Privacy Policy

SignDrop · Last updated July 2026

Overview

SignDrop is a Chrome extension that lets you sign PDF documents directly in your browser. We are committed to protecting your privacy and being transparent about how we handle your data.

Data Collection and Storage

What we store (on your device only)

Temporary session data (optional "Sign with Phone" feature)

When you choose to sign using your phone via QR code, a short-lived session is created in Firebase Realtime Database to pass the signature from your phone to the extension. It contains:

Sessions automatically expire after 5 minutes and are deleted immediately once the signature is captured. This is the only feature that uses any external service — if you never use "Sign with Phone," no data ever leaves your device.

What we do NOT collect

Permissions

Host permissions for *.firebaseio.com, *.firebaseapp.com, *.googleapis.com, and *.googleusercontent.com support the optional phone-signature feature and reading PDFs from Gmail/Google Drive.

Third-Party Services

The only external service used is Firebase (Google), and only for the optional "Sign with Phone" feature — for temporary session coordination between your desktop and phone. Data is limited to a session ID, status, and signature image, transmitted over HTTPS, and automatically deleted after 5 minutes. Database rules enforce strict validation and size limits and prevent unauthorized access. See Firebase's privacy policy.

Data Security

Data Retention and Deletion

Children's Privacy

This extension is not directed at children under 13, and we do not knowingly collect data from children.

Your Rights

You can access your data (stored locally in your browser), delete it via the extension's interface, export it by downloading signed documents, and uninstall the extension at any time.

Compliance

This extension is built to comply with the Chrome Web Store Developer Program Policies, the GDPR, and the CCPA.

Changes to This Policy

We may update this policy from time to time. Changes are reflected in the "Last updated" date above.

Contact

Questions about this policy or data handling: signdrop@mayorov.co

In short: SignDrop stores all your documents and signatures locally on your device. The only external service is Firebase, used solely for the optional phone-signature feature, where data is temporary (5 minutes) and automatically deleted. We do not collect, track, or share any personal information.