Privacy Policy

1. Who We Are

Signaldeck is operated by Daniel Todd Ltd, a company operating in the United Kingdom ("Signaldeck", "we", "us", or "our"). This Privacy Policy explains how we collect, use, share, and protect personal information when you use Signaldeck, including our website, application, embeddable widgets, hosted feedback pages, APIs, billing features, and related services (the "Service").

For account, billing, website, product analytics, support, and administrative data, Daniel Todd Ltd is the controller of your personal information. For feedback responses and respondent data that our customers collect through Signaldeck, the customer is usually the controller and we process that information on the customer's behalf.

2. Information We Collect

We may collect and process the following categories of personal information:

• Account information: name, email address, password authentication data, account membership, user role, user type, invite-code status, and login/session information.
• Customer workspace data: account names, projects, collectors, feedback flows, questions, configuration, usage limits, usage events, and related metadata.
• Feedback and respondent data: responses, text answers, ratings, NPS values, thumbs responses, respondent identifiers, submitted metadata, source information, timestamps, and any other information submitted through widgets, hosted pages, or APIs.
• Billing and subscription data: plan, price, subscription status, payment status, Stripe customer and subscription identifiers, billing interval, checkout events, invoice events, and related billing metadata. Card details are handled by our payment processor and are not stored directly by Signaldeck.
• Usage, analytics, and device data: pages viewed, product events, plan and checkout events, account and user identifiers, browser type, device information, approximate location derived from IP address, referrer, timestamps, and interaction data.
• Communications: messages you send to us, support requests, feedback, survey responses, and related contact details.
• Security and technical logs: IP addresses, request metadata, authentication events, error logs, audit information, and information used to detect abuse or protect the Service.

3. How We Collect Information

We collect information when you:

• create an account, log in, redeem an invite code, or join a workspace;
• create projects, collectors, feedback flows, widgets, or hosted feedback pages;
• submit, receive, view, summarize, or manage feedback responses;
• start checkout, manage a subscription, or trigger billing events through Stripe;
• visit our website or use the Service while analytics tools are enabled;
• contact us, request support, or otherwise communicate with us.

We also receive information from service providers, such as payment processors, analytics providers, hosting providers, AI providers, and infrastructure tools that help us operate the Service.

4. How We Use Information

We use personal information for the following purposes:

• to provide, maintain, secure, and improve the Service;
• to create and manage accounts, workspaces, projects, collectors, widgets, and feedback flows;
• to collect, store, display, analyze, summarize, and export feedback responses;
• to generate AI-assisted summaries, themes, suggested actions, and related feedback insights;
• to process invite codes, subscriptions, checkout, billing, payment status, and usage limits;
• to understand product usage, plan interest, checkout behaviour, upgrades, downgrades, and retention;
• to provide support, respond to requests, and communicate service information;
• to detect, prevent, and investigate misuse, fraud, security incidents, and technical issues;
• to comply with legal, accounting, tax, regulatory, and contractual obligations.

5. Lawful Bases

Where UK GDPR applies, we rely on one or more lawful bases depending on the processing activity:

• Contract: to provide the Service, manage accounts, process subscriptions, deliver feedback features, and respond to support requests.
• Legitimate interests: to improve the Service, understand product usage, secure the Service, prevent abuse, measure plan interest, and operate business analytics, where those interests are not overridden by your rights and freedoms.
• Consent: where we ask for consent for optional cookies, marketing, or similar processing. You can withdraw consent where applicable.
• Legal obligation: where we need to keep records or disclose information to comply with tax, accounting, regulatory, legal, or law-enforcement obligations.

For feedback and respondent data processed on behalf of a customer, the customer is responsible for identifying the lawful basis for collecting and using that data.

6. Cookies and Analytics

We use essential cookies and similar technologies to keep you signed in, maintain sessions, remember pending invite and checkout context, protect the Service, and make core features work.

We may also use analytics tools such as Mixpanel, Google Analytics, and Vercel Analytics to understand how people find and use Signaldeck. These tools may process identifiers, device and browser information, page views, product events, plan and price interest, checkout events, subscription-change events, and related metadata.

7. AI-Assisted Processing

Signaldeck may use AI providers to summarize feedback, identify themes, translate content, prioritize responses, or suggest actions. This may involve sending relevant feedback content, response metadata, and configuration data to an AI provider for processing.

AI-assisted outputs are intended to support human review and decision-making. We do not use AI-assisted features to make solely automated decisions about individuals that have legal or similarly significant effects.

8. How We Share Information

We may share personal information with:

• Service providers: hosting, database, analytics, AI, payment, email, error monitoring, security, and infrastructure providers that help us operate the Service.
• Payment processors: Stripe and related payment infrastructure for checkout, subscriptions, invoices, payment status, and fraud prevention.
• Customers and workspace members: information visible within the account, workspace, project, collector, response, or administrative area they are authorised to access.
• Legal and safety recipients: regulators, courts, professional advisers, or law enforcement where required by law or needed to protect rights, safety, security, or the Service.
• Business transfers: parties involved in a merger, acquisition, financing, sale of assets, reorganisation, or similar business transaction.

We do not sell personal information.

9. International Transfers

We operate from the United Kingdom, but some service providers may process personal information in other countries, including the United States and countries in the European Economic Area.

Where required, we use appropriate safeguards for international transfers, such as adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

10. Retention

We keep personal information for as long as needed to provide the Service, meet the purposes described in this policy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and keep appropriate business records.

Account and workspace data is generally retained while the account is active. Billing and accounting records may be retained for longer where required by law. Security logs, analytics records, support communications, backups, and feedback data may have different retention periods depending on the purpose, customer settings, legal obligations, and technical constraints.

11. Security

We use technical and organisational measures designed to protect personal information, including access controls, authentication, encrypted transport where appropriate, provider security controls, operational monitoring, and separation between public entities and server-only data.

No service can be completely secure. You are responsible for keeping your login credentials confidential and for configuring widgets, collectors, and access permissions appropriately.

12. Your Rights

Depending on where you are and the lawful basis for processing, you may have rights to access, correct, erase, restrict, object to, or receive a copy of your personal information. You may also have the right to withdraw consent where processing is based on consent.

If your request relates to feedback or respondent data controlled by one of our customers, we may direct you to that customer or assist them in responding to your request.

You also have the right to complain to the UK Information Commissioner's Office. The ICO website is ico.org.uk.

13. Children's Privacy

Signaldeck is intended for business and organisational use. We do not knowingly collect personal information directly from children. Customers should not use the Service to collect children's personal information unless they have a lawful basis and appropriate notices, consents, and safeguards.

14. Customer Responsibilities

Customers are responsible for the data they collect through Signaldeck, including choosing appropriate questions, configuring widgets and collectors, providing privacy notices to respondents, obtaining required consents, responding to data protection requests, and making sure their use of the Service complies with applicable laws.

Customers should avoid collecting sensitive or special category personal data through Signaldeck unless they have a clear lawful basis, a special category condition where required, and suitable safeguards.

15. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will take reasonable steps to notify you, such as by posting the updated policy on the website or in the Service. Your continued use of the Service after an updated policy is posted means the updated policy applies.

16. Contact

Questions or requests about this Privacy Policy can be sent to Daniel Todd Ltd through the support or contact channels made available in the Service or on the Signaldeck website.

For contractual terms that apply to use of the Service, see our Terms and Conditions.