Compliance
License
Section titled “License”TheTerms is released under the GNU Affero General Public License v3.0 (AGPL-3.0). Key implications:
- You may use, modify, and distribute TheTerms freely
- If you run a modified version as a network service, you must make your modifications available under AGPL-3.0
- The full license is available at github.com/ashwineaso/theterms/blob/main/LICENSE
Audit Trail
Section titled “Audit Trail”Every signing event is recorded with an immutable audit trail:
| Field | What is recorded |
|---|---|
| Timestamp | UTC time of the signing submission |
| IP address | The signer’s IP address at the time of signing |
| User agent | The browser/client user agent string |
| Signer decisions | Per-clause accept/reject for each clause |
| Document version | The exact version that was signed |
The audit trail cannot be modified after creation.
Data Handling
Section titled “Data Handling”What data is stored
Section titled “What data is stored”- User accounts: email address, hashed password (bcrypt), display name
- Organisation data: containers, documents, clauses (your content)
- Signing records: signer email, IP address, user agent, timestamp, clause decisions
- Team data: members, roles, invitation records
Data residency
Section titled “Data residency”Self-hosted deployments store all data on your own infrastructure. No data leaves your server. This makes TheTerms suitable for organisations with strict data residency requirements.
Cloud-hosted deployments (app.theterms.app) store data in the hosting provider’s infrastructure.
GDPR Considerations
Section titled “GDPR Considerations”For organisations processing EU personal data:
Right of access: User account data is available to the user in their profile settings.
Right to erasure: Users can delete their account from account settings. Organisation administrators can remove member accounts. Signing records associated with deleted accounts retain an anonymised record for audit integrity.
Data portability: Signing records and audit trails are accessible through the application interface.
Self-hosting for control: Running TheTerms on your own infrastructure gives you full control over data storage, processing, and retention policies.