Privacy Policy

Effective May 3, 2026

Pakt is operated by Class of NONE LLC, a California limited liability company ("we," "us," or "our"). This policy describes the information Pakt processes when you use the app.

Account Information

You create an account by signing in with Apple or Google. We receive your name, email address, and a unique account identifier from Apple or Google and store them in our database (Google Firebase) so the app can recognize you across devices and sessions. You can sign in without sharing your real email by using Apple's Hide My Email option.

Information You Enter

When you create an NDA, the app processes the information you type:

• The names of the disclosing party and the receiving party
• The stated purpose of the agreement
• The selected jurisdiction (state)
• The categories of confidential information you select
• The agreement start date
• Finger drawn signatures from both parties

Where Your Data Is Stored

Your NDAs are stored in two places:

• Locally on your device, in your browser's built in storage (IndexedDB), so the app works offline
• In our database (Google Firebase Firestore and Firebase Storage), under your account, so you can access your vault from a new device after signing in

The completed NDA document image, the signature images, the verification receipt, and any witness video are uploaded to Firebase Storage under a path scoped to your account.

Witness Recording

If you choose to record a witness video while signing, the app requests permission to use your device's camera. The recording captures video only and never audio. The video is saved to your local Vault and uploaded to Firebase Storage under your account so it travels with the NDA. You can disable witness recording from the Sign step of any agreement.

Identity Verification

The app uses WebAuthn, an open biometric standard, to confirm the identity of the second signing party. Your Face ID, Touch ID, or device passcode is processed entirely by your device's secure hardware. We never receive, store, or have access to your biometric data.

What we receive is a cryptographic confirmation that verification succeeded plus a randomly generated credential identifier created by your device.

Real Time Signing Handshake

For the brief moment when two devices are connecting to verify a signature, a session record is written to Firebase Realtime Database. This record contains the party names, the purpose, a session timestamp, the verifying device's credential identifier, and the verifying device's user agent string.

The session record is deleted from our database within seconds of verification completing, the session being skipped, or the app being closed.

Remote Signing

If you send an NDA to another person to sign remotely, the unsigned document, your signature, and a one time signing token are uploaded to Firebase Storage and Firestore. When the other party signs, their signature and witness video are uploaded to the same location. After both parties have completed the agreement, the signing token is deactivated.

Permissions We Request

• Camera. Used only to record the optional witness video while you are on the Sign step of an NDA.
• Face ID. Used only by the second signing party to confirm their identity for the verification step.
• Photos. Used only when you tap Save to export a signed NDA image or witness video to your Photos library.

You can deny any of these permissions in iOS Settings at any time. The app continues to function without them, with the affected feature unavailable.

Third Parties We Use

• Apple. When you sign in with Apple, Apple receives the request and returns identity information to the app. Subject to Apple's privacy policy.
• Google. When you sign in with Google, Google receives the request and returns identity information to the app. We also use Google Firebase (Firestore, Realtime Database, Storage, and Authentication) as our database and file storage provider. Firebase processes your data on our behalf. Subject to Google's privacy policy.
• Google Fonts. The first time you open the app, your device may load font files from Google's font CDN. This transmits your device's IP address to Google.

We do not use third party analytics, advertising networks, or trackers. We do not sell or share your data with any party other than the providers listed above for the purposes described.

What You Can Delete and How

• A single NDA. Open the NDA in your Vault and tap Delete. This removes both the local copy and the cloud copy.
• All locally cached NDAs. Open the Profile sheet and tap Clear local data. Cloud copies remain.
• Your entire account and every NDA in it. Open the Profile sheet and tap Delete Account. This permanently removes your Firebase Auth account, every NDA stored under your account in Firestore and Firebase Storage, your user profile, and your local data. This action cannot be undone.

Data Retention

Your account and the NDAs in it remain until you delete them using the tools above. Real time handshake session records are deleted automatically within seconds of the session ending.

Children's Privacy

Pakt is intended only for adults 18 years of age or older. We do not knowingly collect information from anyone under 18. If you believe a minor has used this app, contact us and we will delete the related account and data.

California Privacy Rights

If you are a California resident, you have the right to know what personal information we collect, the right to request its deletion, and the right to opt out of any sale of personal information. We do not sell personal information. To exercise these rights, use the in app deletion tools described above or contact us at the email below.

Changes to This Policy

If we update this policy, the revised version will appear in a future app update with a new effective date. Continued use of the app after an update constitutes acceptance of the revised policy.

Governing Law

This privacy policy is governed by the laws of the State of California, United States.

Contact

For privacy questions, data deletion requests, or concerns: