Data Processing Agreement

This Data Processing Agreement explains how Signalify processes personal data on behalf of customers who use Signalify to collect, store, manage, publish, and display reviews, testimonials, ratings, and related customer feedback. It is intended to provide transparent information about our role, responsibilities, subprocessors, and security practices.

• Review and testimonial text
• Reviewer names or display names, if provided
• Ratings and review dates
• Project and widget configuration data
• Public review collection submissions
• Account and authentication information
• Billing and subscription status information
• Technical logs and security-related metadata

• Signalify customers and account users
• End customers, clients, or visitors who submit reviews
• Website visitors who view embedded widgets or public review pages
• Support contacts who communicate with Signalify

Signalify processes data to provide the service selected by the customer. This includes storing reviews, displaying widgets, generating public review pages, enabling review collection forms, managing visibility settings, supporting API access, processing subscriptions, securing the platform, and providing customer support.

Signalify processes customer content according to the customer’s configuration and use of the platform. This includes actions such as adding reviews, importing reviews, changing visibility, deleting reviews, enabling widgets, or embedding widgets on external websites. Signalify will not use customer content for unrelated purposes.

• Ensure that submitted reviews and testimonials are lawful and accurate
• Ensure that any required permissions or consents have been obtained before publishing reviews
• Avoid submitting sensitive personal data unless strictly necessary
• Respond to data subject requests relating to customer-controlled review content
• Keep account credentials secure and manage access appropriately

• Process customer content only as needed to provide the service
• Use reasonable technical and organizational measures to protect data
• Limit access to data to what is necessary for operating and supporting the service
• Assist customers with reasonable data access, correction, export, or deletion requests
• Notify affected customers without undue delay if we become aware of a relevant personal data breach

Signalify uses trusted third-party service providers to operate the platform. These providers may process limited data only where necessary to provide infrastructure, authentication, database, hosting, analytics, payment, or communication services.

• Use of managed hosting and database infrastructure
• Authentication and access control for account areas
• Separation of customer projects and access permissions
• Transport-layer encryption where supported by infrastructure providers
• Restricted administrative access
• Regular review of production configuration and platform behavior

Customer content is retained while the customer account or project remains active, unless deleted earlier by the customer. Customers may delete reviews, projects, or request account deletion. When deletion is requested, Signalify will delete or anonymize data unless retention is required for legal, billing, security, or legitimate operational reasons.

If a person requests access, correction, deletion, or other rights relating to review content controlled by a customer, the customer is responsible for responding to that request. Signalify will provide reasonable assistance where technically possible and appropriate.

Signalify may rely on infrastructure and service providers that process data in different regions. Where required, Signalify aims to rely on appropriate safeguards provided by those service providers, such as standard contractual clauses or equivalent transfer mechanisms.

Signalify treats customer content and account information as confidential and does not sell customer data. Access is limited to what is necessary to operate, secure, maintain, and support the service.

Signalify may update this Data Processing Agreement from time to time to reflect changes in the service, subprocessors, legal requirements, or security practices. Updates will be posted on this page.

For privacy, data processing, or deletion questions, please contact us at hello@signalify.io.