NDA LORDHOME

LEGAL

Privacy Policy

We are built on a local-first, zero-knowledge architecture. This policy explains the minimal data we collect when you use our electronic signature flow, and how we handle it.

LAST UPDATED4 MAY 2026
LOCAL-FIRST · ZERO KNOWLEDGE

Last Updated: 4 May 2026
Data Controller: Quorum IO Ltd, 33 Colles Rd, London, N15 4NR, England

1. Our "Zero-Knowledge" Privacy Promise

NDA Lord is built on a local-first architecture. We do not read, transmit, or store the text, terms, or sensitive confidential information contained within the NDAs you generate. Document rendering happens entirely on your local device.

2. Information We Collect

To provide our execution and audit-trail features, we collect only the metadata strictly necessary when you choose to use our electronic signature flow:

  • Signatory Data — Names, titles, and email addresses entered into the execution flow.
  • Audit Metadata — Cryptographic document hashes (SHA-256), timestamps of execution, and the IP addresses of the devices used during signing or dispute.
  • Device Fingerprints — Anonymous device identifiers used solely to prevent abuse of the platform (e.g. stopping spam disputes).

If you use the Print / Download function without our electronic signature flow, we do not collect any signatory data or document hashes.

3. How We Use Your Information

We use the collected metadata solely to:

  • Dispatch the executed PDF and audit hash to the relevant parties via email.
  • Maintain a Dispute Ledger to allow parties to flag unauthorised signatures.
  • Validate the integrity of a document hash if queried by a user's local client.
  • Prevent fraud, spam, and abuse of our platform infrastructure.

4. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties. We share data only with trusted service providers — such as secure email-dispatch services (e.g. SendGrid / AWS SES) — strictly as necessary to deliver the email audit trails to your signatories.

5. Data Retention

We retain signatory emails, IP addresses, and document hashes only for as long as necessary to maintain the integrity of the audit trail and Dispute Ledger. If an email address is flagged for repeated abusive disputes, it may be permanently blocklisted in our system to protect our users.

6. Your Rights (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), you have the right to:

  • Access the personal data we hold about you.
  • Request deletion of your email address from our active mailing systems.
  • Request correction of inaccurate data.

To exercise these rights, or if you have any questions about this Privacy Policy, please contact us at compliance@quorum.ltd.

PRIVACY ENQUIRIES

To exercise your UK GDPR rights or ask about how we handle your data, contact our compliance team.

compliance@quorum.ltd