Privacy Policy

This Privacy Policy explains how Direct Signal ("Direct Signal", "we", "us") collects, uses, and shares information when you use our website, products, and services (the "Service"). It also describes the choices available to you. This Policy is designed for global compliance with 2025 best practices under GDPR/UK GDPR, CCPA/CPRA, and similar laws.

1. Roles

For personal data about your end‑users and CRM records that you connect to the Service ("Customer Data"), you are the controller and Direct Signal acts as processor, governed by our Data Processing Addendum ("DPA"). For account, billing, product analytics, and website data ("Service Data"), Direct Signal is the controller.

2. Information We Process

• Account and billing details (name, email, company, payment identifiers).
• Product usage and device data (events, pages, IP address, browser/OS, cookies).
• Customer Data you choose to sync (contacts, companies, signals) as processor under the DPA.

3. Purposes and Legal Bases

• Provide, secure, and improve the Service (contract; legitimate interests).
• Billing and account administration (contract; legal obligation).
• Product analytics and communications (legitimate interests; consent where required).

4. Sharing and Sub‑processors

We use vetted vendors to operate our Service (e.g., hosting, analytics, payments). For Customer Data we act as processor and require sub‑processors to follow equivalent security and confidentiality obligations. We may disclose information to comply with law, protect our rights, or in connection with a merger or acquisition.

5. International Transfers

Where applicable, we rely on Standard Contractual Clauses and additional safeguards for international data transfers. By using the Service, you acknowledge such transfers.

6. Security

We implement appropriate technical and organizational measures to protect information. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

7. Retention

We retain Service Data for as long as necessary to provide the Service and meet legal obligations. Customer Data is handled under the DPA and is deleted or returned at termination subject to defined timelines.

8. Your Rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal data, object to processing, or request portability. Contact us to exercise rights. Where we act as processor, we will forward requests to the relevant controller.

9. Children

The Service is not intended for children under 16 and we do not knowingly collect personal data from them.

10. Changes

We may update this Policy. Material changes will be posted here with a new "Last updated" date.

Contact

privacy@directsignal.ai