Privacy Policy

Last updated: 13 February 2026

1. Introduction

Signalyst ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at signalyst.com (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us when you:

  • Create an account (email address, firm name, password)
  • Subscribe to our service (payment information via Stripe)
  • Contact our support team
  • Respond to surveys or feedback requests

2.2 Automatically Collected Information

When you access the Service, we may automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website

2.3 Company Data

The company information we provide in our lead alerts (company names, addresses, SIC codes, director names) is sourced from publicly available data from Companies House. This is public information and not personal data we collect from you.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send you daily lead alert emails based on your filter preferences
  • Process payments and manage your subscription
  • Send you administrative communications (account updates, security alerts)
  • Respond to your enquiries and support requests
  • Monitor and analyse usage patterns to improve user experience
  • Detect, prevent, and address technical issues or fraud

4. Legal Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate interests: Processing necessary for our legitimate business interests (improving the Service, fraud prevention)
  • Consent: Where you have given explicit consent (marketing communications)
  • Legal obligation: Processing necessary to comply with legal requirements

5. Data Sharing and Disclosure

We may share your information with:

  • Service providers: Third parties that perform services on our behalf (e.g., Stripe for payment processing, email delivery services)
  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Secure password hashing (bcrypt with salt)
  • Regular security assessments
  • Access controls and authentication
  • Secure payment processing via PCI-compliant Stripe

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you cancel your subscription, we retain your account data for 30 days in case you wish to reactivate. After this period, your personal data will be deleted or anonymised.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@signalyst.com.

9. Cookies

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure security

We do not use third-party tracking or advertising cookies. For more information, see our Cookie Policy.

10. International Data Transfers

Our servers are located in the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.