Privacy Policy
Last updated: June 6, 2026
Signed is a signature creator and PDF signing app made by Worth A Try Co. This policy explains, in plain English, what we collect, why, and what control you have over it.
We built Signed with a local-first architecture because your documents are none of our business. Your signed PDFs, your signatures, your initials — they live on your device and only on your device. We wrote this policy to say exactly what little we do touch.
The short version (the important bit)
Your documents are never uploaded to our servers. Period.
Signed is local-first. Every signature you draw, scan, import, or generate with AI is stored on your device. Every PDF you import, work on, and sign stays on your device. We never see the content of your documents. We never have access to what you’re signing or who you’re signing for.
That’s the headline. The rest of this policy covers the small amount of non-document data the app does use to run.
1. What we collect
Things you type into the app
- Your name for AI signature generation. When you use the AI signature feature, the name you type is sent to Google’s Gemini model (via Firebase AI) to generate a handwritten-style signature image. Once the image is returned and saved to your device, we don’t retain your name on any server. Google’s use of this data is governed by their privacy policy.
Things we collect automatically
- An anonymous identifier. When you first open the app, Firebase creates a random ID for your device session — no name, no email, no phone number attached. This ID is used to map your subscription status (so we know which device is subscribed) and to anonymize analytics. It is not linked to your identity in any way we can access.
- App usage events. Which screens you visit, which features you use, whether you completed onboarding. These are collected via Mixpanel and are anonymized — they’re tied to the anonymous ID above, not to you personally. We use them to understand how people use the app so we can improve it.
- Crash reports. If the app crashes, Firebase Crashlytics collects the stack trace, device model, iOS version, and app version. This does not include any document content or signature images.
- Subscription status. RevenueCat tracks whether you have an active subscription, your subscription tier (monthly or yearly), and purchase dates. We never see your payment method — Apple handles billing entirely.
What we don’t collect
- Your documents, PDFs, or their contents — ever.
- Your signature images, initials, or any signing assets — these never leave your device.
- Your email address, Apple ID, name, or any personal account information. Signed has no accounts. There is no login.
- Your location.
- Your contacts.
- Your browsing history.
Camera and photo library
When you scan a document or import an image to use as a signature, the camera and photo library are accessed on your device. Image data is processed locally and saved to your device’s storage. No image is transmitted to our servers.
Face ID / biometrics
If you enable the Face ID lock, authentication is performed entirely by iOS’s local biometric system. We never receive or store any biometric data.
2. How we use what we collect
- To generate your AI signature. Your typed name is sent to Gemini once per generation request and not stored on our servers after the response is returned.
- To manage your subscription. RevenueCat lets us verify that the device has an active
proentitlement so we can unlock the app’s features. - To fix bugs. Crashlytics crash reports help us identify and fix problems in the app.
- To understand how the app is used. Mixpanel analytics help us see which features are being used, where people drop off in onboarding, and whether changes we make improve the experience.
- To meet legal obligations. We retain the minimum records required by law (e.g., receipts for subscription transactions).
Things we don’t do:
- We don’t sell your data. Not to advertisers, not to data brokers, not to anyone. Not ever.
- We don’t share your data with third parties except the providers listed below, and only for the purposes described.
- We don’t use anything collected in this app to train AI models. The Gemini calls we make are inference-only.
- We don’t share data with law enforcement unless legally compelled to, in which case we can only provide what we have — which is an anonymous ID, crash logs, and subscription status, not your documents.
3. Third-party services we use
| Provider | What it does for Signed | Their Privacy Policy |
|---|---|---|
| Firebase (Google) | Anonymous auth, AI signature generation (Gemini), crash reporting (Crashlytics) | policies.google.com/privacy |
| RevenueCat | Subscription management and entitlement verification | revenuecat.com/privacy |
| Mixpanel | Anonymous usage analytics | mixpanel.com/legal/privacy-policy |
These are the only third-party services the app communicates with. There are no advertising SDKs, no social media SDKs, and no data-broker integrations.
4. Data storage and security
On your device: Signatures, initials, imported PDFs, and signed PDFs are stored in the app’s private container on your iOS device, protected by iOS’s standard encryption at rest. We use path_provider to write files to the app sandbox — they are not accessible to other apps.
On our servers: We don’t store your documents or signatures on any server. The only server-side data tied to your anonymous ID is subscription status (RevenueCat) and crash logs (Crashlytics). Mixpanel analytics are stored on Mixpanel’s infrastructure in anonymized form.
Backups: If you have iCloud Backup enabled, Apple may back up the app’s data (including your signatures and PDFs) to iCloud as part of the device backup. This is controlled by iOS settings, not by Signed. We recommend keeping device backups enabled so you don’t lose your signing assets if you change devices.
5. Data retention and deletion
Signatures and PDFs exist only on your device. Deleting the app removes them permanently. We have no copy and cannot restore them.
Anonymous ID: If you uninstall the app, Firebase’s anonymous user record remains in Firebase Authentication until it is automatically purged (Firebase purges inactive anonymous users after a period of inactivity). We have no way to identify and delete the record on request because it isn’t linked to any personal identifier we could use to find it.
Analytics and crash data are retained by Mixpanel and Crashlytics according to their own retention policies, in anonymized or pseudonymized form.
Subscription records are retained by RevenueCat and Apple for the period required by their terms and applicable law.
6. Children’s privacy
Signed is not directed at children under 13 (or under 16 in the EU/EEA). We don’t knowingly collect personal information from children under these ages. If you believe a child has provided personal information through the app, please contact us and we will delete it.
7. Your rights (GDPR / CCPA and similar)
Because Signed does not collect personally identifiable information (we use only an anonymous device-level ID), most data-subject rights don’t have a practical mechanism to apply. Specifically:
- Access / portability: Your documents and signatures are already on your device — you have full access to them.
- Deletion: Uninstalling the app deletes your on-device data. We cannot delete anonymous analytics records because they aren’t linked to an identity.
- Opt-out of analytics: You may contact us at the address below and we will opt your anonymous ID out of Mixpanel analytics collection on a best-effort basis.
If you are in the EU/EEA and believe you have rights that cannot be satisfied by the above, please contact us.
8. Changes to this policy
We’ll update this policy when the app changes in ways that affect data handling. We’ll update the “Last updated” date at the top. If the changes are material, we’ll note them in the app’s release notes.
9. Contact
Worth A Try Co Email: hello@worthatry.co
If you have questions about this policy or how your data is handled, email us. We respond to privacy inquiries personally — you’re not going to get an automated form response.