Legal

Privacy Policy

Last updated: 10 March 2026

SigDaddy is a product and registered brand of TouchBasePro (Pty) Ltd. TouchBasePro will never sell or give away your name, mail address, phone number, email address, or any other information to anyone. Any contact lists or databases that you upload remain your intellectual property.

1. Who We Are

SigDaddy is a product of TouchBasePro (Pty) Ltd ("we", "us", "our"), a company registered in South Africa. We provide automated email signature management for Microsoft 365 organisations.

For questions about this policy, contact us at privacy@sigdaddy.com.

2. Personal Information

We will ask you when we need information that personally identifies you (personal information) or allows us to contact you. Generally, this information is requested when you sign up to use our services.

We use your Personal Information for four primary purposes:

  • To make the site easier for you to use by not having to enter information more than once.
  • To help you quickly find software, services or information.
  • To help us create content most relevant to you.
  • To alert you to product upgrades, special offers, updated information and other new services from SigDaddy and TouchBasePro.

If you decide to register, you will be able to select the kinds of information you want to receive from us by subscribing to various services. If you do not want us to communicate with you about other offers regarding TouchBasePro products, programs, events, or services by email, postal mail, or telephone, you may select the option stating that you do not wish to receive marketing messages.

3. What Data We Collect

We collect and process only the minimum data necessary to provide our service:

3.1 Microsoft 365 Profile Data

When you connect your Microsoft 365 tenant, we access user profile information via the Microsoft Graph API to populate email signature merge fields. This includes:

  • Display name, first name, last name
  • Job title and department
  • Email addresses
  • Business phone numbers
  • Office location
  • Company name

This data is cached in memory for up to one hour to ensure fast processing and is never persisted to disk or database.

3.2 Email Processing Data

We do NOT store email content.

SigDaddy processes emails in transit to inject signatures. We do not store, log, or retain the body of any email. The only email metadata we store is the subject line, which is used solely for push notification delivery.

For each processed email, we store the following metadata for usage reporting and diagnostics:

  • Sender email address (hashed in logs for privacy)
  • Recipient count (not addresses)
  • Email subject line (for notification display only)
  • Processing timestamp
  • Template used
  • Processing status (success/failure)

3.3 Email and Contact List Ownership

Email lists and contact data are the actual email addresses that the Customer submits or uploads to SigDaddy. All such data submitted to SigDaddy will remain the property of the Customer. TouchBasePro will not sell this data to any third party. TouchBasePro however reserves the right to be able to sell the entire SigDaddy platform, which will include the management rights of the Customers' data, though the ownership of this data will remain with the Customer who submitted it.

3.4 Tracking Data

If email tracking is enabled for your domain (it is on by default), we collect:

  • Email open events (timestamp, approximate location via IP geolocation, device type)
  • Link click events (timestamp, URL clicked)
  • User agent data (to filter automated bot activity)

Tracking can be disabled per-domain from the SigDaddy portal, or per-email by the sender using the SigDaddy-NoTrack email category.

3.5 Push Notification Data

If you enable push notifications, we store your browser's push subscription endpoint (a URL and encryption keys). This is used solely to deliver real-time email open and click notifications.

3.6 Account and Billing Data

  • Microsoft Entra ID (Azure AD) identifiers
  • Company name and domains
  • Subscription status and plan details
  • Usage counts for billing purposes

4. How We Use Your Data

We use the data described above exclusively to:

  • Inject branded signatures into your organisation's outbound emails
  • Populate signature merge fields with current profile data
  • Provide email engagement tracking (opens and clicks)
  • Deliver push notifications about email activity
  • Generate usage reports and calculate billing
  • Diagnose service issues and ensure reliability

5. What We Do With the Information You Share

When you join us, you provide us with your contact information, including your name and email address. We use this information to send you updates about your order, questionnaires to measure your satisfaction with our service, and announcements about new and exciting services that we offer.

We occasionally hire other companies to provide limited services on our behalf. We will only provide those companies the information they need to deliver the service, and they are prohibited from using that information for any other purpose.

TouchBasePro will disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to:

  • Conform to the edicts of the law or comply with legal process served on TouchBasePro or the site;
  • Protect and defend the rights or property of TouchBasePro and its family of products and websites; and
  • Act in urgent circumstances to protect the personal safety of Customers, or the public.

6. Data Storage and Security

All data is stored in Microsoft Azure data centres located in South Africa North. We use:

  • Azure SQL Database with encryption at rest (TDE)
  • TLS 1.2+ for all data in transit
  • Microsoft Entra ID for authentication (no passwords stored)
  • Azure Container Apps with private VNET networking

TouchBasePro has taken strong measures to protect the security of your personal information and to ensure that your choices for its intended use are honoured. We take strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. When you access your personal account information, you're utilizing secure server software SSL, which encrypts your personal information before it's sent over the Internet.

You also have a significant role in protecting your information. No one can see or edit your personal information without knowing your username and password, so do not share these with others. Be sure to choose a strong password that is not easy to guess, and keep it safe.

7. Google Authentication (Where Applicable)

Some TouchBasePro services may allow sign-in using your Google account credentials. When you sign in using your Google account, we collect and process certain information about you, such as your name, email address, and profile picture. We use this information solely for the purpose of providing you with access to our services and improving your user experience.

We do not share your personal information with third parties without your consent, except as required by law, or with your express consent. We take all reasonable measures to safeguard your personal information from unauthorized access, use, and disclosure.

8. Data Sharing

We do not sell, rent, or share your data with third parties, except:

  • Microsoft Azure: Our hosting provider, under Microsoft's privacy commitments
  • Microsoft Graph API: To send processed emails and retrieve user profiles
  • Legal requirements: If required by law or valid legal process

9. Data Retention

  • User profile cache: 1 hour (in-memory only)
  • Processing logs: 90 days
  • Tracking data: 90 days
  • Audit trail: 1 year
  • Billing data: As required by law (typically 5 years)

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access, correct, or delete your personal data
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where applicable)

To exercise these rights, contact privacy@sigdaddy.com.

11. POPIA Compliance (South Africa)

As a South African company, we comply with the Protection of Personal Information Act (POPIA). Our Information Officer can be reached at privacy@sigdaddy.com.

12. Cookies

The SigDaddy marketing website (www.sigdaddy.com) does not use cookies. The SigDaddy customer portal uses essential authentication cookies only — no analytics or advertising cookies.

13. Enforcement

If for some reason you believe TouchBasePro has not adhered to these principles, please notify us by email at privacy@sigdaddy.com, and we will do our best to determine and correct the problem promptly. Be certain the words "Privacy Policy" are in the Subject line.

14. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the SigDaddy portal. The "Last updated" date at the top indicates when the policy was last revised.

15. Contact

TouchBasePro (Pty) Ltd
Trading as SigDaddy
Email: privacy@sigdaddy.com
Website: www.sigdaddy.com
Parent Company: www.touchbasepro.com