Privacy Policy for SignDrop
Last Updated: July 2026
Overview
SignDrop is a Chrome extension that allows you to sign PDF documents directly in your browser. We are committed to protecting your privacy and being transparent about how we handle your data.
Data Collection and Storage
What We Collect
-
PDF Documents (Local Only)
- Signed PDF documents are stored locally in your browser using IndexedDB
- Documents never leave your device unless you explicitly download or share them
- You can delete documents at any time from the extension’s library
-
Signatures (Local Only)
- Your typed, drawn, or uploaded signatures are stored locally in Chrome’s storage API
- Signatures are never transmitted to any server
- All signature data remains on your device
-
Temporary Session Data (Phone Signature Feature)
- When using the phone signature feature, a temporary session is created in Firebase Realtime Database
- Session data includes:
- Session ID (random UUID)
- Session status (waiting/completed)
- Signature image data (base64 encoded)
- Timestamps (creation and expiration)
- Sessions automatically expire after 5 minutes
- Session data is immediately deleted after signature capture or expiration
What We DO NOT Collect
- ❌ We do not collect personal information (name, email, etc.)
- ❌ We do not track your browsing history
- ❌ We do not collect analytics or usage statistics
- ❌ We do not store your documents on any server
- ❌ We do not share any data with third parties
- ❌ We do not use cookies or tracking technologies
Permissions Explanation
The extension requests the following permissions:
Required Permissions
-
storage- Purpose: Store signature templates and document metadata locally
- Scope: Local browser storage only
-
tabs- Purpose: Detect when you’re viewing a PDF document
- Scope: Read-only access to tab information (URL, title)
-
activeTab- Purpose: Access the current PDF tab when you click “Sign this PDF”
- Scope: Only the active tab, only when you interact with the extension
-
scripting- Purpose: Inject PDF detection script to identify PDF documents
- Scope: Only runs on user-initiated actions
- What it does: Checks document type and structure to detect PDFs
-
webRequest- Purpose: Detect PDF documents by inspecting Content-Type headers
- Scope: Only inspects HTTP headers, does not modify requests
- What it does: Identifies when a page is serving a PDF file
- Important: We do NOT intercept, modify, or collect any request data
Host Permissions
-
https://*.firebaseio.com/*- Purpose: Phone signature feature (Firebase Realtime Database)
- Scope: Only used when you explicitly choose “Sign with Phone”
-
https://*.firebaseapp.com/*- Purpose: Host the phone signature capture page
- Scope: Only accessed when scanning QR code for phone signature
-
https://*.googleapis.com/*- Purpose: Firebase SDK dependencies
- Scope: Required for Firebase services
Third-Party Services
Firebase (Google)
We use Firebase Realtime Database only for the phone signature feature:
- Purpose: Temporary session coordination between desktop and mobile
- Data Stored: Session ID, status, and signature image (temporary)
- Duration: Data automatically deleted after 5 minutes
- Security: Database rules prevent unauthorized access and limit data size
- Firebase Privacy Policy: https://firebase.google.com/support/privacy
Note: Firebase is only used when you explicitly choose “Sign with Phone.” It is not used for any other extension features.
Data Security
Local Data Protection
- All signatures and documents are stored locally using browser-standard APIs (IndexedDB and Chrome Storage)
- Data is isolated to your browser and cannot be accessed by other websites or extensions
- Your data remains on your device unless you explicitly export or share it
Firebase Security
- Database rules enforce strict validation and size limits
- Sessions expire automatically after 5 minutes
- Signature data is transmitted over HTTPS
- No authentication required (sessions use random UUIDs)
Data Retention and Deletion
Local Data
- Signatures: Stored indefinitely until you delete them manually
- Documents: Stored indefinitely until you delete them manually
- How to Delete: Use the extension’s library to delete individual documents or signatures
Firebase Data
- Automatic Deletion: All session data is automatically deleted after 5 minutes
- Immediate Deletion: Session data is also deleted immediately after signature capture
Complete Data Removal
To completely remove all extension data:
- Delete all signatures and documents from the extension’s library
- Uninstall the extension
- This will remove all local storage, IndexedDB, and extension data
Children’s Privacy
This extension is not directed at children under 13. We do not knowingly collect data from children.
Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the “Last Updated” date at the top of this document.
Contact
If you have questions about this privacy policy or data handling:
- Email: signdrop@mayorov.co
Your Rights
You have the right to:
- Access your data (stored locally in your browser)
- Delete your data (using the extension’s interface)
- Export your data (download signed documents)
- Uninstall the extension at any time
Compliance
This extension complies with:
- Chrome Web Store Developer Program Policies
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
Summary: SignDrop stores all your documents and signatures locally on your device. The only external service used is Firebase, and only for the optional phone signature feature, where data is temporary (5 minutes) and automatically deleted. We do not collect, track, or share any personal information.