Legal

Privacy Policy

Last updated: 6 March 2026

1. Who We Are

SigDaddy is a product of TouchBasePro (Pty) Ltd ("we", "us", "our"), a company registered in South Africa. We provide automated email signature management for Microsoft 365 organisations.

For questions about this policy, contact us at privacy@sigdaddy.com.

2. What Data We Collect

We collect and process only the minimum data necessary to provide our service:

2.1 Microsoft 365 Profile Data

When you connect your Microsoft 365 tenant, we access user profile information via the Microsoft Graph API to populate email signature merge fields. This includes:

  • Display name, first name, last name
  • Job title and department
  • Email addresses
  • Business phone numbers
  • Office location
  • Company name

This data is cached in memory for up to one hour to ensure fast processing and is never persisted to disk or database.

2.2 Email Processing Data

We do NOT store email content.

SigDaddy processes emails in transit to inject signatures. We do not store, log, or retain the body of any email. The only email metadata we store is the subject line, which is used solely for push notification delivery.

For each processed email, we store the following metadata for usage reporting and diagnostics:

  • Sender email address (hashed in logs for privacy)
  • Recipient count (not addresses)
  • Email subject line (for notification display only)
  • Processing timestamp
  • Template used
  • Processing status (success/failure)

2.3 Tracking Data

If email tracking is enabled for your domain (it is on by default), we collect:

  • Email open events (timestamp, approximate location via IP geolocation, device type)
  • Link click events (timestamp, URL clicked)
  • User agent data (to filter automated bot activity)

Tracking can be disabled per-domain from the SigDaddy portal, or per-email by the sender using the SigDaddy-NoTrack email category.

2.4 Push Notification Data

If you enable push notifications, we store your browser's push subscription endpoint (a URL and encryption keys). This is used solely to deliver real-time email open and click notifications.

2.5 Account and Billing Data

  • Microsoft Entra ID (Azure AD) identifiers
  • Company name and domains
  • Subscription status and plan details
  • Usage counts for billing purposes

3. How We Use Your Data

We use the data described above exclusively to:

  • Inject branded signatures into your organisation's outbound emails
  • Populate signature merge fields with current profile data
  • Provide email engagement tracking (opens and clicks)
  • Deliver push notifications about email activity
  • Generate usage reports and calculate billing
  • Diagnose service issues and ensure reliability

4. Data Storage and Security

All data is stored in Microsoft Azure data centres located in South Africa North. We use:

  • Azure SQL Database with encryption at rest (TDE)
  • TLS 1.2+ for all data in transit
  • Microsoft Entra ID for authentication (no passwords stored)
  • Azure Container Apps with private VNET networking

5. Data Sharing

We do not sell, rent, or share your data with third parties, except:

  • Microsoft Azure: Our hosting provider, under Microsoft's privacy commitments
  • Microsoft Graph API: To send processed emails and retrieve user profiles
  • Legal requirements: If required by law or valid legal process

6. Data Retention

  • User profile cache: 1 hour (in-memory only)
  • Processing logs: 90 days
  • Tracking data: 90 days
  • Audit trail: 1 year
  • Billing data: As required by law (typically 5 years)

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where applicable)

To exercise these rights, contact privacy@sigdaddy.com.

8. POPIA Compliance (South Africa)

As a South African company, we comply with the Protection of Personal Information Act (POPIA). Our Information Officer can be reached at privacy@sigdaddy.com.

9. Cookies

The SigDaddy marketing website (www.sigdaddy.com) does not use cookies. The SigDaddy customer portal uses essential authentication cookies only — no analytics or advertising cookies.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the SigDaddy portal. The "Last updated" date at the top indicates when the policy was last revised.

11. Contact

TouchBasePro (Pty) Ltd
Email: privacy@sigdaddy.com
Website: www.sigdaddy.com