Privacy Policy

Last updated: 20 February 2026

1. Introduction

Signalyst ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services at signalyst.co.uk (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us when you:

  • Create an account (email address, firm name, password)
  • Set your alert preferences (postcode districts and SIC code filters)
  • Subscribe to our service (payment information via Stripe)
  • Contact our support team
  • Respond to surveys or feedback requests

2.2 Automatically Collected Information

When you access the Service, we may automatically collect:

  • IP address and approximate location
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referring website

2.3 Company Data

The company information we provide in our lead alerts (company names, registered addresses, SIC codes) is sourced from publicly available data from Companies House. This is public information and not personal data we collect from you.

We do not collect or store director personal data such as dates of birth, home addresses, or nationality. We only use publicly available company registration information.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send you daily lead alert emails based on your filter preferences
  • Process payments and manage your subscription
  • Send you administrative communications (account updates, security alerts)
  • Respond to your enquiries and support requests
  • Monitor and analyse usage patterns to improve user experience
  • Detect, prevent, and address technical issues or fraud

4. Legal Basis for Processing (UK GDPR)

Under the UK General Data Protection Regulation (UK GDPR), we process your personal data based on:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate interests: Processing necessary for our legitimate business interests (improving the Service, fraud prevention)
  • Consent: Where you have given explicit consent (marketing communications)
  • Legal obligation: Processing necessary to comply with legal requirements

5. Data Sharing and Disclosure

We use the following categories of third-party service providers to operate Signalyst:

  • Stripe (stripe.com) — payment processing. Stripe handles all card details directly; we never see or store your card information.
  • Email delivery provider — for sending daily alerts and account notifications such as password resets and welcome emails.
  • Cloud database provider — for secure storage of subscriber account data.
  • Hosting and content delivery provider — for website hosting, performance, and security.

Each provider processes data under appropriate data processing agreements and in accordance with UK GDPR requirements.

We may also share your information:

  • Legal requirements: When required by law or to protect our rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit using secure protocols
  • Secure password hashing using industry-standard algorithms
  • Regular security assessments
  • Access controls and authentication
  • Secure payment processing via PCI-compliant Stripe

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to:

  • Provide the Service to you
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements

When you request account deletion, your account enters a 14-day grace period during which you can cancel the deletion request. After the grace period expires, your personal data will be permanently deleted. We retain only anonymised, aggregated data for analytics purposes.

Company registration data is retained for 90 days from the date of incorporation, after which it is automatically deleted.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you. You can download your data directly from your Account page.
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your personal data. You can delete your account directly from your Account page. A 14-day grace period applies, during which you can cancel the deletion.
  • Restriction: Request restriction of processing
  • Portability: Request transfer of your data to another service. You can download your data in a machine-readable format from your Account page.
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Withdraw consent where processing is based on consent

Most of these rights can be exercised directly from your account dashboard. For other requests or assistance, contact us at privacy@signalyst.co.uk. We will respond to all data subject requests within 30 days.

9. Cookies

We use essential cookies to:

  • Maintain your login session
  • Remember your preferences
  • Ensure security

We do not use third-party tracking or advertising cookies. For more information, see our Cookie Policy.

10. International Data Transfers

Our servers are located in the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.