Skip to main content

Privacy Policy

Last Updated: April 17, 2026

This Privacy Policy describes how NexergenLabs ("we," "us," or "our") collects, uses, stores, and protects information when you use SignFlow — Adobe Sign for monday.com (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Overview

SignFlow is an integration that connects your monday.com workspace with Adobe Sign, allowing you to send, track, and manage electronic signature agreements directly from monday.com boards. SignFlow acts as a pass-through integration — we facilitate the connection between monday.com and Adobe Sign but do not independently store or process your document content.

2. Information We Collect

2.1 Account & Authentication Information

When you connect SignFlow, we collect and store the following:

  • monday.com user information: User ID, account ID, and email address (obtained via monday.com OAuth2 authorization). Your monday.com email address is encrypted at rest to ensure personally identifiable information (PII) is properly protected.
  • Adobe Sign user information: User ID, email address, and account admin status (obtained via Adobe Sign OAuth2 authorization)
  • OAuth tokens: Access tokens and refresh tokens for both monday.com and Adobe Sign, required to operate the integration on your behalf

2.2 Configuration Data

  • App configuration: Your per-board settings including sync direction preferences (agreement-to-board), column mappings between Adobe Sign form fields and monday.com columns, and template preferences
  • Webhook registrations: Adobe Sign webhook IDs linked to your user account for real-time status synchronization

2.3 Integration Metadata

  • Agreement-to-item linkage: We store metadata that links Adobe Sign agreement IDs to monday.com board items (board ID, item ID, column ID) to enable status synchronization and data mapping
  • Session data: Encrypted session identifiers, expiration timestamps, and XSRF tokens for secure authentication

2.4 Information We Do NOT Collect or Store

  • Document content: PDFs, DOCX files, and other documents are transmitted directly between your browser, monday.com, and Adobe Sign. Documents pass through our servers only temporarily in memory (never written to disk) during transfer operations and are immediately discarded.
  • Payment or billing information: All subscription billing is handled entirely through monday.com's marketplace. We never collect or process payment details.
  • Analytics or tracking data: We do not use third-party analytics, advertising trackers, or tracking pixels.

3. How We Use Your Information

We use the information we collect solely to:

  • Provide the Service: Authenticate your sessions, send agreements on your behalf, synchronize agreement statuses, and map data between monday.com and Adobe Sign
  • Maintain integrations: Keep OAuth connections active by refreshing expired tokens
  • Deliver real-time updates: Process Adobe Sign webhook events to update agreement statuses and form field data in your monday.com boards
  • Enforce plan limits: Check your monday.com marketplace subscription to apply the appropriate feature set (Free, Pro, or Premium)
  • Provide support: Respond to your support requests using your email address

4. Data Storage & Security

4.1 Encryption

All OAuth credentials (monday.com and Adobe Sign tokens) and personally identifiable information such as your monday.com email address are encrypted at rest using AES encryption with dedicated per-service encryption keys. Credentials and PII are never stored in plaintext.

4.2 Session Security

  • Sessions are managed via encrypted JWT tokens stored in secure, HTTP-only cookies
  • XSRF (Cross-Site Request Forgery) tokens are generated per user and validated on every authenticated request
  • monday.com session tokens are verified on each API request to ensure user identity consistency
  • Logged-out sessions are tracked to prevent reuse

4.3 Infrastructure

  • Production data is stored in a PostgreSQL database
  • The Service is hosted on secure cloud infrastructure
  • File uploads are handled in server memory only (maximum 10 MB), never persisted to disk

4.4 Data Retention

  • Account data and credentials are retained for as long as your SignFlow account is active
  • Session data expires automatically and is cleaned up periodically
  • Agreement metadata is retained to maintain the link between Adobe Sign agreements and monday.com items for ongoing synchronization
  • Upon account deletion or disconnection, your stored credentials and configuration data are removed

5. Data Sharing & Third Parties

5.1 Services We Integrate With

SignFlow exchanges data with the following third-party services as part of its core functionality:

ServiceData ExchangedPurpose
Adobe Sign (Adobe)OAuth tokens, agreement data, document files, form field data, webhook eventsCreate, manage, and track electronic signature agreements
monday.comOAuth tokens, board/item/column data, user profile, subscription infoRead and write board data, authenticate users, manage subscriptions

5.2 No Sale of Data

We do not sell, rent, or trade your personal information to any third party.

5.3 No Additional Third-Party Sharing

We do not share your data with any third parties beyond what is strictly necessary to operate the integration (Adobe Sign and monday.com). We do not use third-party advertising, analytics, or data enrichment services.

We may disclose your information if required by law, legal process, or governmental request, or to protect the rights, property, or safety of NexergenLabs, our users, or others.

6. Cookies

SignFlow uses the following cookies, all of which are strictly functional:

CookiePurposeDuration
Session cookieContains an encrypted JWT for user authenticationSession / configurable expiry
XSRF token cookiePrevents cross-site request forgery attacksSession
OAuth state cookieMaintains state during the OAuth2 authorization flowTemporary (authorization flow only)

We do not use cookies for advertising, tracking, or analytics purposes.

7. Your Rights & Choices

7.1 Access & Portability

You may request a copy of the personal data we hold about you by contacting us at the email below.

7.2 Deletion

You may request deletion of your account and all associated data by:

  • Disconnecting your Adobe Sign account within SignFlow settings
  • Uninstalling SignFlow from your monday.com account
  • Contacting us directly at support@nexergenlabs.com

Upon deletion, your encrypted credentials, configuration data, and account information will be permanently removed from our systems.

7.3 Revoke Access

You may revoke SignFlow's access at any time by:

  • Revoking the app's permissions in your monday.com account settings
  • Revoking the app's access in your Adobe Sign account settings

7.4 GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, contact us at support@nexergenlabs.com.

8. Children's Privacy

SignFlow is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

9. International Data Transfers

Your data may be processed and stored in countries outside your country of residence. By using SignFlow, you consent to the transfer of your information to these countries, which may have different data protection laws than your own jurisdiction.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Third-Party Policies

SignFlow integrates with third-party services that have their own privacy policies. We encourage you to review them:

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

NexergenLabs Email: support@nexergenlabs.com Website: https://nexergenlabs.com