Privacy Statement

This Privacy Statement explains how Wesignit collects, uses, stores, protects, and discloses personal information and organizational data in connection with WeSignIt Signature, including our Outlook add-in, related web applications, Microsoft 365 integrations, APIs, onboarding workflows, and support operations.

Effective Date: March 9, 2026
Provider: Wesignit Inc.
Contact: privacy@wesignit.ca

1. Scope

This Privacy Statement applies to WeSignIt Signature and related services used to manage, generate, apply, deliver, and administer email signatures and associated policy controls in Microsoft 365 environments.

It covers data processed through:

• the WeSignIt Outlook add-in for Outlook Desktop, Outlook on the web, Outlook for iOS, and Outlook for Android, where supported;
• the Wesignit administrative and onboarding interfaces;
• our backend APIs, policy engine, signature rendering and delivery systems;
• identity, authentication, telemetry, security, and support workflows related to the service.

2. Categories of Information We Process

Depending on how the service is configured and used, Wesignit may process the following categories of information:

• Account and identity data, such as tenant identifiers, user object identifiers, hashed identifiers, sign-in metadata, account aliases, and administrative role indicators.
• Contact and directory data, such as display name, work email address, job title, department, phone number, office information, group membership, and related directory attributes made available through Microsoft 365 or Microsoft Graph.
• Mailbox and signature context data, such as mailbox context, shared mailbox identifiers, selected signature template, policy evaluation inputs, and signature application state.
• Template and branding content, such as logos, social links, disclaimers, campaign banners, custom fields, and signature HTML or text content configured by the customer.
• Technical and device data, such as IP address, user agent, host environment, device signals, runtime identifiers, token metadata, security telemetry, and related service diagnostics.
• Operational and audit data, such as request identifiers, flow identifiers, provisioning events, administrative actions, policy changes, delivery confirmations, and service logs.
• Support and communications data, such as support requests, troubleshooting information, and communication records when you contact Wesignit.

3. Sources of Information

We may collect information from the following sources:

• directly from customer administrators and users;
• from Microsoft 365, Microsoft Entra ID, Outlook, and Microsoft Graph, subject to the permissions and consents granted by the customer or user;
• from tenant configuration, user actions, and administrative settings within the service;
• from our own systems, logs, telemetry, and security controls;
• from customer-submitted content and support interactions.

4. How We Use Information

Wesignit uses information only as reasonably necessary to operate, secure, support, and improve the service. These purposes include:

• authenticating users and administrators;
• performing tenant onboarding and service provisioning;
• resolving policies, group membership, mailbox context, and template eligibility;
• generating, rendering, and applying email signatures;
• supporting shared mailbox and organizational signature scenarios;
• delivering administrative controls, reporting, auditing, and troubleshooting;
• protecting the service against abuse, fraud, unauthorized access, and security threats;
• maintaining service reliability, availability, and product performance;
• complying with legal obligations and enforcing our contractual rights.

5. Microsoft 365, Microsoft Graph, and Permissions

WeSignIt Signature integrates with Microsoft 365 services. Depending on the feature in use, Wesignit may process data obtained through:

• delegated permissions, where a signed-in user authorizes limited access to information required for user-scoped operations;
• on-behalf-of flows, where our backend acts using the signed-in user’s delegated context to complete supported service operations;
• application permissions, where an authorized customer administrator explicitly grants tenant-wide permissions required for administrative, provisioning, directory, policy, group, or service-level operations.

Customer administrators remain responsible for reviewing and approving permissions granted to the service. Wesignit does not obtain Microsoft 365 data without the permissions and consent flows required by the Microsoft platform and the customer’s tenant configuration.

6. Legal Basis for Processing

Where applicable under data protection law, Wesignit processes personal data on one or more of the following bases:

• performance of a contract or provision of requested services;
• legitimate interests, including service security, fraud prevention, product integrity, and administrative operations;
• compliance with legal obligations;
• consent, where required by law or platform design.

7. Cookies and Similar Technologies

Our websites and service interfaces may use cookies or similar technologies that are strictly necessary for authentication, session continuity, security controls, routing, and user experience. We may also use limited analytics or operational telemetry where permitted by law and customer configuration.

You can control browser cookies through your browser settings, although disabling essential cookies may affect service functionality.

8. How We Share Information

Wesignit does not sell personal information.

We may share information only in the following circumstances:

• with Microsoft and related infrastructure providers as necessary to operate Microsoft 365-integrated service functions;
• with sub-processors, hosting providers, or service providers acting on our behalf and under appropriate contractual controls;
• with the customer organization and its authorized administrators;
• when required by law, regulation, legal process, or lawful government request;
• to protect the rights, safety, security, and integrity of Wesignit, our customers, users, or third parties;
• in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to appropriate safeguards where required.

9. Data Retention

Wesignit retains data only for as long as reasonably necessary for the purposes described in this Privacy Statement, including service delivery, customer support, security, auditing, compliance, dispute resolution, and enforcement of agreements.

Retention periods may vary depending on the type of data, customer configuration, legal obligations, and operational requirements. When data is no longer required, we take reasonable steps to delete, anonymize, or securely dispose of it.

10. Security Measures

Wesignit maintains administrative, technical, and organizational safeguards designed to protect personal information and organizational data against unauthorized access, disclosure, alteration, and destruction.

These safeguards may include access controls, encryption in transit, secure development practices, environment separation, logging, monitoring, authentication controls, device and session protections, and other security mechanisms appropriate to the service.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. International Data Transfers

Wesignit may process or store information in jurisdictions outside your province, state, or country, depending on hosting, support operations, customer configuration, and service infrastructure.

Where required by law, we implement appropriate safeguards for cross-border data transfers.

12. Customer Role and Organizational Use

WeSignIt Signature is primarily a business service used by organizations. In many cases, the customer organization determines the purposes and means of processing for organizational data, while Wesignit acts as a service provider or processor in support of the customer’s use of the service.

If you use the service through your employer or organization, your use may also be subject to your organization’s policies and Microsoft 365 administration.

13. Individual Rights

Depending on applicable law, individuals may have rights relating to their personal information, including rights to access, correct, delete, restrict, object to certain processing, or request portability of personal data.

Because WeSignIt Signature is often deployed and controlled by an organization, requests relating to organizational account data may first need to be directed to the relevant customer administrator or employer.

To make a privacy request, contact privacy@wesignit.ca.

14. Children’s Privacy

The service is intended for business and organizational use and is not directed to children. Wesignit does not knowingly collect personal information directly from children through this service.

15. Changes to This Privacy Statement

Wesignit may update this Privacy Statement from time to time. The most current version will be posted on this page with an updated effective date. Material changes may also be communicated through the service, by administrative notice, or by other appropriate means where required.

16. Contact Us

If you have questions or concerns about this Privacy Statement or our privacy practices, contact:

Wesignit Inc.
Email: privacy@wesignit.ca
Website: https://www.wesignit.ca

17. Related Documents

Terms of Service: https://www.wesignit.ca/termsofservice/