Data Deletion & Retention

Last updated: June 8, 2026

This page explains how Instant Signer Ltd ("Instant Signer") retains data, how you can request its deletion, and how to revoke the access you granted to your Google Workspace or Microsoft 365 environment.

1. How to request data deletion

You can delete your data in any of the following ways:

  • Self-service: an administrator can remove users, disconnect a directory, or delete the workspace from within the Instant Signer console at console.instantsigner.com.
  • By email: send a deletion request to privacy@instantsigner.com from an administrator or registered account address. We confirm receipt and complete verified requests within 30 days.

We may need to verify your identity and authority before processing a request to protect against unauthorized deletion.

2. What we delete

  • Directory attributes synced from Google Workspace or Microsoft Entra ID (names, titles, departments, phone numbers, photos).
  • Signature templates, assignments, banners, and disclaimers.
  • Account, configuration, and administrator profile data.
  • Associated logs and analytics, subject to the periods below.

For server-side signature stamping, message content is processed in transit and is never stored, so there is no email content to delete.

3. Revoking Google and Microsoft access

Deleting your data also stops future access, and you can revoke the permissions you granted at any time:

  • Google Workspace: remove Instant Signer from your Google Account permissions at myaccount.google.com/permissions, or as an admin from the Google Admin console.
  • Microsoft 365:remove the Instant Signer enterprise application from Microsoft Entra admin center → Enterprise applications.

4. Retention periods

  • Active accounts: we retain data for as long as your account is active and you use the Services.
  • After termination: customer and directory data is deleted or returned within 30 days of account closure, in line with our Data Processing Agreement.
  • Backups: residual copies in encrypted backups are purged on a rolling cycle, normally within 90 days.
  • Legal holds: we may retain limited data longer where required to comply with law, resolve disputes, or enforce agreements.

5. Limited use of provider data

Information received from Google APIs is handled in accordance with the Google API Services User Data Policy, including the Limited Use requirements, and data received through Microsoft APIs is handled in accordance with the Microsoft APIs Terms of Use. See our Privacy Policy for full details.

6. Contact

For any question about deletion or retention, email privacy@instantsigner.com.