Privacy Policy
Last updated & Effective Date: May 2026
Signalog is operated by IDACS. This Privacy Policy describes how we collect, use, store, and protect information when you use Signalog ("Service"). We are committed to protecting your privacy and complying with applicable data protection laws including India's Digital Personal Data Protection Act 2023 (DPDP Act) and the GDPR where applicable.
1. Information We Collect
1.1 Account InformationWhen you register, we collect your name, email address, and profile information from your OAuth provider (GitHub or Google). We do not store passwords — authentication is handled entirely by OAuth providers.
1.2 App and Workspace DataWe store information about the apps and workspaces you create within Signalog, including app names, Site IDs, allowed domains, theme colors, and platform settings.
1.3 Feedback and Bug Report DataWhen End Users submit feedback through your embedded widget, we collect: the text content of their submission, browser type and major version, operating system and version, device type (desktop/tablet/mobile), screen resolution category, language and locale, timezone, current page URL, referrer URL, Signalog widget version, and optionally: name, email, role, company if provided.
1.4 Screenshots & RecordingsBug reports may include an automatic screenshot of the End User's current page or rrweb captures up to 60 seconds of the End User's session before submission if enabled. These are stored securely on Cloudflare R2 and are accessible only to authorized workspace representatives.
1.5 Payment InformationWe do not store payment card details directly. Payment-supporting flows are handled entirely by PayPal, Paddle, or Razorpay depending on geography. We receive transaction markers, receipts, and subscription states.
2. How We Use Information
We use the data we collect to:
- Provide, operate, and maintain the feedback logistics
- Manage and settle invoice subscriptions securely
- Send transaction emails (receipts, warnings, usage alerts, digest reports)
- Slay platform friction, debug edge errors, and optimize operations
- Enforce platform Terms of Service & protect workspaces
3. Data Sharing and Processors
We do not sell personal data or End User feedback data to any third party under any circumstances. We share data only with authorized infrastructure sub-processors:
4. Data Retention Scope
| Data Type | Retention Period |
|---|---|
| Account profiles & workspace configurations | Until user requests workspace deletion |
| Feedback lists & images (Free plan) | 1 month |
| Feedback lists & images (Starter) | 3 months |
| Feedback lists & images (Growth) | 1 year |
| Billing history metadata | 7 years (Statutory tax compliance) |
5. Security Standards
We enforce strict industry measures including: complete TLS/HTTPS transit encryption, AES-256 rest encryption on Cloudflare R2 and MongoDB Atlas, OAuth integration to bypass raw password records, and Sentry vulnerability scans.
6. Cookies & Client Preference Storage
Signalog uses strictly minimal functional cookies: some encrypted session tokens to hold dashboard authorization, and one language/currency preference context. The embedded widget itself does not write advertising or profile track parameters onto End Users.
7. Your Rights and Contact Context
Depending on nationality and region (GDPR / DPDP Act), you have complete rights of access, direct rectification, structured data portability, and direct deletion. For these and legal tickets, communicate directly via hello@signalog.co. We analyze and address requests inside 30 days.