U.S. Federal-First-Focused
Support@UXstorm.com
9701 New Church Street Suite A; Damascus MD 20872

Privacy Policy

UXstorm® Secure Signing

This Privacy Policy explains what information UXstorm® Secure Signing processes, how it is used, and with whom it is shared. This policy applies to the UXstorm® Secure Signing browser extension and its associated native helper applications.

Effective Date: June 2, 2026
Chrome Web Store privacy statement
Policy page loaded.
Contact Privacy

Secure Signing Trust Boundary

Data flows only as shown below. The browser extension stays thin. Protected operations are performed by the local native helper after validation.

Browser Extension Collects current page URL, ServiceNow® session cookies, and CSRF token transiently. Native Helper Validates authorization, then lists certificates and signs requested digests. ServiceNow® ServiceNow® Validation Validates the user session and returns a pre-signed PDFsuite license blob. Local Certificate Store Certificates and private keys remain on the user's device or cryptographic provider.
1

Information We Process

UXstorm® Secure Signing may process the following information when you use the extension or native helper:

  • The current web page URL, used to confirm that the signing request comes from an authorized ServiceNow® page.
  • ServiceNow® session information, including session cookies and CSRF tokens, used only to validate the request with your organization's ServiceNow® instance.
  • Signing request details, such as the digest to be signed, requested signing algorithm, request identifier, and related workflow context.
  • Certificate metadata, such as certificate subject, issuer, serial number, validity dates, and thumbprint, so you or your organization can identify an available signing certificate.
  • Basic technical information needed to operate the native helper, such as application version and validation status.
The browser extension does not provide certificate-selection UI, popup UI, license-management UI, or durable license-validation caching.
2

How We Use Information

UXstorm® Secure Signing uses the information above only to:

  • Validate that a signing request is authorized by your organization's ServiceNow® instance.
  • Confirm that the current page is allowed to request secure signing.
  • Communicate with the local native helper application.
  • Allow the native helper to validate licensing before protected operations.
  • List available signing certificates after authorization.
  • Sign document digests using an approved local certificate after authorization.

The browser extension itself does not directly call UXstorm® or PDFsuite license validation services. It does not directly call ServiceNow® license REST APIs. License validation is handled by the native helper through your organization's ServiceNow® instance.

3

Information Sharing

UXstorm® Secure Signing may share limited information with the following parties as necessary to provide the secure signing function:

  • Your organization's ServiceNow® instance, which receives the current URL, ServiceNow® session context, and validation request so it can authorize the operation.
  • The local native helper application installed on your device, which receives signing requests, validates authorization, lists certificates, and performs signing.
  • Your operating system certificate store, smart card, token, or cryptographic provider, which may be accessed by the native helper to list certificates or perform signing.
No sale of user data

UXstorm® does not sell user data from this extension.

No advertising use

UXstorm® does not use extension data for advertising, profiling, or unrelated analytics.

No direct license REST calls

The extension does not call ServiceNow® PDFsuite license endpoints directly.

4

Data Storage and Retention

The browser extension does not maintain durable license-validation state and does not store ServiceNow® session cookies, CSRF tokens, license keys, private keys, or signing certificate private material.

ServiceNow® session information is used transiently to validate the signing request. Signing certificate private keys remain under the control of the operating system certificate store, smart card, token, or cryptographic provider configured on the user's device.

Your organization's ServiceNow® instance may retain audit records, workflow records, or transaction logs according to your organization's own retention policies.

5

Private Keys and Certificates

UXstorm® Secure Signing does not collect, transmit, or store private keys.

Private key operations are performed locally through the native helper and the operating system, certificate store, smart card, token, or cryptographic provider. Only the requested digest is signed. Private key material is not exposed to the browser extension.

6

Security

UXstorm® Secure Signing is designed so that protected operations require validation before certificates are listed or digests are signed. Validation requests are sent to the authorized ServiceNow® instance using HTTPS, except for localhost development scenarios.

The app is designed to keep the browser extension thin and to perform protected operations through the native helper. The native helper validates the ServiceNow® proof and PDFsuite license before list-certificate or sign-digest operations.

ServiceNow® does not store a private validation key for this flow. It returns the existing pre-signed PDFsuite license blob for native helper validation.
7

Children's Privacy

UXstorm® Secure Signing is intended for business, government, and enterprise use. It is not directed to children and does not knowingly collect information from children.

8

Changes to This Policy

UXstorm® may update this Privacy Policy from time to time. Updates will be posted at the location provided in the Chrome Web Store Developer Dashboard or other distribution listings for UXstorm® Secure Signing.

9

Contact

If you have questions about this Privacy Policy or how UXstorm® Secure Signing handles information, contact UXstorm®:

Support@UXstorm.comEmail
9701 New Church Street Suite A; Damascus MD 20872Mailing address