Documentation Index
Fetch the complete documentation index at: https://docs.spitshake.io/llms.txt
Use this file to discover all available pages before exploring further.
Who we are
IVERIFI, LLC is a Connecticut limited liability company doing business as SpitShake and wholly owned by ADS CORP. Where this policy refers to “we”, “us”, or “SpitShake”, it means IVERIFI, LLC. Where it refers to “Tenant”, it means the organization that uses SpitShake to send documents for signature.Who is the controller of your data
SpitShake is a business-to-business-to-consumer (B2B2C) service. That changes who is legally responsible for your data depending on who you are:- If you are a Tenant administrator — an individual who works at or for an organization that subscribes to SpitShake — we are the controller of your data under GDPR and equivalent laws.
- If you are a Signer — an individual invited by a Tenant to sign a document — the Tenant is the controller of your personal data, and we are the processor acting on the Tenant’s documented instructions. For requests about your data in that role, contact the Tenant that invited you. We will assist the Tenant as described below.
- If you are visiting our marketing website without an account, we are the controller for any information collected through that visit.
Corporate family
We disclose upfront that ADS CORP, our ultimate parent, may receive limited data from us for corporate governance, finance, and internal audit purposes. Sharing within the corporate family is limited to what is necessary for those purposes and is not a transfer to an independent third party. ADS CORP is listed here for transparency under GDPR Article 13 and CCPA § 1798.140.What we collect and why
We collect different categories of data depending on how you interact with us.1. Tenant administrator data (we are controller)
| Category | What it includes | Purpose | GDPR legal basis |
|---|---|---|---|
| Identifiers | Name, work email, optional phone | Account creation, authentication, communication | Contract (Art. 6(1)(b)) |
| Authentication | Password hashes, MFA secrets, API tokens | Keeping your account secure | Legitimate interest (Art. 6(1)(f)) |
| Billing | Payment card information (tokenized via Stripe), billing address, tax ID | Processing subscription payments | Contract (Art. 6(1)(b)); Legal obligation for tax records (Art. 6(1)(c)) |
| Usage | Admin click events, session metadata | Product improvement on the admin console only | Legitimate interest (Art. 6(1)(f)) |
| Device + network | IP address, user-agent, approximate location (IP-derived) | Security, fraud prevention, geographic performance | Legitimate interest (Art. 6(1)(f)) |
| Communications | Support tickets, product feedback | Support delivery | Contract (Art. 6(1)(b)) |
2. Signer data (Tenant is controller; we are processor)
When a Tenant uses SpitShake to invite someone to sign, we process the Signer’s data strictly on the Tenant’s instructions. Categories include the Signer’s name and email, any phone or identifier the Tenant chose to collect, the Signer’s signature mark and typed field values, device and connection metadata captured during the signing session, timestamps, and — where the Tenant uses our identity-bound signing — a cryptographically signed handoff token containing a verified-name claim from a third-party verifier.3. Website visitor data (we are controller)
Pages you visit on our marketing site, standard server logs, and cookies set under the Cookie Policy.What we do NOT do
- We do not sell your personal information as that term is defined under CCPA/CPRA and analogous state laws.
- We do not share your personal information for cross-context behavioral advertising.
- We do not use Signer content to train machine-learning or artificial-intelligence models. Full stop — not for our own models, not for any third party’s.
- We do not run analytics or marketing trackers on signer-facing signing pages. Our product analytics runs only on the tenant administrator console.
How we share data
We share personal information only:- With subprocessors we engage to operate the service — listed with their purposes and regions at /legal/subprocessors.
- Within the corporate family (ADS CORP) for the limited governance, finance, and audit purposes noted above.
- With Tenants — for Signer data processed on the Tenant’s behalf, the Tenant has full control and receives the data by virtue of being the controller.
- In response to legal process — when we reasonably believe disclosure is required by law, court order, or other governmental demand. Where lawful and practicable, we will notify the affected Tenant or individual before disclosure.
- In a corporate transaction — if we are involved in a merger, acquisition, or sale of substantially all of our assets, personal information may be transferred as part of that transaction. We will notify affected Tenants and individuals of a change of control.
International transfers
SpitShake operates primarily from the United States. If you are located in the European Economic Area, the United Kingdom, or Switzerland, your personal information may be transferred to, stored in, or processed in the United States. Where those transfers occur, they are protected by:- The EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), Modules 2 and 3 as applicable, between IVERIFI, LLC as data importer and the Tenant (or, where we are controller, directly with you as data exporter).
- The UK International Data Transfer Addendum (IDTA) for UK personal data.
- The Swiss FADP addendum for Swiss personal data.
Retention
We retain personal information only as long as necessary for the purpose it was collected, with the following concrete schedule:| Category | Retention |
|---|---|
| Completed signing session + audit certificate | 7 years from the date of execution (for legal defensibility under ESIGN/UETA/eIDAS). Audit chains are not individually re-identifiable once the associated Tenant account is terminated, unless preserved for a litigation hold. |
| Draft signing sessions (not executed) | 90 days from last activity, then purged. |
| Signer identifiers (name/email) after completion | Hashed for post-completion retention where re-identification is not required. |
| Billing records | 7 years for tax compliance. |
| Application server logs | 90 days rolling. |
| Security audit logs (login, MFA, administrative actions) | 7 years to support HIPAA-aligned audit trails. |
| Support tickets | 3 years from case closure. |
| Marketing-list data (where you opted in) | Until you unsubscribe, plus 30 days for audit. |
Your rights
Depending on where you live, you may have the following rights. Where a right applies under the law of your jurisdiction, we will honor it — regardless of the specific label your law uses.- Access — ask what personal information we hold about you.
- Rectification — correct inaccurate data.
- Erasure / deletion — request deletion, subject to exceptions (e.g., audit-chain retention, legal holds, tax records).
- Portability — receive your data in a structured, machine-readable format.
- Restriction — ask us to stop processing in certain ways.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where we rely on consent, withdraw it (does not affect prior lawful processing).
- Opt out of “sale” or “sharing” — not applicable because we do neither.
- Limit the use of sensitive personal information — applicable under CPRA.
- Non-discrimination — you will not receive a worse service because you exercised a privacy right.
How to exercise these rights
- If we are the controller of your data (tenant administrator or website visitor), email privacy@spitshake.io. Include enough information for us to locate and verify your record. We will respond within the period your law requires (30 days under GDPR, 45 days under CCPA; extensions as allowed).
- If you are a Signer and want to exercise rights over data the Tenant controls, contact the Tenant directly — they received your data by virtue of inviting you to sign and are the controller. If you contact us by mistake, we will forward your request to the relevant Tenant and let you know we did.
Global Privacy Control
We honor the Global Privacy Control (GPC) browser signal as a valid opt-out of any “sale” or “sharing” of personal information under CPRA. Because we do not sell or share personal information in the first place, GPC does not materially change our practices — but we log and respect the signal.California-specific disclosures
Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), California residents have the rights listed in the previous section. The table below maps the categories of personal information we have collected in the preceding 12 months to their sources, purposes, and recipients:| CCPA category | Collected? | Sources | Business purposes | Recipients |
|---|---|---|---|---|
| Identifiers (name, email, IP) | Yes | Directly from Tenant admins; from Tenants on behalf of Signers | Service delivery, auth, security | Subprocessors; corporate family; legal process |
| Commercial info (subscription records) | Yes | Billing events | Billing, tax compliance | Stripe; corporate family |
| Internet / network activity | Yes | Device/browser | Security, product improvement | Subprocessors (Sentry for error diagnosis; PostHog for admin-console analytics) |
| Geolocation (IP-derived, approximate) | Yes | Device | Security, fraud prevention, regional performance | Subprocessors; corporate family |
| Professional / employment | Limited | Tenant admins during signup | Account management | Corporate family |
| Inferences | Limited | Admin-console usage | Product improvement | Subprocessors |
| Sold / shared for cross-context advertising | No | — | — | — |
Children
Our service is business-to-business and is not directed to children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have received information from a child, contact privacy@spitshake.io and we will promptly delete it.Security
We maintain the following measures to protect personal information today — we describe what is actually in place, not what we plan to add:- TLS for data in transit.
- AES-256 encryption at rest, including column-level encryption on identifier and metadata fields using Rails ActiveRecord Encryption, and a per-document encryption pipeline for signed PDF content.
- Multi-factor authentication enforced on all administrative accounts.
- Cryptographically chained audit log, append-only, enforced at the database level, with SHA-256 chaining — supporting HIPAA-aligned audit trails.
- RFC 3161 trusted timestamping on signed PDFs via an external TSA.
- Pre-merge security review: automated Brakeman static analysis and test-suite gating on every deploy.
- Subprocessors bound by data-processing terms at least as protective as ours.
Changes to this policy
Material changes will be notified by email to Tenant administrators and posted on this page. For most changes, the new version takes effect on the next renewal of the Tenant’s subscription. Continued use of the service after the effective date constitutes acceptance.Contact
- Privacy questions: privacy@spitshake.io
- Data protection officer: dpo@spitshake.io
- Security reports: security@spitshake.io
- Postal mail: IVERIFI, LLC, attn: Privacy, [mailing address on file with the CT Secretary of State — to be published in final version]
Last updated: 2026-04-19. Jurisdictional sections tailored to EU and UK data subjects (including appointment of an Article 27 representative) will be added in the next revision.