Privacy Policy

Last updated: 15 June 2026

SignTidy is an email-signature management service for Microsoft 365. This page explains, in plain terms, what data we use and why.

What we access

When an administrator connects Microsoft 365, we sign in using Microsoft’s standard sign-in (OAuth). We never see or store your Microsoft password — authentication happens on Microsoft’s own login page. With your organisation’s permission we read directory details (such as name, job title, phone number, email address and photo) so we can fill those into each person’s signature.

What we do not do

We do not read, send, or reroute your email. Nothing sits in your mail flow. Signatures are applied on the device through the Outlook add-in.

What we store

We store your signature templates, marketing banners, and the directory fields needed to render signatures. Data is held in our database (Supabase) on infrastructure secured by Cloudflare.

Who we share it with

We do not sell your data. We rely on a small number of service providers to run SignTidy: Microsoft (sign-in and directory), Cloudflare and Supabase (hosting and storage), and Dodo Payments (billing). Each only receives what it needs to provide its service.

Your control

You can disconnect SignTidy from Microsoft 365 at any time, which stops all access. To request export or deletion of your data, email support@signtidy.com.

Contact

Questions about privacy? Email support@signtidy.com.