Product & compliance answers

Your dashboard acts as mission control. It gives a complete overview of active and inactive Gates, shows each Gate name, the whitelisted email addresses, and a real-time log of who signed and when.

That depends on your Gate configuration. If you leave a Gate open, anyone who verifies their email can sign and access it. If you enable whitelist mode, only the specific email addresses you entered can attempt access.

Yes. You can gate Notion, Figma, Canva, Google Docs, and personal website URLs. SignToSee protects access to the URL itself. If the destination has its own login or paywall, the recipient must still complete that external access flow.

A signature for a specific Gate is recorded as a validated session. To preserve monthly signature capacity, instruct clients to bookmark the destination URL after unlock, rather than re-entering the SignToSee Gate every visit.

No. By default, links have a maximum lifetime of 1 day to support urgency and security. You can adjust expiry windows, reactivate expired links, or permanently delete Gates from the dashboard.

You cannot modify the original uploaded payload behind an existing Gate. SignToSee creates a SHA-256 fingerprint of the exact file to preserve tamper-evident record integrity. If you need a new version, create a new Gate.

Two scenarios exist. 1. If they share the SignToSee Gate link and whitelist mode is enabled, unauthorized third parties are blocked during verification. 2. If they share the raw destination URL after unlocking, they bypass your intended access workflow. Your access log still documents who accessed and accepted the consent terms in SignToSee.

No. SignToSee is an access control layer, not DRM. No software can fully prevent out-of-band capture, such as a camera photo of a monitor. SignToSee documents access and acceptance of consent terms.

Use SignToSee as an access control layer, and combine it with strict operational hygiene: - Never share your master workspace. Create isolated client files. - Keep destination permissions view-only unless active collaboration is required.

We log access fields needed to establish a verifiable consent trail under eIDAS while minimizing GDPR risk: - Timestamp with timezone - Signer identity via verified email (reversibly encrypted at rest) - Network and device context (hashed IP representation plus user-agent) - Document metadata, including size and SHA-256 fingerprint for uploaded files - Cryptographic chain linkage so tampering breaks integrity checks

Access logs are retained while your account exists. Deleting a Gate does not remove associated access records because historical accepted terms must remain intact. Full account deletion follows GDPR right-to-erasure processes.

No. The recipient flow is intentionally lightweight: they verify their email and accept the terms once, then they can access the protected content. It should feel like a short security check, not a burden.

Yes. You are welcome to have counsel review your setup. SignToSee provides a standard consent notice with configurable variables and an eIDAS-compatible access log. SignToSee does not provide legal advice.

No marketing trackers are used on recipient Gate pages. No ad pixels and no invasive third-party marketing analytics are included. Only strictly necessary functional components are used for secure verification and session flow.

Abuse monitoring is active. Accounts distributing malware, phishing, or illegal content are terminated, data access is locked, and escalation to relevant European authorities may occur as required.

- Scout: 1 active link, 3 creations per month, 5 signatures per month - Sentinel: up to 15 active links, 50 creations per month, 150 signatures per month - Sentinel +: everything in Sentinel + 5GB hosted storage for encrypted files.

Guardian accounts have a total hosted storage cap of 5GB at any given time. You can delete older Gates and hosted files to free capacity for new uploads.

Yes. You can cancel at any time. Premium features remain available through the current billing period, then the account downgrades to Scout. Unused-time prorated refunds are not provided.

Infrastructure is deployed on EU-sovereign platforms with high-availability controls. No platform guarantees absolute uptime. During incidents, preserving access log integrity is prioritized and status communication is handled transparently.

No. Bring-your-own legal text is not supported. SignToSee uses a locked standard consent notice and lets you configure only these variables: assessed value, penalty multiplier, duration, and jurisdiction country.

Our base template is deliberately clean and simple. The 'Personal Additions' section is entirely optional, allowing you to attach specific legal mechanics if needed. For example, you can add a 'Liquidated Damages Penalty' clause to establish a predefined monetary compensation if your confidential information is misused. SignToSee provides these structural placeholders but does not offer legal advice on what to include. You are solely responsible for ensuring any personal clauses and penalty values are enforceable in your chosen jurisdiction.

eIDAS states that electronic signatures cannot be denied legal effect solely because they are electronic. SignToSee provides technical records of access, identity linkage, and acceptance flow. It does not guarantee legal outcomes in any specific situation.

The system binds recipient identity signals, acceptance event timing, and the consent payload context into a tamper-evident access structure. This creates a cryptographic bond between accepted terms and the signer session record.

Historical access records remain intact. Signed events preserve the exact term state at acceptance time, so later template changes do not retroactively alter prior accepted records.