Privacy Policy

This Privacy Policy applies to all users of the SigFact platform and describes our practices regarding the collection, use, and disclosure of your information. By using the Service, you consent to the data practices described in this policy. We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on the Service and updating the "Last updated" date.

We collect the following categories of information: Account Information: When you create an account, we collect your name, email address, and authentication credentials provided through our OAuth login system. Billing-Related Information: When you subscribe to a paid plan, our payment processor (Paddle) collects your payment method details. We store only your Paddle customer identifier and subscription status — we do not store full card numbers, CVV, or card expiration dates. Usage and Interaction Data: We collect information about how you use the Service, including pages visited, features used, signal interactions, search queries, and workflow activity. Device and Browser Data: We automatically collect technical information such as your IP address, browser type, operating system, device identifiers, and referring URLs. Communications: If you contact us or respond to surveys, we collect the content of those communications.

We use the information we collect for the following purposes: • Providing, maintaining, and improving the Service. • Processing subscriptions, payments, and billing. • Personalizing your experience and delivering relevant content. • Communicating with you about your account, billing, and service updates. • Sending optional marketing communications (with your consent, where required). • Analyzing usage patterns to improve product features and performance. • Detecting, preventing, and addressing security issues, fraud, and abuse. • Complying with legal obligations and enforcing our Terms of Use.

Where applicable under data protection laws, we process your personal information based on the following legal grounds: • Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations to you. • Legitimate Interests: Processing for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security, where these interests are not overridden by your rights. • Consent: Processing based on your explicit consent, such as for marketing communications. You may withdraw consent at any time. • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

We use cookies and similar technologies to operate and improve the Service: Essential Cookies: Required for core functionality such as authentication, session management, and security. These cannot be disabled. Analytics Cookies: We use analytics tools to understand how users interact with the Service, including page views, feature usage, and navigation patterns. This data helps us improve the product experience. Performance Cookies: Used to monitor Service performance and identify technical issues. You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Service functionality.

Payment processing for SigFact is handled by Paddle (paddle.com). When you subscribe to a paid plan or enter payment information, Paddle collects and processes your payment details directly. SigFact does not receive or store your full credit card number, CVV, or card expiration date. We receive from Paddle only the information necessary to manage your subscription, such as your customer identifier, subscription status, and basic transaction confirmations. Paddle's handling of your payment information is governed by Paddle's own privacy policy and terms of service. We encourage you to review Paddle's privacy practices at https://paddle.com/legal/privacy.

We distinguish between two types of communications: Product, Account, and Billing Communications: These are operational messages related to your account, subscription, billing, security alerts, and service updates. These communications are necessary for the operation of your account and cannot be opted out of while you maintain an active account. Marketing and Newsletter Communications: These are optional communications about product updates, industry insights, and promotional content. You may opt out of marketing communications at any time by using the unsubscribe link in any marketing email or by updating your communication preferences in your account settings.

We retain your personal information for as long as your account is active or as needed to provide you the Service. After account closure, we may retain certain information as required by law, for legitimate business purposes (such as resolving disputes and enforcing agreements), or as needed for audit and compliance requirements. Usage and analytics data may be retained in aggregated, anonymized form for product improvement purposes. Aggregated data that cannot identify individual users is not subject to deletion requests.

We do not sell your personal information. We may share your information with the following categories of third parties: Payment Processors: Paddle, for subscription billing and payment processing. Infrastructure Providers: Cloud hosting, database, and content delivery services that help us operate the Service. Analytics Providers: Tools that help us understand Service usage and improve the product. Legal and Compliance: When required by law, regulation, legal process, or governmental request, or to protect our rights, property, or safety. Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. All third-party service providers are contractually obligated to protect your information and use it only for the purposes for which it was shared.

SigFact operates globally, and your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. Where we transfer personal information internationally, we implement appropriate safeguards to protect your information in accordance with applicable data protection laws. By using the Service, you acknowledge and consent to the transfer of your information to countries where we and our service providers operate.

Depending on your location and applicable laws, you may have the following rights regarding your personal information: • Access: Request a copy of the personal information we hold about you. • Correction: Request correction of inaccurate or incomplete information. • Deletion: Request deletion of your personal information, subject to legal retention requirements. • Data Portability: Request a copy of your data in a structured, machine-readable format. • Opt-Out: Opt out of marketing communications at any time. • Withdraw Consent: Where processing is based on consent, withdraw your consent at any time. To exercise any of these rights, please contact us at [email protected]. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments. However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service itself. When we make material changes, we will notify you by posting the updated policy on the Service and updating the "Last updated" date at the top of this page. Your continued use of the Service after the posting of a revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us: Privacy inquiries: [email protected] General inquiries: [email protected] Support: [email protected]