SignalStack
Get Started

Privacy Policy

Last updated: May 1, 2026 v1.0.0

This Privacy Policy explains how SignalStack, Inc. ("SignalStack," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you visit our website, use our API, or interact with our services. We are committed to protecting your privacy and ensuring transparency about our data practices.

1. Information We Collect

1.1 Information You Provide to Us

We collect information you voluntarily provide when you:

  • Create an account: When you sign up for SignalStack, we collect your name, email address, company name, and billing information. Payment processing is handled by Stripe, and we do not store full credit card numbers.
  • Use our API: When you make API requests, we process the data you submit for verification (business identifiers, document content, media files, claims). This data is processed transiently to generate verification results and is stored in accordance with our data retention policy.
  • Contact us: When you reach out to our sales, support, or security teams, we collect your name, email address, company name, and any information you include in your message.
  • Subscribe to communications: When you subscribe to our newsletter, blog, or marketing communications, we collect your email address and communication preferences.

1.2 Information Collected Automatically

When you visit our website or use our API, we automatically collect:

  • Log data: IP address, browser type, operating system, referring URLs, page views, and timestamps.
  • API usage data: Endpoint called, request volume, error rates, response times, and aggregated performance metrics.
  • Device information: Device type, screen resolution, and unique device identifiers.
  • Cookies and similar technologies: We use cookies and similar tracking technologies as described in our Cookie Policy.

1.3 Information from Third Parties

We may collect information about you from third-party sources, including:

  • Authentication providers (e.g., GitHub, Google) when you choose to sign in via OAuth.
  • Payment processors (Stripe) for billing and subscription management.
  • Analytics providers (e.g., Plausible, PostHog) for website and product usage analytics.
  • Public data sources used in our verification process, such as Companies House, SEC EDGAR, and OpenCorporates.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing and maintaining the Service: Processing API requests, generating verification results, managing accounts, and providing customer support.
  • Improving our Service: Analyzing usage patterns to optimize API performance, develop new features, and enhance the security and reliability of our platform.
  • Communication: Sending service-related communications (e.g., billing notices, security alerts, API deprecation notices) and, with your consent, marketing communications.
  • Security and fraud prevention: Monitoring for unauthorized access, detecting abuse, investigating security incidents, and enforcing our Terms of Service and Acceptable Use Policy.
  • Legal compliance: Complying with applicable laws, regulations, and legal processes, and responding to lawful requests from public authorities.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • With your consent: We will share information when you have given us explicit permission to do so.
  • With service providers: We engage trusted third-party service providers who process data on our behalf, including cloud infrastructure providers (AWS, GCP), payment processors (Stripe), analytics providers, and customer support platforms. These providers are contractually bound to process data only as instructed by us and in compliance with applicable privacy laws.
  • For legal reasons: We may disclose information if required to do so by law or in the good-faith belief that such action is necessary to comply with legal obligations, protect our rights or property, prevent fraud, or protect the safety of our users or the public.
  • In the context of a business transaction: If SignalStack is involved in a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice of any change in ownership or use of your information.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. Specifically:

  • Account information: Retained for the duration of your account and for 90 days after account deletion, after which it is permanently deleted or anonymized.
  • API request data: Verification request payloads and results are retained for 30 days to allow for audit and debugging, after which they are permanently deleted. Enterprise customers may configure extended retention periods.
  • Log data: API access logs and audit trails are retained for 12 months for security and compliance purposes.
  • Billing records: Retained for 7 years in compliance with tax and accounting regulations.
  • Marketing communications: Retained until you unsubscribe or request removal.

5. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Right to access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to deletion: Request deletion of your personal data, subject to legal retention obligations.
  • Right to restrict processing: Request restriction of how we process your data.
  • Right to data portability: Request a copy of your data in a structured, machine-readable format.
  • Right to object: Object to the processing of your data for direct marketing purposes or on grounds relating to your particular situation.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at privacy@signal-stack-ten.vercel.app. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and provide essential functionality. For detailed information about the cookies we use and your choices, please see our Cookie Policy.

7. Data Security

We implement industry-standard security measures to protect your information, including encryption at rest (AES-256) and in transit (TLS 1.3), access controls, and regular security audits. However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but will notify you of any data breach affecting your information in accordance with applicable laws.

8. International Data Transfers

SignalStack is headquartered in the United States and primarily operates data centers in the US, EU (Frankfurt), and APAC (Sydney). If you are located outside these regions, your information may be transferred to and processed in countries where our servers are located. We ensure appropriate safeguards are in place for international data transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you believe we have collected information from a child, please contact us at privacy@signal-stack-ten.vercel.app.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes via email and/or a prominent notice on our website. Your continued use of the Service after the effective date of the updated policy constitutes your acceptance of the changes.

11. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: privacy@signal-stack-ten.vercel.app
  • Security inquiries: security@signal-stack-ten.vercel.app
  • Data Protection Officer: dpo@signal-stack-ten.vercel.app

SignalStack, Inc.
548 Market St, Suite 98989
San Francisco, CA 94104
United States