Privacy Policy

Last Updated: December 31, 2025

Effective Date: December 31, 2025

1. Introduction

SignalBridge ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our server-side conversion tracking platform.

By using SignalBridge, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address: For account creation and communication
  • Name: For personalization
  • Password: Encrypted and stored securely via Clerk authentication

2.2 Integration Data

When you connect advertising platforms, we collect:

  • Facebook Pixel ID: To identify your Facebook pixel
  • Facebook Access Token: Encrypted OAuth token for API access
  • Google Ads Customer ID: To identify your Google Ads account
  • Google Ads Conversion Action ID: To specify which conversion to track
  • Google Ads OAuth Tokens: Encrypted access and refresh tokens

2.3 Conversion Event Data

When your website visitors trigger conversion events, we collect:

  • Event name: (e.g., "Purchase", "Lead", "AddToCart")
  • Event value: Monetary value of the conversion
  • Currency: Currency code (e.g., USD, EUR)
  • Order ID: For deduplication
  • Timestamp: When the event occurred
  • User data (when provided):
    • Email address (hashed before transmission)
    • Phone number (hashed before transmission)
    • First and last name (hashed before transmission)
    • Address information (city, state, zip, country)
  • Technical data: IP address, user agent, referrer URL
  • UTM parameters: Campaign tracking data

2.4 Usage Data

We automatically collect:

  • Pages visited on our platform
  • Features used
  • Time spent on pages
  • Browser type and version
  • Device information
  • Error logs and performance data

3. How We Use Your Information

3.1 Core Service Delivery

  • Conversion Tracking: Upload conversion events to Facebook and Google Ads on your behalf
  • Enhanced Conversions: Hash and transmit user data to improve attribution accuracy
  • Analytics: Provide dashboards showing conversion performance
  • Bot Filtering: Identify and filter bot traffic

3.2 Platform Improvement

  • Monitor and improve service performance
  • Debug and fix technical issues
  • Develop new features
  • Analyze usage patterns

3.3 Communication

  • Send service updates and announcements
  • Respond to support requests
  • Send security alerts
  • Provide account notifications

4. How We Share Your Information

4.1 Advertising Platforms

We share conversion data with the advertising platforms you connect:

  • Facebook: Conversion events with hashed user data
  • Google Ads: Conversion events with hashed user data

Important: All personally identifiable information (PII) is hashed using SHA-256 before transmission. We never send plain-text email addresses, phone numbers, or names to advertising platforms.

4.2 Service Providers

We use the following third-party services:

  • Clerk: Authentication and user management
  • Supabase: Database hosting (PostgreSQL)
  • Cloudflare: Edge computing and DDoS protection
  • Tinybird: Analytics data processing (ClickHouse)
  • Vercel: Web hosting and deployment
  • Sentry: Error monitoring and debugging

4.3 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal obligations
  • Protect our rights and property
  • Prevent fraud or abuse
  • Protect user safety

4.4 Business Transfers

If SignalBridge is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Security

5.1 Security Measures

  • Encryption at Rest: All OAuth tokens and sensitive data encrypted using AES-256
  • Encryption in Transit: All data transmitted over HTTPS (TLS 1.3)
  • PII Hashing: Email, phone, and names hashed before transmission (SHA-256)
  • Access Control: Row-level security in database
  • DDoS Protection: Cloudflare protection against attacks
  • Regular Audits: Security reviews and penetration testing

5.2 Data Isolation

Your data is isolated from other users through:

  • User ID-based access control
  • Database row-level security policies
  • API authentication and authorization

6. Data Retention

6.1 Retention Periods

  • Account Data: Retained while your account is active
  • Conversion Events: Retained for 90 days for analytics
  • OAuth Tokens: Retained until you disconnect the integration
  • Logs: Retained for 30 days for debugging

6.2 Data Deletion

When you delete your account or disconnect an integration:

  • OAuth tokens are immediately revoked and deleted
  • Conversion event data is deleted within 30 days
  • Account data is deleted within 30 days
  • Backups are purged within 90 days

7. Your Rights

7.1 GDPR Rights (EU Users)

If you are in the European Union, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a machine-readable format
  • Object: Object to processing of your data
  • Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California Users)

If you are a California resident, you have the right to:

  • Know: What personal information we collect and how we use it
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt-out of the sale of personal information (Note: We do NOT sell personal information)
  • Non-Discrimination: Not be discriminated against for exercising your rights

7.3 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@signalbridgedata.com
  • Response Time: Within 30 days

8. Cookies and Tracking

Cookie Consent: We respect your privacy choices. You can manage your cookie preferences at any time by clicking the "Manage Cookie Preferences" button at the top of this page.

8.1 Cookies We Use

Necessary Cookies (Always Active)

These cookies are essential for the website to function and cannot be disabled. They are usually only set in response to actions made by you, such as logging in or filling in forms.

  • Authentication: Clerk session cookies for secure login
  • Security: CSRF protection tokens
  • Consent: Your cookie consent preferences (13 months)

Analytics Cookies (Optional)

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

  • Vercel Analytics: Privacy-friendly web analytics (no personal data)
  • Usage Metrics: Page views, session duration, feature usage

Marketing Cookies (Optional)

These cookies are used to track visitors across websites to display relevant advertisements and measure campaign effectiveness.

  • Advertising Platforms: Google Ads, Facebook Pixel (when enabled)
  • Campaign Tracking: UTM parameters and conversion tracking

Personalization Cookies (Optional)

These cookies allow us to remember your preferences and provide personalized content.

  • Theme Preference: Dark/light mode selection
  • Language: Your preferred language
  • Dashboard Settings: Custom dashboard configurations

8.2 Google Consent Mode v2

We implement Google Consent Mode v2 to respect your privacy choices while still providing measurement and insights. When you reject marketing cookies:

  • Google tags operate in a limited mode without using cookies
  • Conversion data is sent without personal identifiers
  • Your privacy choices are respected across all Google services

8.3 Third-Party Tracking

We use the following third-party services:

  • Vercel Analytics: Privacy-friendly web analytics (no cookies, no personal data)
  • Sentry: Error tracking and session replay (only when you consent to analytics)

8.4 Managing Your Cookie Preferences

You have full control over your cookie preferences:

  • Cookie Banner: Choose your preferences when you first visit (EU/EEA/UK users only)
  • Manage Preferences: Click the button at the top of this page to update your choices
  • Browser Settings: You can also control cookies through your browser settings
  • Consent Duration: Your preferences are stored for 13 months

Note: Disabling certain cookies may impact your experience on our platform. Essential cookies cannot be disabled as they are necessary for the website to function.

9. Children's Privacy

SignalBridge is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) with service providers
  • Compliance with GDPR and other data protection laws
  • Encryption of data in transit and at rest

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification for material changes

Your continued use of SignalBridge after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact us:

  • Email: privacy@signalbridgedata.com
  • Support: support@signalbridgedata.com
  • Website: https://signalbridgedata.com
  • Address: [Your Business Address]

Data Protection Officer: Kiril Kostov
Email: dpo@signalbridgedata.com