Signals logo
Security & trust

We protect your data so you can protect your revenue

Signals handles sensitive operational insight. We do not need end user personal data to deliver value, and we treat the data you share with the same care as a production system inside your own stack.

Data model

Signals focuses on account level activity, health scores and risk indicators. You can choose what to sync and avoid sending personal identifiers if your policies require it.

Encryption

All data is encrypted in transit using TLS and encrypted at rest by our hosting provider. Keys and secrets are stored in managed secret stores, not in code.

Separation

Each customer workspace is isolated at the data layer. Access is controlled by strict application level checks and least privilege access for internal tools.

Infrastructure

Signals runs on a modern managed cloud platform in Europe, with separate environments for production, staging and demo.

  • • Managed database with automatic backups and point in time restore
  • • Network level controls and hardened base images
  • • No shared root access and no unmanaged servers

Access control

Access to production systems is tightly restricted and audited.

  • • Access limited to a small engineering group
  • • Multi factor authentication enforced for core systems
  • • Principle of least privilege for roles and permissions
  • • No direct database access for customers or third parties

Integrations and data flow

Signals connects to tools like CRM, support platforms and communication systems using scoped API keys or OAuth.

  • • Read focused permissions wherever possible
  • • No bulk writes into your systems without clear consent
  • • Event data is pulled, normalised, scored and stored per workspace

Application security

We ship small, frequent changes and keep a strong focus on basic hygiene.

  • • Dependency monitoring and regular updates
  • • Static checks as part of the build pipeline
  • • Role based access in the product for teams and workspaces

Incident response

If something does go wrong, we want you to know what happened and what we did about it.

  • • Defined severity levels and response playbooks
  • • Monitoring on uptime and core workflows
  • • Root cause analysis for material incidents
  • • Direct communication with affected customers

Future compliance

As Signals grows, formal certification becomes part of the plan rather than an afterthought.

  • • Independent penetration testing before wider rollout
  • • Preparation for SOC 2 Type I followed by Type II
  • • Clear documentation for security and procurement reviews

Data ownership and usage

You own your data. Signals only uses your information to calculate health scores, generate alerts and power the features you turn on.

  • • No sale of customer data
  • • No use of your data for advertising
  • • Retention aligned to your contract and reasonable operational needs

Security questions

Need more detail for a security review, DPA or vendor assessment pack?

Email us at [email protected].

We can provide architecture diagrams, data flow details and answers tailored to your internal process.