Privacy Policy

AxionSite Pty Ltd (ABN 73 698 423 442), trading as Direct Signal, is the entity responsible for, and the controller of, the personal information described in this policy, except where we process data solely on behalf of a business customer under a separate data processing agreement (in which case the customer is typically the controller and Direct Signal acts as a processor).

Privacy enquiries: privacy@directsignal.app

This policy applies to:

• Visitors to our website and marketing pages;
• Prospects who submit demo, enterprise inquiry, or contact forms;
• Administrators and users of Direct Signal accounts;
• Individuals whose personal information is provided to us by customers or generated through use of the Services.

It does not apply to third-party websites, data sources, or integrations outside our control. Information we ingest from public or licensed sources about companies, markets, or public figures is handled in accordance with this policy and our agreements with customers.

Information you provide. Name, work email, phone, company, job title, industry, team size, messages, account credentials, billing contacts, support communications, and configuration data (e.g., entities, sectors, keywords, or watchlists you ask us to monitor).

Automatically collected. IP address, device and browser type, log data, usage analytics, API activity, timestamps, feature interactions, security signals, and cookies or similar technologies (see Section 12).

Intelligence and signal data. To deliver the Services, we collect and process external signals from permitted sources. Much of this data relates to organisations, markets, or public activity rather than consumers. Where personal information appears in public or licensed sources (e.g., executive names, professional profiles, public statements), we process it to provide market intelligence, reputation mapping, competitor tracking, stakeholder monitoring, and executive briefings for our customers.

From third parties. Authentication providers, payment processors, hosting and infrastructure vendors, analytics providers, and integration partners (e.g., CRM or collaboration tools you connect), subject to their policies and our contracts.

Sensitive information. The Services are a business tool and we do not ask you to provide sensitive personal information (such as health, biometric, or precise geolocation data). We do not seek to collect special-category data through the platform. Where any sensitive information is processed, we do so only as necessary to provide the Services or as permitted by law, and you may ask us to limit its use where applicable law provides that right.

We use personal information to:

• Provide, operate, maintain, and secure the Services;
• Ingest, correlate, assess, and present external signals and intelligence outputs;
• Authenticate users, administer accounts, and provide customer support;
• Process demo and sales requests and communicate with you;
• Improve reliability, accuracy, and performance of models, ranking, and workflows;
• Detect abuse, fraud, and security incidents;
• Comply with law and enforce our Terms of Service;
• Send service-related notices and, where permitted, marketing (you may opt out).

Direct Signal uses artificial intelligence and automated systems—including classification, clustering, scoring, summarisation, and briefing generation—to analyse external signals. Outputs may include opportunity, watch, or risk assessments, narrative detection, velocity metrics, and confidence indicators.

Important limitations. AI-generated intelligence is probabilistic and may be incomplete or inaccurate. Outputs are intended to support human decision-making for business users, not to replace professional judgment, legal advice, investment advice, or compliance determinations.

Where required by law, we provide transparency about significant automated processing and honour rights related to profiling. Enterprise customers may request additional documentation about model use, human review options, and data minimisation controls in their order form or data processing agreement.

No training on your confidential inputs by default. Unless otherwise agreed in writing, we do not use customer-provided confidential content, account data, or private workspace materials to train general-purpose models for unrelated products. Aggregated, de-identified usage statistics may be used to improve security and service quality.

Where GDPR or equivalent laws apply, we rely on:

• Contract — to provide the Services you or your organisation request;
• Legitimate interests — to operate, improve, and secure our platform, process business contact data, and analyse public or licensed signals for B2B intelligence (balanced against your rights);
• Consent — where required for certain cookies, marketing, or optional processing;
• Legal obligation — where we must retain or disclose information by law.

We may share personal information with:

• Service providers and sub-processors — cloud hosting, databases, monitoring, email, customer support, analytics, and AI infrastructure providers bound by confidentiality and data protection terms;
• Your organisation — if you use an enterprise account, administrators may access user activity within the workspace;
• Professional advisers — lawyers, auditors, and insurers under confidentiality;
• Authorities — when required by law or to protect rights, safety, and security;
• Business transfers — in connection with merger, acquisition, or asset sale, subject to continued protections.

We do not sell personal information in the conventional sense. Where US state privacy laws define "sell" or "share" broadly (including certain advertising or analytics disclosures), we provide opt-out rights as described in Section 10.

We may process information in countries other than where you reside, including Australia, the United States, and the European Economic Area. When we transfer personal information internationally, we implement appropriate safeguards such as Standard Contractual Clauses, supplementary measures, and vendor due diligence, as required by applicable law.

We retain personal information only as long as necessary for the purposes described in this policy, including to provide the Services, meet legal, tax, and accounting obligations, resolve disputes, and enforce agreements. As a general guide, our retention periods by category are:

• Account and contact information — for the duration of the business relationship plus up to seven (7) years after it ends;
• Usage, log, and analytics data — up to twenty-four (24) months from collection, or a shorter period configured by enterprise workspace settings;
• Signal queries, prompts, and generated outputs — for the term of the subscription, subject to shorter workspace or enterprise retention schedules;
• Financial and billing records — seven (7) years, as required by Australian tax and accounting law;
• Support and correspondence records — up to three (3) years from last contact;
• Marketing data and suppression lists — until you opt out, after which limited records are kept to honour your opt-out.

We may retain information for longer where required by law or where there is a complaint or a reasonable prospect of litigation. To determine the appropriate period we consider the amount, nature, and sensitivity of the data, the potential risk of harm, the purposes of processing, and applicable legal requirements. When we no longer have a legitimate need to process personal information, we delete or de-identify it, or securely isolate it from further processing where deletion is not immediately possible (for example, in backups).

We implement administrative, technical, and organisational measures designed for an enterprise SaaS environment, including access controls, encryption in transit, logging, and vendor management. No method of transmission or storage is completely secure; please report suspected incidents to privacy@directsignal.app.

Depending on your location, you may have rights to access, correct, delete, restrict, object to, or port personal information, and to withdraw consent where processing is consent-based. You may also have the right to appeal certain decisions and lodge a complaint with a supervisory authority.

United States state laws. Residents of California, Colorado, Connecticut, Virginia, and other states with comprehensive privacy laws may have additional rights, including to know categories of data collected, request deletion, correct inaccuracies, and opt out of certain profiling, targeted advertising, or sale/sharing of personal information. We honour applicable opt-out preference signals where required.

How to exercise your rights. Email privacy@directsignal.app. You may also authorise another person or agent to submit a request on your behalf; we will verify their authority. To protect your information, we may ask you for details to confirm your identity before we act on a request.

Response times. We aim to respond to requests from the EEA and UK within one (1) month and to US state privacy requests within forty-five (45) days, each extendable by a further period where permitted by law for complex or numerous requests. We will let you know if we need more time.

Fees. Exercising your rights is usually free. We may charge a reasonable fee, or decline to act, where a request is manifestly unfounded, excessive, or repetitive, to the extent permitted by law.

Appeals. If we decline your request, you may appeal by replying to our decision or contacting privacy@directsignal.app. We will inform you in writing of the outcome and our reasons. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) or your local supervisory authority, and—where US state laws apply—with the relevant state attorney general.

We use cookies and similar technologies for essential site functions, security, preferences, and analytics. You can control cookies through browser settings; disabling certain cookies may affect site functionality. Where required, we will present a consent mechanism for non-essential cookies. For full details, see our Cookie Policy.

The Services are intended for business users and are not directed to children under 16 (or the age required in your jurisdiction). We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be notified via the Services or email where appropriate.

Personal information collected through the Services is handled by AxionSite Pty Ltd (ABN 73 698 423 442) trading as Direct Signal.

Questions about this Privacy Policy or our data practices: privacy@directsignal.app

See also our Terms of Service.