifier, subscription status, payment method brand and last four digits, and transaction IDs for reconciliation. We do not have access to your full card number, CVC, or other sensitive payment credentials.
Stripe's use of your personal data is governed by Stripe's own Privacy Policy, available at stripe.com/privacy. By subscribing to DoneWith.ink Pro, you acknowledge that your payment data will be processed by Stripe in accordance with their privacy practices.
7. Cookies and Local Storage
7.1 Cookies
DoneWith.ink uses a minimal number of strictly necessary cookies:
- Authentication cookies: If you are a Pro subscriber, we set a secure, HTTP-only session cookie to maintain your signed-in state. This cookie is essential for the Service to function and is deleted when you sign out.
- Preference cookies: We may set a small cookie to remember your theme or display preferences. This is functional only and contains no personal data.
We do not use: advertising cookies, tracking cookies, third-party cookies, social media pixels, retargeting scripts, or any form of cross-site tracking.
7.2 Local storage
The Service uses your browser's local storage (IndexedDB and/or the localStorage API) to save your signature library, document editing state, and application preferences. This data stays on your device and is never transmitted to our servers. You can clear it at any time by clearing your browser's site data for donewith.ink.
Note: clearing local storage will delete your saved signatures. Pro subscribers' account data and subscription status are server-side and are not affected by clearing local storage.
7.3 Cookie consent
Because we use only strictly necessary cookies and do not deploy any tracking or advertising cookies, we do not display a cookie consent banner. Under the ePrivacy Directive and GDPR, strictly necessary cookies that are essential for the functioning of a service requested by the user do not require prior consent.
8. Third-Party Services and Sub-Processors
We rely on a small number of trusted third-party services to operate the infrastructure of DoneWith.ink. Here is a complete list of sub-processors and the data they may handle:
| Service | Purpose | Data handled | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Payment card details, billing address, transaction data (not accessible to us) | United States (Privacy Shield / SCC) |
| Cloud hosting provider | Website and API hosting | Anonymised HTTP access logs, encrypted link payloads (temporary) | Varies (see below) |
| Email delivery service | Transactional emails (receipts, password resets) | Email address, email content | Varies |
We select sub-processors that meet or exceed industry-standard security and privacy requirements. Where a sub-processor is located outside your jurisdiction, we ensure appropriate safeguards (such as Standard Contractual Clauses) are in place. For the most current list of sub-processors, contact us at the address in Section 18.
8.1 Content Delivery Networks (CDNs)
The Site loads JavaScript libraries (pdf.js, pdf-lib, signature_pad, interact.js) from public CDNs (cdnjs.cloudflare.com, unpkg.com, jsdelivr.net). These are loaded directly by your browser; our server does not intermediate these requests. The CDN operators may receive your IP address and user-agent string as part of the standard HTTP request. If you prefer to avoid this, you can self-host the Service or use a browser extension to block third-party CDN requests — the core editing functionality does not depend on them being available from CDNs.
9. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:
- Contractual necessity (Article 6(1)(b)): We process your email address, authentication tokens, subscription status, and link-generation counters because this processing is necessary to perform our contract with you — i.e., to provide the Pro subscription service you signed up for.
- Legitimate interests (Article 6(1)(f)): We process anonymised HTTP access logs for security monitoring, abuse detection, and aggregate traffic metrics. We have assessed that these interests are not overridden by your data protection rights, given that the data is anonymised and the processing is minimal.
- Legal obligation (Article 6(1)(c)): We may process data where required by applicable law, such as retaining billing records for tax purposes or responding to lawful legal requests.
- Consent (Article 6(1)(a)): Where none of the above bases apply and we seek to process data, we will first obtain your explicit, informed consent. You may withdraw consent at any time.
For free-tier users and signers: We process no personal data, and therefore no legal basis is required. The Service functions entirely client-side, and our server infrastructure has no record of your identity.
10. Data Retention
10.1 Pro subscriber data
- Account data (email, subscription status): Retained for the duration of your subscription, plus 30 days after cancellation to allow for reactivation. After 30 days, your account and all associated personal data are permanently deleted.
- Billing records: Transaction IDs and subscription history are retained for the period required by applicable tax law (typically 7 years), after which they are deleted.
- Signing-link payloads: Encrypted link bundles are automatically deleted 7 days after creation, or immediately upon the signer completing the signing flow, whichever occurs first.
10.2 Anonymised server logs
Anonymised HTTP access logs (without IP addresses or with truncated, non-identifiable IPs) are retained for a maximum of 30 days for security and abuse-detection purposes, then permanently deleted.
10.3 Support communications
Emails and support tickets are retained for 12 months after the last correspondence, after which they are deleted. You may request earlier deletion at any time.
10.4 Free-tier users and signers
Because we collect no personal data from free-tier users or signers, there is nothing to retain or delete.
11. Security Measures
We implement industry-standard technical and organisational measures to protect the limited data we hold:
- Encryption in transit: All connections to donewith.ink are served over HTTPS (TLS 1.2+). HSTS is enforced to prevent downgrade attacks.
- Encryption at rest: Authentication credentials are hashed using bcrypt or equivalent. Databases storing subscriber data are encrypted at rest.
- End-to-end encryption: Signing-link payloads are encrypted client-side with keys known only to the sender and signer. We cannot decrypt these payloads.
- Access controls: Access to production infrastructure is restricted to authorised personnel and protected by multi-factor authentication.
- Minimal data exposure: By design, the vast majority of document data never reaches our servers, limiting the attack surface.
- Regular security review: We periodically review our infrastructure and dependencies for vulnerabilities and apply patches promptly.
While we take security seriously, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk, and we encourage you to take precautions on your own device — keep your operating system and browser updated, use strong passwords, and avoid sharing sensitive documents over unsecured networks.
12. Your Privacy Rights
Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:
- Right of access: You can request a copy of the personal data we hold about you.
- Right of rectification: You can ask us to correct inaccurate or incomplete personal data.
- Right of erasure ("right to be forgotten"): You can request that we delete your personal data, subject to legal retention requirements.
- Right to restrict processing: You can ask us to limit how we use your data in certain circumstances.
- Right to data portability: You can request a copy of your data in a structured, machine-readable format.
- Right to object: You can object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you can withdraw that consent at any time.
- Right to lodge a complaint: You have the right to complain to your local data protection supervisory authority.
To exercise any of these rights, contact us at privacy@donewith.ink. We will respond within 30 days (or the period required by your jurisdiction's law). We may need to verify your identity before processing your request. Note: because free-tier users and signers have no personal data stored by us, most of these rights are moot for those categories of users — there is nothing to access, rectify, or delete.
12.1 GDPR-specific rights (EEA / UK / Switzerland)
In addition to the rights above, EEA, UK, and Swiss residents have the right to lodge a complaint with their local data protection authority:
- UK: Information Commissioner's Office (ICO) — ico.org.uk
- EEA: Contact the supervisory authority in your member state. A list is available at edpb.europa.eu.
- Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — edoeb.admin.ch
13. California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you certain rights. This section describes those rights and how to exercise them.
13.1 Categories of personal information collected
In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:
- Identifiers: Email address (Pro subscribers only).
- Commercial information: Subscription status, transaction records (held by Stripe, not directly by us).
- Internet or electronic network activity: Anonymised HTTP access logs (without identifiable IP addresses).
We do not collect any of the following CCPA categories: biometric information, geolocation data, audio/visual information, professional or employment information, education information, or inferences drawn from personal information.
13.2 Sale and sharing of personal information
We do not sell personal information as defined by the CCPA. We do not share personal information for cross-context behavioural advertising. We have no actual knowledge of selling or sharing the personal information of consumers under 16 years of age.
13.3 Your CCPA rights
- Right to know: You can request that we disclose the categories and specific pieces of personal information we have collected about you.
- Right to delete: You can request that we delete personal information we have collected from you, subject to legal exceptions.
- Right to correct: You can request that we correct inaccurate personal information.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
13.4 How to exercise CCPA rights
To exercise your CCPA rights, email privacy@donewith.ink with the subject line "CCPA Request." We will verify your identity before processing your request, which may require confirming your email address matches the one on file. We will respond within 45 days (with the possibility of a 45-day extension if reasonably necessary).
You may designate an authorised agent to make a request on your behalf. We will require written proof of the agent's authorisation and may verify your identity directly.
14. Children's Privacy (COPPA)
DoneWith.ink is not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information (e.g., created a Pro account using a parent's payment method), we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us immediately at privacy@donewith.ink.
For educational use: If you are an educator or parent using the Service with minors, please note that the free tier (which collects no personal data) is suitable for use without age restrictions. The Pro tier requires a payment method and email address, which should only be provided by an adult.
15. International Data Transfers
DoneWith.ink is operated from Hong Kong SAR. The limited personal data we collect (primarily Pro subscriber email addresses and account metadata) is stored on servers that may be located in Hong Kong, Singapore, the United States, or the European Union, depending on our hosting infrastructure at the time.
When we transfer personal data from the EEA, UK, or Switzerland to a country that has not been deemed to provide an adequate level of data protection, we ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs): We enter into the European Commission's approved Standard Contractual Clauses with sub-processors in third countries.
- Adequacy decisions: Where available, we rely on adequacy decisions from the relevant authority (e.g., the EU-US Data Privacy Framework for transfers to the US where the recipient is certified).
By using the Service, you consent to the transfer of your data to, and its storage and processing in, jurisdictions outside your country of residence.
15.1 Hong Kong PDPO
As a Hong Kong-based operator, we are subject to the Personal Data (Privacy) Ordinance (Cap. 486) ("PDPO"). Under the PDPO, we adhere to the six Data Protection Principles, including purpose limitation, data accuracy, limited retention, security, transparency, and access/correction rights. Hong Kong residents may direct complaints to the Office of the Privacy Commissioner for Personal Data at pcpd.org.hk.
16. Data Breach Notification
In the unlikely event of a data breach involving personal data, we will:
- Notify affected users without undue delay, and in any event within 72 hours of becoming aware of the breach (or the timeframe required by applicable law).
- Notify the relevant supervisory authority where required by law (e.g., under GDPR Article 33).
- Describe the nature of the breach, the categories and approximate number of data subjects and records concerned, the likely consequences, and the measures we have taken or propose to take to address it.
Important caveat: Because the overwhelming majority of data processed by DoneWith.ink is client-side and never reaches our servers (PDF files, signatures, document contents, signer identities), the breach surface is extremely limited. A breach of our server infrastructure would expose only the data enumerated in Section 4 — email addresses and account metadata for Pro subscribers.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:
- Update the "Effective date" at the top of this page.
- Post a prominent notice on the Site for at least 14 days before the changes take effect.
- For material changes affecting Pro subscribers, send an email notification to the email address on file at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should discontinue use of the Service and (if applicable) cancel your Pro subscription.
We maintain an archive of previous versions of this Privacy Policy. To request a copy of a prior version, contact us at privacy@donewith.ink.
18. Contact Information
For questions, concerns, or requests regarding this Privacy Policy or our data practices, you can reach us at:
Email: privacy@donewith.ink
Website: donewith.ink
Data Protection Officer (DPO): Contact via the email above, addressed to "Data Protection Officer."
EU Representative: For GDPR purposes, you may contact our EU representative at the same email address — your inquiry will be routed appropriately.
We aim to respond to all privacy-related inquiries within 5 business days.
18.1 Supervisory authority complaints
If you believe our processing of your personal data violates applicable law, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. We encourage you to contact us first so we can attempt to resolve your concern directly.