Book your free demo

Discover how our product can simplify your workflow. Schedule a free, no-obligation demo today.

[contact-form-7 id="893a232" title="Try for free"]

Social Media:

Privacy Policy

PRIVACY POLICY

 Last Updated: 23/02/2026

INTRODUCTION

Welcome to CheezySign (“CheezySign,” “we,” “us,” “our”). CheezySign is a Software-as-a-Service (SaaS) platform enabling users to create, send, receive, and digitally sign business proposals, collect payments, and leverage AI-powered business tools, available at cheezysign.com.

This Privacy Policy explains how we collect, use, disclose, retain, and protect information about you when you access or use our platform.

CheezySign is operated from Israel and does not maintain a physical office in the United States. The Service is intended exclusively for U.S.-based users and U.S. business use. Users outside the United States who access the Service do so at their own initiative and sole responsibility.

By registering for or using CheezySign, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree, you must not use the Service.

SECTION 1 – INFORMATION WE COLLECT

1.1 Information You Provide Directly

When you register or use the Service, we collect:

  • Full Name – provided during registration
  • Email Address – for account creation, communications, and proposal delivery
  • Password – stored in encrypted, hashed form; never in plain text
  • Business Information – company name and details included in proposals or profile
  • Proposal Content – all text, images, files, and attachments you create or upload
  • AI Interactions – content submitted to the AI Proposal Assistant for processing
  • CRM Configuration – webhook endpoints and integration settings you provide
  • Payment Information – transaction amounts, payment status, and processor identity

We do not store credit card numbers, debit card numbers, bank account numbers, CVV codes, or any other sensitive payment instrument data. All payment data is handled exclusively by Stripe.

1.2 Information Collected Automatically

When you interact with the Platform, we automatically collect:

  • IP Address – collected at login, proposal creation, delivery, and signing
  • Device and Browser Information – device type, operating system, browser type and version
  • Usage Data – pages visited, features used, timestamps, proposal activity
  • Signature Level Selected – recorded as part of the document audit trail
  • Session Data – login times, session duration, feature interactions
  • Cookies and Tracking Data – see Section 5 for full details

1.3 Information Collected from Proposal Recipients

Individuals who receive and sign proposals through CheezySign (“Recipients”) are not registered users. When a Recipient interacts with a proposal, CheezySign collects:

  • Email address of the Recipient
  • IP address at time of each interaction (open, view, sign)
  • Date and time of each interaction (UTC timestamp)
  • Behavioral Data: time spent reading, scroll depth, section engagement, return visits, open frequency
  • Signature level used
  • SMS phone number (for Advanced and Legal levels only)
  • Payment activity (if applicable)

Purpose of Recipient Data Collection: This data is collected to:

(a) Maintain the integrity of the signed document audit trail;

(b) Provide proposal senders with engagement analytics and behavioral intelligence through CheezySign’s Proposal Insights and Behavioral Analytics features;

(c) Generate Follow-up Intelligence and engagement pattern analysis;

(d) Send automated notifications to proposal senders regarding Recipient actions.

Recipients may contact elisasi.info@gmail.com to request information about data collected from them or to exercise applicable privacy rights.

1.4 Information We Do Not Collect

CheezySign does not collect:

  • Social Security Numbers (SSN) or government-issued ID numbers
  • Health, medical, or biometric information
  • Precise geolocation or GPS data
  • Racial or ethnic origin, political opinions, or religious beliefs
  • Full payment card or financial account credentials

We are not a data broker. We do not sell, rent, or trade your personal information.

SECTION 2 – HOW WE USE YOUR INFORMATION

2.1 Providing the Service

  • Creating and managing your account
  • Enabling proposal creation, delivery, signing, and management
  • Processing AI Proposal Assistant requests
  • Facilitating CRM webhook integrations
  • Maintaining digital signatures and audit trail records
  • Processing payment notifications through Stripe
  • Delivering account and transaction notifications

2.2 Behavioral Analytics and Proposal Intelligence

  • Tracking and analyzing Recipient interactions with proposals
  • Generating Proposal Insights including open counts, time spent, scroll depth, and return visits
  • Correlating engagement behavior with signing and payment outcomes
  • Providing Follow-up Intelligence based on engagement patterns
  • Delivering automated email notifications to proposal senders upon Recipient actions

2.3 AI Services

  • Processing content submitted to the AI Proposal Assistant
  • Generating proposal content, structure, and design suggestions
  • Improving AI service quality through aggregated, anonymized usage patterns

CheezySign does not use the specific content of your proposals to train AI models without your consent.

2.4 Record-Keeping and Audit Trails

  • Maintaining accurate records of all proposals created, sent, signed, and completed
  • Storing audit trail information for a minimum of seven (7) years

2.5 Platform Improvement

  • Analyzing usage patterns to identify bugs and improve features
  • Conducting internal research and development

2.6 Security and Fraud Prevention

  • Detecting, investigating, and preventing unauthorized access and fraud
  • Enforcing our Terms of Service

2.7 Communications

  • Sending transactional emails related to account activity, proposals, and payments
  • Sending automated notifications on Recipient proposal interactions
  • Sending marketing communications only with your explicit consent (opt-in)

You may withdraw marketing consent at any time by clicking “Unsubscribe” or contacting elisasi.info@gmail.com.

2.8 Legal Compliance

  • Complying with applicable laws, regulations, and legal processes
  • Establishing, exercising, or defending legal claims

SECTION 3 – LEGAL BASIS FOR PROCESSING

3.1 Non-U.S. Users CheezySign is designed exclusively for U.S.-based businesses and does not actively market or direct its services to users in the EU, EEA, UK, or any other jurisdiction. Users outside the United States who access the Service do so entirely at their own initiative and bear sole responsibility for compliance with all applicable local laws. To the extent that applicable law requires CheezySign to recognize specific data processing rights for non-U.S. users, CheezySign will make reasonable efforts to honor verifiable requests submitted to elisasi.info@gmail.com. This section does not constitute an acknowledgment that GDPR, UK GDPR, or any equivalent framework applies to CheezySign’s operations.

3.2 U.S. Legal Bases

Data processing is conducted pursuant to your agreement to these Terms, legitimate business interests, and legal obligations under applicable U.S. federal and state law.

SECTION 4 – SHARING YOUR INFORMATION

We do not sell your personal information. We share information only as follows:

4.1 Payment Processors

We use Stripe to process payments. Relevant transaction data is transmitted to Stripe. CheezySign does not store payment card details.

  • Stripe Privacy Policy: stripe.com/privacy

4.2 AI Service Providers

Content submitted to the AI Proposal Assistant may be processed by third-party AI infrastructure providers. Such providers are contractually obligated to protect your data and may not use it for their own purposes.

4.3 CRM Platforms

When you configure CRM integration, CheezySign transmits proposal event data to your designated webhook endpoint. You are solely responsible for the privacy and security practices of your CRM platform.

4.4 Cloud Infrastructure

We use Amazon Web Services (AWS) and/or Google Cloud Platform to host and store data. These providers are contractually obligated to protect your data.

4.5 Analytics

We use Google Analytics to understand platform usage. Data is aggregated and anonymized where possible.

  • Google Privacy Policy: policies.google.com/privacy

4.6 Law Enforcement Requests

CheezySign is operated from Israel and is not directly subject to U.S. court subpoenas. Requests from U.S. law enforcement must be made through applicable international legal assistance channels (MLAT). CheezySign will evaluate all legal requests under Israeli law and notify affected users where legally permitted.

4.7 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

4.8 With Your Consent

We may share information with third parties when you have given explicit consent.

SECTION 5 – COOKIES POLICY

5.1 Types of Cookies We Use

  • Essential Cookies – required for platform operation and authentication
  • Analytics Cookies – understanding user interaction (Google Analytics)
  • Preference Cookies – remembering your settings
  • Security Cookies – fraud prevention and session integrity

5.2 Cookie Consent

CheezySign obtains your consent for non-essential cookies through a cookie consent banner displayed upon first access to the Platform. You may withdraw cookie consent at any time through your browser settings or the cookie preference center.

5.3 Managing Cookies

You may control cookies through your browser settings. Disabling essential cookies may impair platform functionality.

5.4 Do Not Track

CheezySign does not currently respond to “Do Not Track” browser signals. We will update this policy if our practices change.

SECTION 6 – DATA RETENTION

6.1 General Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

6.2 Seven-Year Retention Policy

CheezySign retains the following data for a minimum of seven (7) years from the date of creation or account closure, whichever is later:

  • Signed documents and associated audit trail records
  • Electronic signature timestamps, IP addresses, and verification logs
  • Payment transaction records
  • User consent records including acceptance of Terms of Service and Privacy Policy with timestamps and IP addresses
  • Account information of closed or deleted accounts
  • Behavioral analytics data associated with signed and paid proposals

This retention period is maintained to comply with applicable legal obligations, support dispute resolution, and preserve electronic signature record integrity under the ESIGN Act.

After the applicable retention period, data is deleted or anonymized securely.

6.3 User Responsibility for Data Export

You are responsible for exporting and retaining copies of all your proposals, documents, and data before closing your account. CheezySign is not responsible for data loss following account termination.

6.4 Recipient Data Retention

Audit trail data and behavioral analytics data collected from proposal Recipients is retained for the duration of the associated sending user’s account and for the seven-year minimum retention period thereafter.

6.5 AI Interaction Data

Content submitted to the AI Proposal Assistant is retained for the duration necessary to provide the Service and for internal quality improvement purposes, subject to anonymization where practicable.

SECTION 7 – DATA SECURITY

7.1 Security Measures

CheezySign implements enterprise-grade security measures including:

  • Dedicated Private Server – not shared hosting infrastructure
  • TLS 1.3 with AES-256-GCM Encryption – industry-leading encryption for all data in transit, achieving SSL Labs Grade A rating
  • Forward Secrecy – all connections use ephemeral keys ensuring past sessions cannot be decrypted even if future keys are compromised
  • Web Application Firewall (WAF) – paid WAF protection against application-layer attacks and intrusion attempts
  • Bot Blocking and Rate Limiting – automated attack prevention and brute-force protection
  • Two-Factor Authentication (2FA) – available for all users
  • Automated Daily Backups – with 30 days of recovery history and selective restoration capability
  • Access Controls – internal data access restricted to authorized personnel on need-to-know basis
  • Legacy Protocol Disabled – TLS 1.0, TLS 1.1, SSL 2/3 are disabled
  • Security Headers – Content-Security-Policy, X-Frame-Options, and X-XSS-Protection implemented

7.2 No Absolute Security Guarantee

No method of electronic transmission or storage is 100% secure. CheezySign cannot guarantee absolute security against all threats. CheezySign’s security infrastructure represents enterprise-grade protections appropriate for a SaaS proposal platform.

7.3 Electronic Signature Security

CheezySign’s electronic signatures are secured through TLS 1.3 encryption, AES-256 data protection, tamper-resistant audit trails, and multi-factor authentication. However:

  • Signatures are not certified by a third-party Certificate Authority
  • Signatures are not PKI-based
  • Signatures are not Qualified Electronic Signatures (QES) under EU eIDAS

7.4 Data Breach Notification

In the event of a confirmed breach, CheezySign will notify affected users within 72 hours of becoming aware, via registered email, including:

  • Nature of the breach
  • Data categories affected
  • Steps taken to address the breach
  • Recommended actions for affected users

7.5 Backup and Recovery

CheezySign maintains automated daily backups with 30 days of recovery history. In the event of data loss:

(a) CheezySign will make commercially reasonable efforts to restore from the most recent available backup;

(b) CheezySign is not liable for data created after the most recent backup point;

(c) Users are solely responsible for maintaining independent copies of critical documents.

7.6 Limitation of Liability for Security Events

CheezySign’s total liability for any data breach or security incident shall not exceed the cap set forth in the Terms of Service. CheezySign is not liable for breaches caused by user negligence, third-party providers, force majeure, or unknown vulnerabilities.

SECTION 8 – YOUR PRIVACY RIGHTS

8.1 Rights Under CCPA (California Residents)

  • Know – request disclosure of personal information collected, sources, and purposes
  • Delete – request deletion of personal information
  • Opt-Out of Sale – we do not sell personal information
  • Non-Discrimination – no discrimination for exercising rights

California residents may submit a verifiable consumer request no more than twice within a 12-month period.

Contact: elisasi.info@gmail.com

8.2 U.S. State Privacy Laws

CheezySign complies with applicable U.S. state privacy laws including but not limited to:

  • Colorado Privacy Act (CPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Oregon Consumer Privacy Act (OCPA)
  • Florida Digital Bill of Rights
  • And other state privacy laws as enacted

If you are a resident of a U.S. state with applicable privacy rights, contact elisasi.info@gmail.com to exercise those rights.

8.3 Rights Under GDPR (EU/EEA Residents)

8.3 Non-U.S. Residents CheezySign does not direct its services to users outside the United States. Non-U.S. users who have accessed the Service at their own initiative and wish to submit a data-related request may contact elisasi.info@gmail.com. CheezySign will evaluate such requests in good faith but does not represent that it is subject to GDPR, UK GDPR, PIPEDA, or any equivalent framework. This section does not constitute a waiver of CheezySign’s position that the Service is intended exclusively for U.S.-based users.

8.4 Rights Under UK GDPR (United Kingdom Residents)

8.4 United Kingdom CheezySign does not direct its services to users in the United Kingdom. UK residents who have accessed the Service at their own initiative may submit data requests to elisasi.info@gmail.com, which CheezySign will evaluate in good faith under applicable law.

 

8.5 Rights for All Users

All CheezySign users may:

  • Request a copy of their personal data
  • Request deletion of their account and data
  • Withdraw marketing consent at any time
  • Request correction of inaccurate information

We respond to verifiable requests within 30 days or as required by applicable law.

SECTION 9 – DATA PORTABILITY AND DELETION

9.1 Data Portability

Upon request, we will provide your personal data in a structured, commonly used, machine-readable format where technically feasible.

9.2 Account and Data Deletion

Request deletion at elisasi.info@gmail.com. We process deletion requests within a commercially reasonable time, subject to:

  • Legal retention obligations (seven-year minimum for signed documents)
  • Ongoing dispute resolution requirements
  • Legitimate business record-keeping needs

Audit trail records associated with signed documents are retained for the minimum retention period required by applicable electronic signature law, regardless of account deletion.

SECTION 10 – BEHAVIORAL ANALYTICS AND RECIPIENT PRIVACY

10.1 Behavioral Data Collection

CheezySign collects behavioral data from proposal Recipients to provide Proposal Insights and Behavioral Analytics to proposal senders. This includes tracking of opens, reading time, scroll depth, section engagement, return visits, and correlation with signing and payment events.

10.2 Sender Responsibility for Recipient Privacy

As a proposal sender, you are responsible for:

(a) Ensuring your collection and use of Recipient behavioral data through CheezySign complies with all applicable privacy laws in the jurisdictions of your Recipients;

(b) Providing appropriate notice to Recipients about data collection where required by applicable law;

(c) Obtaining any required consents from Recipients in jurisdictions where behavioral tracking requires consent.

10.3 Recipient Rights

Recipients whose behavioral data is collected through the Platform may contact elisasi.info@gmail.com to:

  • Request information about data collected from them
  • Request deletion of their data (subject to audit trail retention requirements)
  • Exercise applicable privacy rights under CCPA, GDPR, or other applicable law

SECTION 11 – INTERNATIONAL USERS

11.1 Primary Market

CheezySign is operated from Israel and is primarily designed for U.S. users. CheezySign does not actively market or direct its services to users in the EU, UK, Canada, Australia, or other jurisdictions with mandatory data protection registration requirements.

11.2 Users Outside the United States

Users outside the United States access the Service at their own initiative and are solely responsible for compliance with all applicable local laws.

11.3 EU GDPR Representative

11.3 EU Users
CheezySign does not target, market to, or direct its services toward users in the European Union or EEA. CheezySign has not appointed an EU representative under GDPR Article 27, as it does not consider itself subject to GDPR based on its exclusively U.S.-focused operations. CheezySign is operated from Israel, which has received an EU GDPR Adequacy Decision. EU users who access the Service do so entirely at their own initiative and bear sole legal responsibility for such access.

11.4 UK GDPR

11.4 United Kingdom
CheezySign does not direct its services to users in the United Kingdom. UK users who access the Service do so entirely at their own initiative and bear sole responsibility for compliance with UK GDPR and the Data Protection Act 2018.

11.5 Canadian Users

11.5 Canadian Users
CheezySign does not direct its services to users in Canada. Canadian users who access the Service do so entirely at their own initiative and bear sole responsibility for compliance with PIPEDA and applicable provincial privacy laws.

11.6 Australian Users

11.6 Australian Users
CheezySign does not direct its services to users in Australia. Australian users who access the Service do so entirely at their own initiative and bear sole responsibility for compliance with the Australian Privacy Act 1988.

11.7 International Data Transfers

Your information may be transferred to and processed in Israel and on servers hosted globally by AWS and/or Google Cloud. We take appropriate safeguards to ensure your personal information is protected wherever processed.

SECTION 12 – CHILDREN’S PRIVACY (COPPA)

CheezySign is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we discover a user is under 13, we will immediately terminate their account and delete all associated data. Contact elisasi.info@gmail.com if you believe a minor has provided us with personal information.

SECTION 13 – LIMITATION OF LIABILITY FOR PRIVACY MATTERS

13.1 Cap on Privacy Liability

CheezySign’s total liability for any privacy-related claim shall not exceed the greater of:

(a) Total subscription fees paid in the 12 months preceding the event; or (b) $100.00 USD

13.2 Exclusion of Indirect Damages

CHEEZYSIGN SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING FROM ANY PRIVACY INCIDENT, DATA BREACH, OR UNAUTHORIZED ACCESS, INCLUDING LOSS OF PROFITS, LOSS OF BUSINESS, REPUTATIONAL HARM, OR IDENTITY THEFT LOSSES.

13.3 Third-Party Processor Liability

CheezySign is not liable for privacy incidents caused by Stripe, AWS, Google Cloud, AI infrastructure providers, or any other third-party service provider.

SECTION 14 – GOVERNING LAW

This Privacy Policy is governed by the laws of the State of Israel. U.S. user rights are governed by applicable U.S. federal and state law. EU/EEA user rights are governed by GDPR. UK user rights are governed by UK GDPR.

Disputes are subject to the dispute resolution provisions in the Terms of Service.

SECTION 15 – CHANGES TO THIS PRIVACY POLICY

For material changes, we will notify you by email at least 14 days before the effective date and display a prominent in-platform notice. Non-material changes take effect upon publication. Continued use constitutes acceptance. All updates documented under Amendment 13.

CONTACT

CheezySign Email: elisasi.info@gmail.com Website: cheezysign.com

© [Year] CheezySign. All rights reserved.