Privacy Policy — sign.cosmeticsgrowth.com

NOT LEGAL ADVICE. This policy describes how the contract signing site at sign.cosmeticsgrowth.com collects and uses information. It is not legal advice. It is not the privacy policy for any dental practice that is a client or prospective client of Cosmetics Growth; that practice's own privacy policy governs how the practice handles patient information.

Last revised: May 2, 2026 Operator: Dental Growth AI LLC, doing business as Cosmetics Growth, 13808 SE 42nd St, Bellevue, WA 98006 Contact: dan@cosmeticsgrowth.com


What this policy covers

This policy covers sign.cosmeticsgrowth.com, the site Cosmetics Growth uses to send, sign, and store its Client Services Agreement and Business Associate Agreement. It covers only the signing system itself. The Cosmetics Growth marketing site, our advertising operations, and any client's own customer-facing data practices are outside the scope of this policy.

What we collect

When you receive, view, or sign a contract on this site, we collect:

  • Identity and contact information you supply: signer name, signer title, signer email address, and the practice legal name and address that Cosmetics Growth pre-filled on the Agreement.
  • Knowledge-based-authentication inputs: the EIN, practice phone number, and practice city you enter in the identity verification step. These values are hashed locally and compared to information Cosmetics Growth already has on file. We do not store the plaintext values you type.
  • Signature image: the image you draw on the signing pad, captured as a PNG.
  • Browser-reported time zone at the moment you sign, captured via the standard Intl browser API.
  • Network and device metadata: the IP address used to view and sign the contract, the user agent string reported by your browser, and the timestamps of every view, sign, and countersign event tied to your signing link.

We do not use cookies for advertising, marketing, or cross-site tracking. We use only the strictly necessary session cookie required to keep you signed in to the admin surface (which a signer never sees).

Why we collect it (legal basis)

We collect each item above for a single purpose: to execute a legal contract between you and Cosmetics Growth and to produce the audit trail required under the federal Electronic Signatures in Global and National Commerce Act (ESIGN), the Washington Electronic Authentication Act, and the Uniform Electronic Transactions Act (UETA).

Under the California Consumer Privacy Act, our basis for collection is "performance of a contract" (Cal. Civ. Code § 1798.140(o)). We do not use any of the data above for advertising, profiling, or any purpose other than executing the Agreement and meeting our recordkeeping obligations.

How long we keep it

We mirror the retention of the executed contract itself. The signed Agreement, the audit trail, the audit certificate, the signature image, and all metadata listed above are retained for as long as we retain the underlying contract, and in no case for less than seven (7) years after the contract terminates. This retention period reflects the recordkeeping obligation Cosmetics Growth has under federal and Washington state record-retention rules.

Your rights

You may exercise the rights below by emailing dan@cosmeticsgrowth.com from the address on file:

  • Right to access. You may request a copy of the personal information associated with your signing record.
  • Right to portability. You may request the same information in a machine-readable format.
  • Right to deletion (with limits). You may request deletion of personal information collected by this site. Executed contracts cannot be wholesale deleted while we are under a recordkeeping obligation. What we can delete on request: the email address used for future communications (replaced with a "do not contact" flag), the signature image preview cached for the convenience of resending an executed copy, and any draft contract that was never executed. What we cannot delete on request: the executed Agreement, the audit trail, the audit certificate, and the signature image embedded in the executed PDF, all of which are required records.
  • Right to correction. You may request correction of an inaccurate email address or contact field.

We will respond to a verifiable request within forty-five (45) days. We may need to verify your identity before acting; the verification process for a signing record is the same knowledge-based-authentication used at signing.

What we do not do

  • We do not sell personal information.
  • We do not share personal information with third parties for advertising or marketing.
  • We do not allow third parties to set tracking cookies, pixels, or similar technology on this site.
  • We do not transfer personal information outside the United States except to the sub-processors listed below.

Sub-processors

We use the following sub-processors strictly to operate the signing system:

  • Resend — transactional email delivery for sign-request and executed-copy emails.
  • Neon — managed Postgres database hosting for the contract record, audit log, and signature image.
  • Vercel — application hosting and edge delivery for sign.cosmeticsgrowth.com.
  • FreeTSA — RFC 3161 time-stamping authority used to externally anchor the executed PDF and audit chain.
  • DigiCert — second, independent RFC 3161 time-stamping authority used redundantly with FreeTSA.

Each sub-processor receives only the minimum information required to perform its function. None of them is authorized to use the data for any other purpose.

Security

We protect personal information using TLS in transit, encrypted storage at rest on Neon, append-only audit logging with a per-row hash chain, and database-level revocation of update and delete privileges on the audit log for the application role. These controls are described in greater detail at https://sign.cosmeticsgrowth.com/legal/e-sign-consent.

Children

This site is intended for use by authorized adult signers of business contracts. We do not knowingly collect personal information from anyone under the age of 18.

Changes to this policy

If we materially change this policy, we will update the date at the top of this page and email signers of active contracts at the address on file before the change takes effect.

Contact

For any privacy question, request, or concern, email dan@cosmeticsgrowth.com.