Privacy Policy

Data controller

SIGNL LTD ("SIGNL", "we", "us") is the data controller for personal data collected through this website and our related services. This policy explains what we collect, why, and what rights you have.

What we collect

We collect different data depending on how you interact with us:

• Email subscribers: your email address, submitted when you sign up to download content or receive updates.
• Service enquiries: your name, email address, company name, and any other details you provide when you contact us about our services.
• Website visitors: basic analytics data (pages viewed, referring site, country). We do not use tracking cookies or third-party advertising pixels.

Why we collect it and our lawful basis

Consent (Article 6(1)(a) UK GDPR) — we send marketing emails (content updates, briefings, and occasional information about SIGNL services) only where you have given explicit consent by ticking the consent checkbox on our sign-up forms. You can withdraw consent at any time by clicking the unsubscribe link in any email or contacting us directly.

Legitimate interest (Article 6(1)(f) UK GDPR) — we process service enquiry data to respond to your request and manage the client relationship. We have assessed that this processing is necessary for our business and does not override your rights.

Legal obligation (Article 6(1)(c) UK GDPR) — we may retain certain data where required by law, for example financial records for tax compliance.

Who processes your data

We use a small number of third-party processors to deliver our services:

• Kit (formerly ConvertKit) — email marketing platform. Stores subscriber email addresses and sends emails on our behalf. Kit is a US-based company.
• Netlify — website hosting. Serves this website and processes basic server logs.
• Notion — internal CRM. Stores contact and service enquiry data for our own use only.

We do not sell your data to anyone. We do not share your data with third parties for their own marketing purposes.

International transfers

Some of our processors (Kit, Netlify, Notion) are based in the United States. Where your data is transferred outside the UK, it is protected by one or more of the following safeguards:

• The UK-US Data Bridge (UK Extension to the EU-US Data Privacy Framework), where the processor is certified.
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office.

If you would like details of the specific safeguards applied to any transfer, contact us at david@signlhq.com.

How long we keep your data

Email subscribers: we retain your email address for as long as you remain subscribed. When you unsubscribe, your data is deleted from our email platform within 30 days.

Service enquiries and client data: we retain contact information for the duration of the client relationship and for up to 24 months after our last interaction, unless a longer period is required by law.

Website analytics: aggregated, non-personal analytics data is retained indefinitely. No individual visitor data is stored.

Your rights

Under UK GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data where there is no compelling reason for continued processing.
• Restrict processing — ask us to limit how we use your data in certain circumstances.
• Data portability — request your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interest.
• Withdraw consent — withdraw consent for marketing emails at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of these rights, email david@signlhq.com. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data has been handled unlawfully.

Cookies

This website uses only essential, first-party cookies required for the site to function (for example, form submission state). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

If we introduce analytics in the future, this policy will be updated and consent will be obtained where required under the Privacy and Electronic Communications Regulations (PECR).

Security

We use appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls on internal systems, and careful selection of processors with strong security practices. No system is perfectly secure, but we take reasonable steps to protect the data you trust us with.

Changes to this policy

We may update this policy from time to time. The "last updated" date at the top of this page will always reflect the most recent version. Material changes will be communicated to subscribers by email where appropriate.