Privacy Policy - ChatSignals

Introduction

This notice explains how Chatsignals Ltd ("Chatsignals," "we," "us," "our"), a company registered in England and Wales with company registration number 15948861 and registered office at 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom, manages and protects your personal data. We are registered with the Information Commissioner's Office (ICO) with registration number ZB873990.

We want to make sure that you fully understand the nature of the personal data we need from you to serve you better, how we use and safeguard your personal data, and why the collection and processing of your personal data is necessary when you interact with us.

Chatsignals may change this Policy at any time. We will notify you of significant changes to the Policy, but please check it regularly to keep up-to-date. If you do not wish to accept the new Policy, you should stop using our Service. If you continue to use the Service after the changes, your continued use of the Service shows your agreement to be bound by the new Policy.

What does this Notice cover?

This notice applies to all personal data collected via the use of our website(s), applications, products and services, through communication with Chatsignals, and by any other means through which you provide personal data to us, directly or indirectly.

This notice does not cover personal data collected about employees or job applicants.

What is personal data?

It is important to understand what we mean by "personal data". Personal data refers to any information related to an individual that can identify them, either directly or indirectly. This means that, in some cases, a single element of information may not identify you, but several pieces together will and, if they do, then they are considered personal data. Examples of personal data include your name, identification numbers, location, factors specific to your physical, mental, economic or social identity, among others.

What personal data protection and privacy regulations does Chatsignals comply with?

Because we serve customers globally, we comply with various data protection and privacy regulations around the world, such as the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), U.S. state privacy laws including the California Privacy Rights Act (CPRA), and others. We understand that we live in a fully interconnected world, and we want to assure you that Chatsignals is committed to protecting the personal data of all our customers and visitors to our websites, regardless of their location.

When we rely on consent as a lawful basis for processing your personal data, we will provide you with granular choices about how your data is used. You may choose to consent separately to:

Marketing communications (email, SMS, in-app messages)
Analytics & website tracking (performance monitoring, visitor behavior)
AI-powered insights & automated decision-making related to customer conversations and quality monitoring.
Sharing data with third-party service providers for advertising

You can manage your consent preferences at any time by emailing us at privacy@chatsignals.io.

Is Chatsignals a data controller or a data processor?

Some data protection regulations differentiate between a data controller and a data processor. A data controller is an organisation that determines how to collect and process personal data whereas a data processor is an organisation that collects and processes personal data on the data controller's behalf and under the data controller's instructions.

Chatsignals is both a data controller and a data processor.

As a controller, Chatsignals collects and processes personal data from visitors to Chatsignals' website(s) and from customers that sign up for our products and services. In this context, Chatsignals determines how this personal data is collected, processed and shared.

As a data processor, Chatsignals collects and processes personal data from end users of Chatsignals' registered customers and only does so as per customer's requirements. Even if we are not making decisions about how personal data is being processed, we continue to protect the personal data collected by us, at all times.

On what legal basis does Chatsignals process your personal data?

Data protection law requires us to have a lawful basis each time we process your personal data. We rely on the following:

Data type	Lawful basis
Account data	Performance of a contract — we need this to provide you with our services
Payment processing	Performance of a contract — necessary to process payments for the service
Billing records retention	Legal obligation — we're required to retain these for tax and financial compliance
Customer account usage data	Performance of a contract — processing is necessary to deliver the service and bill for usage
Customer conversation content (end-user data)	Processed on customer instructions — customer determines lawful basis (we act as data processor)
Marketing communications	Consent — we only send these if you've opted in
Website analytics & cookies	Legitimate interests — for essential analytics; cookie consent mechanism in development
Fraud prevention & security	Legitimate interests — we have a legitimate interest in keeping our platform secure

Where we rely on legitimate interests, we have carried out a balancing test to ensure our interests don't override your rights.

How does Chatsignals collect and process your personal data?

To provide you with an optimal web experience, along with high-quality AI-powered quality monitoring and coaching services, it is necessary for us to collect and process your personal data.

We categorize your personal data into four types: Account Data, Usage Data, Content Data, and Visitor Data.

Account data: This includes all personal data collected to manage your Chatsignals account. It includes information necessary for providing support and billing for our services.
Usage data: This includes all personal data collected when you utilise our products and services, such as monitoring customer interactions, call durations, coaching insights, and other usage details.
Content data: This refers to all personal data collected within the service, including customer conversation details, call recordings, transcriptions, coaching notes, and any AI-generated analysis created by Chatsignals.
Visitor data: This is all personal data collected when you visit our website, applications and when you sign up to receive communications from Chatsignals.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you and remember your preferences.
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests.

UK GDPR and the ePrivacy Directive require us to obtain explicit consent before placing non-essential cookies on your device. This includes cookies used for analytics, advertising, and personalization.

How we obtain your consent:

When you first visit our website, a cookie banner will ask for your consent before setting non-essential cookies.
You can manage your cookie preferences at any time through our Cookie Settings page.
Essential cookies required for the website to function do not require consent.

How to opt out: You may withdraw your consent for non-essential cookies at any time via our cookie management tool or by adjusting your browser settings.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

How does Chatsignals share your personal data?

As part of the products and services that Chatsignals offers to you, we need to share your personal data with our employees and some other third-parties that help Chatsignals deliver our products and services or when necessary for our suppliers to provide services to us. We always make sure that we share your personal data when it is absolutely necessary to give you the best products and services and we ensure that we do so in a safe and controlled way.

Third-party data sharing

To deliver our services and operate our business, we share data with the following third parties. We categorize them into two types:

Sub-processors: These vendors process your customers' conversation data on our behalf under Data Processing Agreements (DPAs).

Our own service providers: These are tools we use to operate our business (website analytics, marketing, SEO). They may collect data about visitors to our website and our business contacts, subject to their own privacy policies and appropriate data transfer agreements where applicable.

Provider	Purpose	Role
Stripe	Payment processing	Sub-processor (DPA)
AWS	Infrastructure & data storage	Sub-processor (DPA)
Hetzner	Infrastructure & data storage	Sub-processor (DPA)
OpenAI	AI-powered conversation analysis	Sub-processor (DPA)
OpenRouter	AI model routing & inference	Sub-processor (DPA)
Cohere	AI-powered conversation analysis	Sub-processor (DPA)
Groq	AI inference infrastructure	Sub-processor (DPA)
HubSpot	Customer conversation data integration	Sub-processor (DPA)
Google Analytics	Website analytics	Service provider
Plausible	Website analytics	Service provider
Ahrefs	SEO & website analytics	Service provider
Apollo.io	Sales intelligence & analytics	Service provider

Some third-party providers are located outside the UK and EEA. In such cases, we ensure appropriate safeguards are in place, including Standard Contractual Clauses for sub-processors. An up-to-date list is always available by emailing privacy@chatsignals.io.

How does Chatsignals protect your personal data?

Chatsignals takes the protection and security of your personal data very seriously. We use physical, organisational, technical, and administrative measures to safeguard your personal data, and regularly re-assess and revise our policies and practices to improve security measures to protect personal data and seek to partner with organisations that do the same.

Please remember that no data transmission over the Internet, whether wired or wireless, is 100% secure, therefore we cannot fully guarantee the security of information transmitted to Chatsignals and cannot be responsible for the actions of any third-party that may intercept any such information. Once we receive your data, we commit to making all reasonable efforts to protect it to ensure it resides securely in our systems.

As a global organisation, we may need to transfer your personal data to Chatsignals affiliates, contractors, service providers, and to third parties in countries outside of your home country. In such cases, we take care to use appropriate safeguards to ensure your personal data remains protected.

If you believe that your personal data may have been compromised by Chatsignals or by using Chatsignals' website, products or services, please contact us using the details in the "contact information" section of this notice. We will be happy to assist you.

Where does Chatsignals store your personal data?

The personal data that Chatsignals receives from you resides on secure servers located in the United Kingdom and European Economic Area (EEA). In some cases, your data may be transferred to and stored at a destination outside the UK and EEA.

For data transfers outside the UK and EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses and additional technical and organisational measures to protect your data. Keeping in line with our commitment to protect your personal data, Chatsignals ensures that all third-party providers we work with sign a Data Processing Agreement to ensure that they will protect your personal data according to Chatsignals' expectations and legal requirements.

Rights over your personal data

Privacy and data protection regulations such as the UK GDPR grant you certain rights that you can exercise over the personal data that organisations like Chatsignals collect and manage about you. At Chatsignals we believe in providing these rights to all of our customers regardless of where they are located in the world. Every Chatsignals customer has the same rights over their personal data.

Unless there are clear exceptions because of legal or regulatory requirements, we will work to ensure that your requests are addressed within 30 days. These are the requests you may contact Chatsignals about:

You have the right to access the personal data that Chatsignals maintains about you, including the categories of data and how Chatsignals collects, processes and shares your personal data.
You have the right to request deletion of your personal data, update or correct your data, object to processing of your data, ask us to restrict processing of your data or request portability of your data. In each case we will inform you of the consequences of your request and if there are any exemptions to honouring your request based on legal, regulatory or contractual requirements.
If Chatsignals has collected and processed your personal data based on your explicit consent, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing Chatsignals conducted prior to your withdrawal.
You have the right to be notified about a data breach that may impact the integrity, availability or confidentiality of your personal data.
You have the right to complain to a data protection authority about Chatsignals' collection and processing of your personal data. However, we would appreciate it if you give us the opportunity to deal with your complaint internally before contacting a data protection authority.

In order to exercise any of the rights you have over your personal data or if you are not able to complete your request directly through your account, please send an email to privacy@chatsignals.io. Once we receive your request, we will contact you to provide acknowledgement and request further information if required. We will never discriminate against you for exercising your personal data rights.

Automated decision-making

Chatsignals has implemented automated decision-making processes as part of our AI-powered quality monitoring and conversation services. Our AI systems analyse customer interactions to provide insights, identify areas for improvement, and generate conversation replies.

Under UK GDPR, you have the right to object to decisions made solely based on automated processing, including profiling, if these decisions produce legal effects or significantly affect you.

If Chatsignals' AI-powered quality monitoring or conversation system makes a decision affecting you, you have the right to:

Request human review of the decision.
Obtain an explanation of the logic used in the decision-making process.
Challenge the outcome if you believe the decision was incorrect.

To exercise this right, please email privacy@chatsignals.io with the subject line "Automated Decision Review Request."

Personal data breach notification

Chatsignals, as part of our security and data protection measures, has implemented processes to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

In the event of a data breach that affects your personal data, Chatsignals will:

Notify the UK Information Commissioner's Office (ICO) within 72 hours, if required by law.
Inform affected individuals without undue delay if the breach poses a high risk to their rights and freedoms.
Provide details on what happened, what data was affected, and recommended steps to protect yourself.

If you believe your data may have been compromised, please contact our Data Protection Officer (DPO) at privacy@chatsignals.io.

Chatsignals' personal data retention period

We retain your personal data only for as long as necessary for the purposes outlined in this policy. Our general retention periods are:

Customer account data – Retained for 3 years after account closure, unless legal or regulatory requirements require a longer period.
Billing & payment records – Retained for 6 years, in compliance with tax and financial regulations.
AI-generated insights, conversation logs & call recordings – Retained for 12 months, unless the customer requests deletion earlier.
Marketing & website visitor data – Retained for 12 months, unless you withdraw consent earlier.

If you wish to request early deletion of your personal data, you may do so by contacting privacy@chatsignals.io. In some cases, legal obligations may prevent immediate deletion, and we will inform you accordingly.

Chatsignals' Data Processing Addendum

In our role as a processor, we are happy to provide you with a Data Processing Addendum (or DPA) where we commit to safeguarding the personal data that we will process on your behalf, will support you on any request you may receive from individuals or Data Protection Authorities and will ensure that we process personal data according to personal data protection regulations such as the UK General Data Protection Regulation.

U.S. Supplemental Privacy Notice

This section of the Privacy Notice describes the practices that we follow regarding the collection, use, and disclosure of personal information of consumers in US states that have enacted privacy laws including but not limited to California, Colorado, Virginia, Utah, and Connecticut collectively referred to as "US State Privacy Laws":

For California residents, "personal information" is broadly defined under the California Privacy Rights Act (the "CPRA") to include, among other things, all information that can be directly or indirectly linked to an individual or household. In all cases, personal information does not include de-identified information, aggregate information that cannot be linked to a particular individual, or pseudonymised information.

Categories of Collected Personal Information

Chatsignals collects personal information from the following sources:

Directly from the individual the information is about.
Directly from our business customers who provide us with data about their customer interactions.
Indirectly from an individual's interaction with our website or our products.

Disclosures of personal information

In accordance with our business operations, Chatsignals may share personal information in the categories identified in this Privacy Notice and for the purposes described herein.

Sale of personal information

Chatsignals does not sell your personal information to third parties.

We may share personal information with trusted service providers who help us operate our platform, but this is done under strict contractual controls and solely to deliver our services to you. These providers are not permitted to use your data for their own purposes.

If you have questions about how your data is shared, please contact us at privacy@chatsignals.io.

Your Privacy Rights

Individuals who reside in states with US State Privacy Laws have certain rights regarding the collection, use and disclosure of their Personal information. These rights vary by state. If the state in which you reside mandates it, we will provide you with the following rights:

Right to opt-out of sharing your Personal information for cross-context behavioral advertising or, in other states, to opt-out of targeted advertising;
Right to data portability, which means that you may request that we provide you a copy of specific pieces of Personal information we have collected about you in the past 12 months in an electronic format;
Right to request to know about the Personal information we process about you or acknowledge the processing of your Personal information;
Right to request that we correct your Personal information;
Right to request that we delete your Personal information;
Right to request that we limit the processing of your Sensitive Personal information;
Right to opt-out of the processing of your Sensitive Personal information;
Right to appeal the denial of a request; and
Right to lodge a complaint with the data protection authority in your jurisdiction.

For individuals in California, once we receive your request to disclose how Chatsignals has collected, used, and shared your Personal information in the last twelve months, we will verify your identity and provide the following information:

Categories of Personal information collected about you by Chatsignals.
Sources from which we obtained your Personal information.
Purposes for using your Personal information.
Third parties with whom we shared your Personal information.
Whether we sold or shared your Personal information for the benefit of Chatsignals.

We aim to respond to your requests within the established 45 days from receipt. If we require more time to respond, we will let you know within this period. We will deliver our response by mail or electronically, depending on your preference.

We will not discriminate against you for exercising your personal information rights.

Authorised agent

You may designate an authorised agent to make requests on your behalf. We will require verification that you did, in fact, authorise the agent. Unless the law requires otherwise, your authorised agent must provide contact details for you. We will contact you to confirm that you authorised the agent. Once you confirm, we will promptly respond to the rights request.

Exercising your privacy rights

To exercise your rights, you may contact us at privacy@chatsignals.io. In order to fulfill your request, we may require additional personal information for purposes of verifying your identity. If you make a request through your designated agent, we may require additional information from you to verify the authorisation of your designated agent.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Chatsignals Ltd
Email: hello@chatsignals.io
Address: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom.

You also have the right to make a complaint to the ICO by contacting them at any time.