Legal

Privacy Policy

Last updated: March 21, 2026

1. Introduction

Signal-Stack, Inc. ("Signal-Stack", "we", "us", or "our") operates the Signal-Stack platform, accessible at signal-stack.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Service.

If you have questions or concerns about this policy, contact us at privacy@signal-stack.io.

2. Information We Collect

2.1 Information You Provide Directly

  • Account information: Name, work email address, and password when you register.
  • Connector credentials: API keys (e.g., Gong API key) that you enter to connect third-party services.
  • Communications: Any messages or support requests you send us.

2.2 Information We Collect Automatically

  • Usage data: Pages visited, features used, and interactions with the Service.
  • Device and log data: IP address, browser type, operating system, and timestamps of requests.
  • Cookies: Session cookies to maintain your authenticated state. We do not use advertising or tracking cookies.

2.3 Information From Third-Party Integrations

When you connect third-party services, we access data from those services on your behalf and with your explicit authorization:

  • Google Gmail API: Email thread metadata, message bodies, and headers from threads involving prospects you are researching. We access only threads relevant to your pre-call intelligence requests.
  • Google Calendar API: Calendar event titles, start times, and attendee email addresses for your scheduled meetings. We use this to identify upcoming external meetings.
  • Gong API: Call recordings metadata, transcripts (speaker-isolated), tracker data, talk-time analytics, and AI-generated call summaries for contacts in your Gong workspace.

We access third-party data only to provide the Service. We do not sell or share this data with third parties for advertising or unrelated purposes.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service
  • Generate AI-powered pre-call intelligence briefings
  • Authenticate your identity and maintain your session
  • Send transactional emails (verification, password reset, briefing digests)
  • Monitor and analyze usage patterns to improve performance and reliability
  • Detect, prevent, and address technical issues or security incidents
  • Comply with legal obligations

We do not use your data to train AI models. We do not use Gmail, Calendar, or Gong data for any purpose other than generating your requested briefings.

4. Google API Data — Limited Use Disclosure

Signal-Stack's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only access Google user data that is necessary to provide the pre-call intelligence features you have requested.
  • We do not use Google user data to serve advertisements.
  • We do not allow humans to read your Google data unless you have given explicit permission, it is necessary for security purposes, or it is required by law.
  • We do not transfer Google user data to third parties except as necessary to provide the Service (e.g., passing transcript text to Anthropic's Claude API for brief synthesis), and only with appropriate data processing agreements in place.
  • We do not use Google user data for purposes unrelated to improving user-facing features of the Service.

OAuth Scopes we request:

  • https://www.googleapis.com/auth/gmail.readonly — Read Gmail threads involving your prospects
  • https://www.googleapis.com/auth/gmail.send — Send briefing emails to your own address
  • https://www.googleapis.com/auth/calendar.readonly — Read your calendar to identify upcoming meetings

You may revoke these permissions at any time via your Google Account settings or by disconnecting in the Signal-Stack dashboard.

5. Data Storage and Security

5.1 Storage

Your data is stored on Cloudflare's global edge network using Cloudflare Workers KV and D1 (SQLite). Infrastructure is located in the United States and the European Union, depending on edge routing.

5.2 Security Measures

  • Encryption at rest: OAuth tokens are encrypted using AES-256-GCM with a per-record random IV before storage.
  • Encryption in transit: All data is transmitted over HTTPS/TLS. No unencrypted connections are accepted.
  • Authentication: Sessions are signed with HMAC-SHA256. Passwords are hashed using PBKDF2 with 100,000 iterations.
  • Access controls: Each user can only access their own data. Ownership verification is enforced on every request.
  • Rate limiting: All endpoints are rate-limited to prevent abuse.

5.3 Data Retention

  • Account data is retained until you delete your account.
  • OAuth tokens expire and are refreshed automatically; disconnecting a connector removes tokens immediately.
  • Cached intelligence data (call history, Gmail analysis) is stored for up to 12 hours to improve performance, then automatically purged.
  • Generated briefing content is not persisted — it is synthesized on demand and not stored.

6. Data Sharing and Disclosure

We do not sell your personal data. We share data only in the following circumstances:

  • Service providers: We use Anthropic (Claude API) to synthesize briefings, Resend for transactional email delivery, and Cloudflare for infrastructure. Each processes data only as necessary to provide their service.
  • Legal requirements: We may disclose data if required by law, subpoena, or other legal process, or to protect the rights, property, or safety of Signal-Stack, our users, or the public.
  • Business transfers: If Signal-Stack is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.
  • With your consent: We may share data in other ways if you have explicitly consented.

7. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to certain types of processing.
  • Withdrawal of consent: Disconnect Google or other OAuth integrations at any time from your dashboard settings.

To exercise any of these rights, contact us at privacy@signal-stack.io. We will respond within 30 days.

8. Cookies

We use strictly necessary cookies only:

  • Session cookie (__Host-ss_session): An HMAC-signed cookie that maintains your authenticated session. It is HttpOnly, Secure, and SameSite=Lax. It expires after 24 hours.

We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

9. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at privacy@signal-stack.io and we will promptly delete it.

10. International Data Transfers

Your data may be processed in countries outside your own, including the United States. When we transfer data from the European Economic Area (EEA), we rely on Standard Contractual Clauses or other approved transfer mechanisms.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to delete personal information we have collected.
  • The right to opt-out of the sale of personal information. (We do not sell personal information.)
  • The right to non-discrimination for exercising your privacy rights.

To submit a California privacy request, email privacy@signal-stack.io.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a prominent notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.

Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Signal-Stack, Inc.
Email: privacy@signal-stack.io
Website: www.signal-stack.io
© 2026 Signal-Stack, Inc. All rights reserved.← Back to signal-stack.io