Security & Privacy

YOUR DATA.
YOUR CONTROL.

Signal Engine was built from day one with a simple rule: your customer data is yours. We don't sell it, we don't share it, and we give you full control over what's collected and how long it's kept.

✓GDPR Compliant

✓CCPA Compliant

✓No Data Selling

🔒TLS 1.3 Encryption

🛡SOC 2 Type II (In Progress)

🌐Browser-First Architecture

Architecture

Built different
from the ground up.

Most SaaS platforms store your customer data on their servers. Signal Engine takes a different approach — AI processing happens directly from your browser to Anthropic's API. We never see your customer data.

🌐
Browser-First Processing
AI analysis runs directly from your browser to Anthropic's API using your own API key. Signal Engine's servers are never in the data path for AI queries.

🔑

You Own the API Key

You bring your own Anthropic API key. This means you have full visibility into AI usage via the Anthropic console — and you're never paying a markup on queries.

💾

Minimal Server Storage

We only store what's necessary for your account: email, plan, and session data. Customer intelligence data stays in your browser's local storage by default.

How data flows

Your customer data never touches Signal Engine's servers during AI analysis.

🖥

Your Browser

Data stays local

→

🤖

Anthropic API

Direct connection

→

📊

AI Results

Returned to you

Signal Engine servers handle authentication and billing only — never AI query content

Security Measures

Enterprise-grade security
at SMB pricing.

Every layer of Signal Engine is designed to protect your data and your customers' data.

🔐

TLS 1.3 Encryption

All data in transit is encrypted with TLS 1.3 — the latest and strongest transport layer security standard.

🏦

Supabase Infrastructure

Account data is stored in Supabase — SOC 2 Type II certified infrastructure with row-level security and encrypted storage at rest.

💳

Stripe for Payments

We never store credit card data. All payment processing is handled by Stripe — PCI DSS Level 1 certified, the highest level of payment security.

🔏

Hashed Passwords

Passwords are hashed with bcrypt before storage. Even in the event of a breach, your password cannot be recovered from our database.

⏱

Session Expiry

Sessions expire automatically after inactivity. JWT tokens are rotated on each request and cannot be reused after logout.

📋

Audit Logging

All account access and data changes are logged with timestamps. You can request your full audit log at any time via support.

Compliance

What we comply with
and how.

Plain language. No legal jargon. Here's exactly what each regulation requires and how Signal Engine addresses it.

Regulation	Requirement	How Signal Engine Complies	Status
GDPR	Lawful basis for processing personal data	Processing is based on contract performance and legitimate interest. Users are informed at signup.	✓ Compliant
GDPR	Right to access personal data	Users can request a full export of their account data at any time via [email protected].	✓ Compliant
GDPR	Right to erasure ("right to be forgotten")	Account deletion removes all stored data within 30 days. Supabase row-level deletion is immediate.	✓ Compliant
GDPR	Data breach notification within 72 hours	Incident response procedure in place. Affected users and supervisory authorities notified within 72 hours.	✓ Compliant
CCPA	Right to know what data is collected	Full data inventory disclosed in our Privacy Policy. We collect: email, billing info, and usage analytics.	✓ Compliant
CCPA	Right to opt out of data selling	We do not sell personal data. Ever. No "Do Not Sell" opt-out needed because there's nothing to opt out of.	✓ Compliant
CCPA	Right to delete personal information	Account deletion available from Settings → Account → Delete Account. Data removed within 30 days.	✓ Compliant
CAN-SPAM	Opt-out mechanism for marketing emails	Every marketing email includes a one-click unsubscribe. Opt-outs are honored within 10 business days.	✓ Compliant
TCPA	Explicit consent for SMS marketing	SMS opt-in is explicit at signup. Users can text STOP at any time. Records of consent are maintained.	✓ Compliant
SOC 2 Type II	Third-party security audit	Audit in progress. Expected completion Q3 2026. Supabase infrastructure is already SOC 2 Type II certified.	⏳ In Progress

Your Rights

What you can always do.

These aren't buried in a 40-page privacy policy. These are your rights, plain and simple.

📥

Export your data anytime

Request a full export of all data Signal Engine holds about you. Delivered within 30 days, usually faster. Email [email protected].

🗑

Delete your account completely

Go to Settings → Account → Delete Account. All data is permanently removed within 30 days. No recovery, no retention.

✋

Opt out of analytics

Disable usage analytics from Settings → Privacy. We use Microsoft Clarity and Google Analytics — both can be disabled without affecting platform functionality.

📧

Unsubscribe from emails instantly

Every email has a one-click unsubscribe. You can also manage email preferences from Settings → Notifications at any time.

💬

Opt out of SMS

Text STOP to any Signal Engine SMS number at any time. Opt-out is immediate and permanent until you re-subscribe.

🔍

Request a data audit

Ask us exactly what data we hold, where it's stored, who has access, and how long we keep it. We'll respond within 30 days.

Common Questions

Privacy FAQ.

Do you sell my customer data? +

No. Never. Signal Engine does not sell, share, rent, or trade personal data with any third party for commercial purposes. Your customer data is yours. Full stop.

Does Signal Engine store my customers' data on your servers? +

Not during AI analysis. Signal Engine uses a browser-first architecture — AI queries go directly from your browser to Anthropic's API using your own API key. Signal Engine's servers are not in the data path. We store your account info (email, plan, billing) but not your customer intelligence data.

What data does Signal Engine collect about me? +

We collect: your email address, billing information (processed by Stripe — we never see card numbers), plan and usage data, and anonymized product analytics (page views, feature usage). We do not collect the content of your AI queries or your customer data.

Is Signal Engine compliant with GDPR? +

Yes. Signal Engine complies with GDPR requirements including lawful basis for processing, data subject rights (access, erasure, portability), breach notification procedures, and privacy by design principles. EU users can exercise their rights by contacting [email protected].

Is Signal Engine compliant with CCPA? +

Yes. We comply with California Consumer Privacy Act requirements. Since we do not sell personal data, the "Do Not Sell" provision doesn't apply — but California residents have all other CCPA rights including the right to know, right to delete, and right to non-discrimination.

What happens to my data if I cancel? +

You can export your data before cancelling. After account deletion, all personal data is permanently removed from our systems within 30 days. Billing records required for legal/tax purposes may be retained for up to 7 years per accounting regulations, but these contain no customer intelligence data.

Who has access to my account data? +

Access to account data is restricted to Signal Engine employees who need it to provide support. All access is logged and auditable. We do not allow third-party access to your data except as required by law or as explicitly authorized by you (e.g., CRM integrations you configure).

What happens if there's a data breach? +

We maintain an incident response procedure. In the event of a breach affecting personal data, we notify affected users and relevant supervisory authorities within 72 hours as required by GDPR. We will be specific about what was affected, what we're doing about it, and what you should do.

PRIVACY BY DEFAULT.
TRUST BY DESIGN.

Questions about our data practices? Email [email protected] — we respond within 2 business days.

Start Free Trial → Contact Privacy Team

YOUR DATA.YOUR CONTROL.

Built differentfrom the ground up.