Kovasign Connector — Privacy & Data Handling
Last Updated: July 3, 2026
This page describes how the Kovasign connector — an optional integration that lets you use Kovasign from an AI assistant such as Anthropic's Claude — collects, uses, stores, and shares your information. It supplements our Privacy Policy, which continues to apply in full. Kovasign is a product of Low Latency Labs, the trading name of Quantum Infinity Pte. Ltd. (Singapore), the data controller for the processing described here.
1. What the connector is
The Kovasign connector is a first-party integration: it is built, hosted, and operated by Kovasign itself, and it talks directly to Kovasign's own API — no intermediary or data broker sits between your AI assistant and Kovasign. It uses the open Model Context Protocol (MCP), so an AI assistant you already use (for example Claude, on claude.ai or in Claude's apps) can act on your Kovasign account on your behalf and only with your permission: listing and checking documents, preparing signature requests, sending documents for signature, and signing your own signature fields.
The connector is strictly opt-in. Nothing described on this page happens unless you personally connect Kovasign to your AI assistant and approve the connection on Kovasign's consent screen.
2. Authorization and consent (data collection)
The connector authenticates with OAuth 2.1. When you connect, you are sent to Kovasign's own consent screen, where you sign in to your existing Kovasign account and see exactly which permissions ("scopes") the assistant is requesting and which workspace the connection will act in. The available scopes are deliberately narrow:
esign:read— list your documents and templates, check signing status, and read audit trails and signing certificates you already have access toesign:send— create signable drafts, add recipients, send documents for signature, send reminders, and recall sent documentsesign:sign_self— sign your own signature fields. The connector can never sign on behalf of anyone else
A cautious user can grant read-only access. When new connector capabilities launch, existing connections do not silently gain them — you are asked to re-consent before any new permission takes effect.
On authorization, Kovasign records: your account identity, the workspace the connection acts in, the granted scopes, the connecting client, and — for each connector request — the request IP address and time of use. This is the same category of security metadata we collect for ordinary website sessions.
3. How your data is used and stored
- Same data, same place. The connector reads and writes the same document, template, recipient, and signature data as the Kovasign website, stored in the same database (Supabase Postgres) under the same per-user and per-workspace access controls (Postgres Row Level Security). Connecting an assistant does not copy your data anywhere new and does not widen what your account can see — the connector can never access more than your own account already can.
- Access tokens are stored only as cryptographic hashes (Argon2 with a SHA-256 lookup digest). Kovasign cannot read a token back out of its database. Access tokens expire after 1 hour; refresh tokens rotate on every use, expire after 30 days, and replayed (stolen-then-reused) tokens trigger automatic revocation of the affected connection.
- Every connector action is audited. Actions performed through the connector are recorded in the document's tamper-evident audit trail, marked as performed via the connector channel, including the in-conversation confirmations you give before a document is sent or signed. Signature validity and legal effect are identical to signing on the website — the same signing engine performs both.
- No model training. Kovasign does not use your documents or connector activity to train artificial-intelligence or machine-learning models.
4. What your AI assistant sees (third-party sharing)
When you use the connector, the results of the actions you ask for — for example a document list, a signing status, an audit trail, or a preview link — are returned to the AI assistant you connected and become part of your conversation with it. Equally, content you draft in that conversation (for example the text of an NDA) is sent to Kovasign when you ask the assistant to create a document from it.
Your AI assistant is your chosen agent, not Kovasign's sub-processor. The assistant provider's own privacy policy governs how it handles your conversation, including connector results inside it (for Claude, see Anthropic's Privacy Policy). Kovasign shares data with the assistant only in direct response to requests you make in your conversation, scoped to the permissions you granted.
The connector introduces no new third parties beyond your chosen assistant. Document recipients, and — only if you choose Singpass signing — the Singpass service, receive data exactly as described in our main Privacy Policy. We do not sell your personal information.
5. Safeguards for binding actions
Sending a document for signature and signing a document are legally significant. The connector therefore requires an explicit, recorded confirmation from you in the conversation before a document is sent and before your signature is applied — the assistant must show you a preview and obtain your go-ahead, and that confirmation is stored in the audit trail. Signing someone else's field through the connector is impossible by design.
6. Retention and revocation
- Connection tokens are retained until they expire (30 days at most without use) or until you revoke them, whichever comes first. Revoked and expired token records are security metadata and are retained per our standard log-retention practice.
- Documents, signatures, and audit trails created through the connector follow the same retention rules as documents created on the website (see the main Privacy Policy): retained for the lifetime of the document so signatures remain verifiable and evidential.
- You can disconnect at any time. Revoke the connector in Kovasign under Settings → Connected apps (this immediately invalidates the connection's tokens server-side), and/or remove the connector in your assistant's settings (for Claude: Settings → Connectors). Disconnecting does not delete documents you already created or signed — those remain in your Kovasign account under your control.
7. Data we do NOT collect through the connector
- We do not receive or store your conversation with your assistant — only the specific tool requests the assistant sends to Kovasign on your behalf
- We do not receive your assistant account credentials, and your assistant never receives your Kovasign password
- We do not collect health data, advertising identifiers, or sponsored content through the connector
8. Changes to this page
We may update this page as the connector evolves. Changes will be posted here with an updated revision date; material changes will be additionally notified as appropriate.
9. Contact
Questions about the connector's privacy or data handling: [email protected]. You can exercise all rights described in our Privacy Policy (access, correction, deletion, portability, objection, consent withdrawal) for connector data in the same way.