Skip to content

Legal

Privacy Policy

How SignalSuite collects, uses, and protects data, written for our invite-only pilot, in plain language.

Last updated: Pilot release

This policy explains how SignalSuite (“SignalSuite”, “we”, “us”) handles information during our pilot. SignalSuite is a workforce-intelligence platform that turns anonymous workplace signals into patterns leaders can act on. We have written this to match how the product actually works, not as boilerplate.

1. Scope

This policy applies to the SignalSuite marketing site and the invite-only pilot of our products, including HireSignal. It covers two broad groups: the customers and authorized users who administer a workspace, and the respondents who submit anonymous signals through it. Where our handling differs for those groups, we say so.

2. What we collect

We collect only what a given interaction needs:

  • Account information for authorized users (such as name, work email, and workspace role) so we can authenticate access and administer the service.
  • Workspace configuration you provide, such as the diagnostics, questions, and settings you set up.
  • Signal responses submitted by respondents. These are designed to be anonymous and are stored without identifiers that link an answer to a specific person (see section 3).
  • Operational and technical data needed to run and secure the service, such as authentication events and basic logs. We practice data minimization throughout.

3. Anonymous responses & no PII

Anonymity is enforced in the data model, not offered as a setting. Signal responses are stored without identity foreign keys, so there is no join that maps a response back to the individual who gave it. Results are computed and shown as aggregate patterns, and privacy thresholds (k-anonymity) withhold a result until a group is large enough that an individual cannot be re-identified from it.

Because responses are decoupled from identity at collection, we generally cannot connect an anonymous response to a named person, and neither can the customer operating the workspace.

4. How we use data

We use information to:

  • provide, operate, and secure the platform and its products;
  • compute aggregate signals, scores, and trends for a workspace;
  • authenticate users and administer roles, invitations, and access;
  • communicate about the pilot, including service and support messages;
  • maintain reliability and detect or prevent abuse and security issues.

We do not sell personal information, and we do not use anonymous signal responses to identify individuals.

Where data protection law (such as the GDPR) applies, we rely on the following bases, depending on the activity: performance of a contract (to provide the service to a customer), legitimate interests (to operate, secure, and improve the platform in ways that do not override individual rights), consent (where we ask for it), and compliance with legal obligations. For respondents, our design intent is that signal responses are anonymized and fall outside the scope of personal data wherever possible.

6. Retention

We keep account and workspace data for as long as a workspace is active and as needed to provide the service, then for a limited period afterward to meet legal, security, and operational requirements. Aggregate and anonymized signal data may be retained to preserve the integrity of historical trends, since it does not identify individuals. When data is no longer needed, we delete or further anonymize it.

7. Sharing & subprocessors

We do not sell your data. We share information only as needed to run the service: with service providers (subprocessors) that host and support the platform under contract, when required by law, and in connection with a corporate transaction where the receiving party is bound by terms consistent with this policy.

SignalSuite is built on infrastructure including Supabase/Postgres and Next.js. A current subprocessor list and our Data Processing Agreement (DPA) are available on request. See Contact.

8. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. To exercise a right, contact us using the details below; if you reached us through a customer’s workspace, we may direct your request to that customer as the controller. Note that because anonymous signal responses are not linked to your identity, we may be unable to locate or return a specific response.

9. Security

Security is built into the data model. Postgres Row-Level Security isolates every workspace on every table, access is granted on a least-privilege basis, and we are committed to encrypting data in transit and at rest. You can read more on our Security & Compliance page, including what is shipped today and what is on our roadmap.

10. Children

SignalSuite is a workplace tool intended for organizations and their authorized users. It is not directed to children, and we do not knowingly collect personal information from anyone under the age of 16.

11. Changes

This is our pilot policy. As SignalSuite reaches general availability, we will publish a fuller policy and date and version it. If we make a material change, we will take reasonable steps to let affected users know.

12. Contact

Questions, requests, or a copy of our DPA and subprocessor list? Email us at hello@signalsuite.com and a person will respond.

This pilot Privacy Policy describes our current practices for an early-stage, invite-only release. It is not legal advice, and a full general-availability policy will follow.

Privacy you can read and verify

Anonymous by design, isolated by the database, and documented in plain language. See how it works.