Mohor.dev Logo Mohor.dev
Get API Keys

Privacy Policy

Last updated:

Mohor.dev ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at mohor.dev or use our eSignature API platform and related services.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our site and services.

1. Information We Collect

Information You Provide Directly

  • Account details: Email address, username, and hashed password for registered users.
  • Billing information: Payment details processed securely by our payment processor; we do not store full card numbers.
  • Waitlist data:Email addresses provided when joining our pre-launch or feature waitlists.

Information Collected Automatically

  • Usage data — pages visited, time spent, referring URLs, and browser type.
  • API request logs — request timestamps, HTTP status codes, and endpoint paths (no request bodies) for monitoring and debugging.
  • Device information — IP address, operating system, and browser version.

Document Data Processed via API (Your End-User Data)

When you use our Service to process PDFs or facilitate electronic signatures, we temporarily receive the documents, metadata, and signer information you transmit to our API.

2. Data Roles & DPDP Act Compliance

We process personal data in compliance with India's Digital Personal Data Protection (DPDP) Act.

  • When you create an account: Mohor.dev acts as the Data Fiduciary regarding your account, billing, and usage data.
  • When you process documents: You act as the Data Fiduciary for any personal data contained within the documents and signature requests you send through our API. Mohor.dev acts solely as a Data Processor on your behalf. You are responsible for securing the necessary consents from your end-users before transmitting their data to us.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our API, webhook infrastructure, and eSignature services.
  • To process transactions and send related billing information.
  • To monitor and analyze usage patterns in order to improve our platform.
  • To detect, prevent, and address technical issues or abuse.
  • To comply with legal obligations.

4. Sharing Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • Service providers — trusted third parties who assist in operating our website and services (e.g., payment processors, email delivery, hosting), under strict data processing agreements.
  • Legal requirements — when required by law or in response to a valid legal process.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, where the acquiring party agrees to honor this policy.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. These include:

  • Essential cookies — required for the website to function and cannot be switched off.
  • Analytics cookies — help us understand how visitors interact with our site (anonymized data only).

You can control cookie preferences through your browser settings. Disabling cookies may affect site functionality.

6. Data Retention

  • Account Data: We retain your personal account information for as long as your account is active or as needed to provide our services.
  • Document Data: Processed documents and their associated data payloads submitted via our API are automatically and permanently deleted from our servers thirty (30) days after processing.
  • Signature Certificates: Cryptographic signature certificates associated with your processed documents will remain accessible and can be generated for as long as you maintain a valid, active account.
  • Logs & Waitlists: API request logs are retained for up to 90 days. Waitlist emails are retained until you opt out or create a full account.

7. Data Security

We implement industry-standard security measures to protect your information, including TLS encryption in transit, encrypted storage for sensitive data, and strict access controls. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that inaccurate or incomplete data be corrected.
  • Deletion — request the erasure of your personal data.
  • Grievance Redressal — the right to readily available means of grievance redressal under the DPDP Act.

To exercise any of these rights, please contact us using the details in Section 10. If you are an end-user who signed a document via a Mohor.dev customer, please reach out to that customer (the Data Fiduciary) directly to exercise your data rights.

9. Children's Privacy

Our services are designed for developers and businesses and are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Mohor.dev

Guwahati, Assam, India

Email: privacy@mohor.dev

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page and, where appropriate, by sending you an email notification. Your continued use of our services after such changes constitutes your acceptance of the revised policy.