Privacy policy

Who this policy covers

This policy applies to Signalbat's website, app, public demo, and related support or billing interactions. Signalbat is operated by Soon. In this policy, "Signalbat", "we", "us", and "our" refer to the Signalbat service and its operator.

If you use Signalbat through an organization, that organization controls the brand, account, team, and customer-context data it adds to the service. We process that data to provide Signalbat to the organization.

Information we collect

• Account and identity information, such as name, email address, avatar, authentication identifiers, organization membership, role, invitation status, and last activity.
• Brand and market information, such as company name, domain, positioning, audience, geography, competitor/watchlist names, brand pages, page notes, customer voice quotes, category prompts, source URLs, community result snippets, and daily Reading artifacts.
• Public demo information, such as the submitted domain, inferred brand/category, demo result, optional email capture, user agent, and a hashed network identifier used for rate limiting.
• Billing information needed to manage subscriptions, such as Stripe customer, subscription, checkout, price, payment status, and billing metadata. We do not store full payment card numbers.
• Operational and security information, such as session records, IP address where available, user agent, audit events, webhook payloads, request IDs, provider/model usage, estimated costs, errors, and logs.
• Contact information you send through forms or support messages.

How we use information

• Provide, secure, and maintain the Signalbat app, sessions, team access, billing, public demo, and daily Reading pipeline.
• Generate brand, field, market, and reading views about AI answers, search/source evidence, competitor movement, public website content, and buyer/community language.
• Authenticate users, sync organization membership, process invitations, and revoke sessions when required.
• Manage subscriptions, payment status, invoices, and account lifecycle through Stripe.
• Prevent abuse, rate-limit demo runs, debug problems, monitor cost and reliability, and keep audit trails.
• Communicate about product access, support, billing, security, and important service changes.

AI, search, and public sources

Signalbat sends prompts, public brand/category context, public source evidence, and relevant account-provided context to AI and search providers when needed to produce or refresh Readings and related intelligence. Depending on configuration, these providers may include OpenAI, Perplexity, Brave Search, and similar services.

Signalbat is designed to monitor public answer, source, website, and community surfaces. Do not add sensitive personal data, confidential customer data, or regulated data unless your agreement with Signalbat expressly allows it.

Cookies and sessions

Signalbat uses essential cookies and similar technologies to keep you signed in, route authentication, secure sessions, and operate the app. The main app session cookie is used for authentication and may last up to 30 days for WorkOS-backed sessions unless revoked or expired earlier.

The current product does not require an advertising tracking script to use Signalbat. If we add non-essential analytics or marketing cookies, we will update this policy or the cookie notice as appropriate.

Service providers

We use trusted providers to run Signalbat, including Cloudflare for hosting, Worker runtime, D1 database, and email infrastructure; WorkOS for authentication and organization membership; Stripe for checkout, subscriptions, and billing webhooks; and AI/search providers for monitoring and synthesis.

These providers process information only as needed to provide their services to us, subject to their own security and data-processing terms.

Sharing

We do not sell personal information. We share information with service providers, within your organization account, when you direct us to do so, when required by law, to protect Signalbat or others, or as part of a merger, acquisition, financing, or similar business transaction.

Retention

We keep information for as long as needed to provide Signalbat, comply with legal and billing obligations, resolve disputes, maintain security, and preserve the product's evidence history. Some operational logs, webhook records, billing records, audit events, and generated Readings may be retained after account access changes where necessary for those purposes.

You can ask us to delete or export account data. We may need to verify your authority for the relevant organization before acting on the request.

Your choices and rights

Depending on where you live, you may have rights to access, correct, export, delete, restrict, or object to processing of personal information. You may also have the right to complain to a data protection authority.

To make a privacy request, contact us at privacy@signalbat.com or through the Signalbat contact page. If your account is managed by an organization, we may refer your request to that organization.

Security

We use technical and organizational measures designed to protect Signalbat, including hashed session tokens, secure session cookies, scoped account access, webhook signature verification, audit records, and provider budget controls. No internet service is perfectly secure, so please use strong account security and tell us promptly if you suspect unauthorized access.

International processing

Signalbat is made in Europe and uses providers that may process information in multiple countries. Where required, we rely on appropriate safeguards for international transfers.

Changes

We may update this policy as Signalbat changes. If a change is material, we will take reasonable steps to notify users or account owners. The effective date above shows when this version applies.