Encryption
Unreadable to anyone but you
- ●Encrypted in transit and at rest
- ●Encrypted backups, daily
- ●US-based hosting
Security & compliance
A signed waiver is a legal document. We treat it that way.
ESIGN Act and UETA compliant. Encrypted in transit and at rest. Tamper-evident audit trail. US-based hosting.
Access
Only the right people see waivers
- ●Role-based access — viewer, editor, admin, owner
- ●Per-member invites and revocation
- ●SSO via SAML on Enterprise
Audit
Stronger evidence than paper
- ●Tamper-evident PDF for every signed waiver
- ●IP, timestamp, and user agent on every signature
- ●Activity log on Team and above
What we capture
Every signed waiver, on the record
Each signature comes with the evidence you'd want if it were ever challenged.
Full legal name
As entered by the signer
Email address
For confirmation delivery
Drawn signature
Touch or mouse capture, stored as an image
IP address
Signer's network address at time of signing
Timestamp
Server-anchored date and time
Browser & device
User agent string captured at sign time
PDF record
Downloadable, tamper-evident copy
Minor / guardian
Parent name and child details when applicable
Data lifecycle
Your records, your custody.
While your account is active, every signed waiver is here — searchable, exportable, downloadable as PDF. You can export everything (CSV + PDFs) any time. When you close your account, we purge it all within 30 days. After that, the records are yours to keep on your own systems.
| Stage | Where it lives | Retention | Signer rights |
|---|---|---|---|
| Pending sign | Encrypted draft, in your account | Auto-expires after 30 days | Can sign or abandon |
| Signed | Audit record + signature image in your account | While your account is active | Self-serve PDF download anytime |
| Voided | Marked, kept for audit | Same as signed | Listed in their email receipt |
| Account closed | Bulk export available before close, then purged | Within 30 days of closure | Records become customer-managed |
PDFs are regenerated on demand from the audit record, so the canonical record is the data we hold — not the file. Statutes of limitations for personal-injury waivers vary by state (most are 2 to 4 years); plan retention with your attorney's guidance.
Subprocessors
Who we trust with your data
A minimal set of trusted vendors — see the full subprocessor list.
Hetzner
Application hosting, database, encrypted backups (US data center)
Cloudflare
DNS, DDoS protection, TLS, object storage for PDFs
Stripe
Billing and payments — we never see or store card numbers
Resend
Transactional email for waiver confirmations
Talk to us
Got a security questionnaire?
Send it over. We'll turn it around quickly.