A plain-English privacy policy for SignalOps.

• SignalOps is an operations product, not an ad-tech product. We collect the minimum data needed to run accounts, track work, and secure the service.
• We collect account details, transaction and goal data, session data, and operational trail events when people use the product.
• We do not sell or rent personal data, and we do not run marketing or advertising trackers on the public site.
• Operational records and receipt images live on managed infrastructure in U.S. data centers.
• You can ask for access, correction, deletion, or export by emailing privacy@signalops.app.

• Account data, such as name, email where provided, role, and store assignment.
• Operational data, including transactions, line items, goals, and related store performance records.
• Authentication and session data, including a session cookie and its expiry so we can keep signed-in users authenticated.
• Operational trail events, including records written when sensitive actions or security-relevant events occur (transaction edits, voids, month locks, PIN resets, district changes, login failures).
• Minimal delivery infrastructure logs needed to deliver and protect the service, generated under our hosting provider's platform policy.

• We don't sell or rent personal data.
• We do not use marketing or advertising trackers on the public site.
• We do not collect precise location, biometrics, or device contacts.

• Deliver the service, including account access, store assignment, reporting, and receipt handling.
• Calculate goals, leaderboard inputs, compensation-adjacent metrics, and bonus workflows.
• Detect abuse, prevent fraud, investigate incidents, and enforce product rules.
• Respond to lawful legal requests, disputes, and regulatory obligations.

• Core application records live in a managed database, with U.S. data centers as the current default.
• Receipt images live in managed object storage.
• Delivery infrastructure logs are generated by our hosting provider.

Our soft default is up to 7 years for transaction-level records so stores can support U.S. federal record-keeping expectations. Session logs and similar security-operational records are kept for shorter periods when possible.

If you make a valid deletion request, we aim to complete it within 30 days unless a legal hold, dispute, or other regulatory obligation requires us to keep specific records longer.

• Access the personal data we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion where we are allowed to delete it.
• Request an export of your data.
• Complain to your regulator if you believe your rights were not handled correctly.

To invoke any of these rights, email privacy@signalops.app.

SignalOps is not directed at children under 16, and we do not knowingly build the public service to target them.

SignalOps currently runs on managed infrastructure in the United States. If you are an EU or UK customer and need transfer paperwork, you can request a DPA at privacy@signalops.app.

We use one application cookie after a user authenticates: a session cookie. It exists to keep an authenticated session active until its expiry. We do not use marketing cookies on the public site.

For the matching security overview and operating posture, see /security.

Email privacy@signalops.app for privacy questions, requests, or regulator follow-up.

Last updated: 2026-05-10

We version this policy and will email notice for material changes when the change affects how we use or disclose customer data.