Privacy Policy
How Newsie Agreements handles your information
1. Information We Collect
The Service is designed primarily for authenticated use by Members. In the course of operating the system, the following categories of information may be collected and stored:
- Account information such as name, email address, role (admin, tycoon, operator), and profile details (for example, address and contact information).
- Authentication data including password hashes, optional two-factor authentication (2FA) secrets, and token-based session information.
- Agreement and exhibit content including draft and executed agreements, exhibits, and related HTML or PDF content associated with a specific user or role.
- Territory and referral data such as assigned territories, ZIP/postal codes, and referral relationships managed within the system.
- Signature data including electronic signature images or data URLs and associated metadata such as timestamp, IP address, and browser user agent.
- Operational logs generated as part of system behavior (for example, access attempts, errors, and security events) to support troubleshooting and auditing.
2. How We Use Information
Information collected through the Service is used to operate and improve the system and to support legitimate business purposes, including:
- Authenticating Members and enforcing role-based access control.
- Creating, editing, managing, and executing TyCoon and Operator agreements and exhibits.
- Managing territories, assignments, and referrals and generating related reports and documents.
- Generating and storing PDF copies of agreements and exhibits for record-keeping and compliance.
- Communicating with Members about account status, security events, and operational updates.
- Maintaining system security, monitoring for misuse, and improving reliability and performance.
3. Authentication, Cookies, and Security
The Service uses secure, HttpOnly cookies to maintain authenticated sessions. These cookies contain limited information, such as an encoded token representing your identity, role, and token expiration. Cookies are configured with security-focused options (for example, SameSite and Secure flags where applicable).
The system also includes:
- Optional 2FA using time-based one-time codes (TOTP) where only a secret key and verification data are stored.
- Security headers and CSRF protections to reduce common web security risks.
- Password history tracking to help prevent re-use of recent passwords.
You are responsible for keeping your login credentials and 2FA devices secure and for logging out from shared or public devices.
4. Electronic Signatures and Execution Data
When a Member executes an agreement, the Service may:
- Store the signature image or encoded representation of the signature.
- Record execution metadata such as the time of signing, IP address, and browser user agent.
- Generate and store a PDF copy of the executed agreement and associated exhibits.
This information is retained to demonstrate execution of the agreement, to support compliance, and for audit and record-keeping needs.
5. Territories, Referrals, and Related Data
Territory and referral data is used to:
- Associate TyCoons and Operators with specific geographic areas and postal codes.
- Populate exhibits and other documents that describe territory rights and responsibilities.
- Support operational reporting and territory management tools available to admins.
This information is treated as confidential business information and is accessible only to authorized roles for legitimate purposes.
6. Email and Communications
The Service may send emails using integrated email services (for example, via SendGrid) to:
- Deliver password reset links and security notifications.
- Inform admins or Members of system or agreement-related updates.
- Contact specific roles or user segments as configured in the system.
Emails are primarily operational and security-related. Your email address is not provided to unrelated third parties for their independent marketing purposes through this Service.
7. Data Sharing and Disclosure
Information collected via the Service may be shared:
- With authorized admins and roles within the organization who require access to perform their duties.
- With service providers who support hosting, email delivery, or other technical operations, under suitable confidentiality obligations.
- As required by law, regulation, or valid legal process, or to protect the rights, property, or safety of the organization, Members, or others.
8. Data Retention
Account, agreement, and territory data may be retained for as long as necessary to:
- Operate the Service and maintain accurate records of agreements and assignments.
- Comply with legal, regulatory, or contractual requirements.
- Support dispute resolution, audit, and security investigations.
Where feasible, data that is no longer needed may be archived or anonymized.
9. Your Responsibilities and Choices
Within the Service, you may be able to:
- View and update certain profile information through your dashboard or profile pages.
- Enable or disable 2FA for your own account from the Security page, where permitted.
You agree to keep your information accurate and to notify an administrator if you believe any stored information is incorrect or if you suspect unauthorized access.
10. Security
The Service uses technical and organizational measures such as secure configuration, authentication controls, and regular updates to help protect information. However, no system can guarantee absolute security. You acknowledge that electronic transmission and storage of data carry inherent risks.
11. Changes to This Policy
This Privacy Policy may be updated from time to time to reflect changes in the Service or legal requirements. When updates occur, a revised version may be posted within the application. Continued use of the Service after an update constitutes acceptance of the revised policy.
12. Contact
If you have questions about this Privacy Policy or how your information is handled within the Service, please contact the system administrator.