Skip to main content
SignalSprint

Privacy Policy

Last updated: 11 March 2026

1. Introduction

SignalSprint (“we”, “us”, “our”) is a speed-to-lead conversion platform operated by Powleads. We are committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and share personal data when you visit our website at signalsprint.io, use our platform, or interact with our services.

For the purposes of UK GDPR, the EU General Data Protection Regulation (“GDPR”), and the California Consumer Privacy Act (“CCPA”), SignalSprint acts as both a data controller and a data processor, depending on the context described below.

2. When We Are Controller vs Processor

SignalSprint as Data Controller

We act as the data controller when we determine the purposes and means of processing. This includes:

SignalSprint as Data Processor

We act as a data processor on behalf of our customers (the data controllers) when processing their end-user data. This includes:

When we act as a processor, your customer’s privacy policy governs the processing of their end-user data. We process such data only on documented instructions from the customer. Our standing Data Processing Agreement (“DPA”), compliant with GDPR Article 28, is published at /legal/dpa. For a counter-signed copy, contact [email protected].

3. Data We Collect

3.1 Information You Provide Directly

3.2 Information Collected Automatically

3.3 Customer End-User Data (Processed on Behalf of Customers)

4. Legal Basis for Processing

Under UK GDPR and EU GDPR, we rely on the following lawful bases:

PurposeLawful Basis
Account creation and service deliveryPerformance of a contract (Art. 6(1)(b))
Billing and subscription managementPerformance of a contract (Art. 6(1)(b))
Website analytics and product improvementConsent (Art. 6(1)(a)) via cookie banner
Marketing emails and communicationsConsent (Art. 6(1)(a))
Security, fraud prevention, abuse detectionLegitimate interest (Art. 6(1)(f))
Legal and regulatory complianceLegal obligation (Art. 6(1)(c))
Processing end-user data on behalf of customersCustomer’s instructions under DPA (Art. 28)

5. How We Use Your Data

We use personal data to:

6. Third-Party Sub-Processors

We share personal data with the following categories of third-party service providers, each bound by data processing agreements:

ProviderPurposeLocation
ConvexReal-time database and backend infrastructureEU (eu-west-1)
ClerkUser authentication and identity managementUnited States
StripePayment processing and subscription billingUnited States / EU
PostHogProduct analytics (with consent)EU
ComposioFacebook Lead Ads integration and data syncUnited States
ResendTransactional email deliveryUnited States
RailwayApplication hosting and deploymentUnited States

We do not sell, rent, or trade your personal data. We only share data with third parties as described in this policy or with your explicit consent.

7. International Data Transfers

Our primary database is hosted in the EU (eu-west-1 via Convex). However, some sub-processors are located in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, including:

You may request a copy of the relevant transfer safeguards by contacting [email protected].

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:

Data CategoryRetention Period
User account dataDuration of account + 30 days after deletion
Billing and invoice records6 years (UK legal requirement for financial records)
Customer lead data (processor role)Duration of customer subscription + 30 days (then deleted or returned)
Webhook logs90 days
Anonymous sessions / analytics30 days
Demo requests12 months
Support communicationsDuration of account + 12 months

When data is no longer required, it is securely deleted or anonymised.

9. Your Rights

9.1 UK and EU Residents (UK GDPR / EU GDPR)

You have the right to:

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the CCPA:

10. Automated Decision-Making and Profiling

SignalSprint uses automated intent scoring to classify leads as HOT, WARM, or COLD based on behavioural signals (page views, scroll depth, clicks, time on page, and form interactions). This scoring is used to prioritise follow-up actions for our customers’ sales teams.

This automated processing does not produce legal effects or similarly significantly affect individuals. It influences the order and urgency with which a sales representative contacts a lead, not whether they are contacted at all.

If you are a lead whose data is processed through our platform, you have the right to request human review of any automated scoring decision. Contact the business that collected your data (the data controller), or email us at [email protected] and we will direct your request appropriately.

11. Cookies

We use cookies and similar technologies for authentication, analytics, and storing your preferences. For full details on the cookies we use, how to manage them, and how to withdraw consent, see our Cookie Policy.

12. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

13. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will:

14. Children’s Privacy

SignalSprint is a business-to-business service intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at [email protected].

15. Third-Party Links

Our website and platform may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We encourage you to read the privacy policy of every website you visit.

16. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated by posting a notice on our website and, where appropriate, by email. We encourage you to review this page periodically. The “Last updated” date at the top indicates when this policy was most recently revised.

17. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO):

We would, however, appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at [email protected].

18. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us: