Privacy policy

SignalFlow (“we”, “our”) treats every byte of workspace data as a signal of trust. This policy describes what we collect, why we collect it, where it lives, and the rights you retain over it. It applies to everyone using SignalFlow — individual operators, teams on a Growth plan, and Enterprise customers with a signed MSA.

What we collect

We collect only what is required to surface decisions and signals: meeting transcripts you authorize (via Gong, Zoom, or a file upload), message content from connected workspaces (Slack, Gmail, Linear, Notion), and the decisions, blockers, and comments your team logs inside SignalFlow. We never read raw audio, and we never send your content to third-party model providers without your prior written consent.

How we use it

Your content is used only to operate SignalFlow for your workspace: extracting candidate decisions, surfacing signals, generating Copilot responses, and producing analytics on decision velocity. We do not train models on your data. We do not sell aggregated data. Every LLM pass that touches your content is logged and reviewable inside your audit log.

Where it lives

Data is stored in a primary region of your choice (US-East, EU-West, or AP-Southeast for Enterprise). Backups are encrypted at rest with AES-256 and snapshotted daily for 30 days. Secrets and API tokens are stored in a dedicated KMS instance, separate from application data.

Your rights

You can export, delete, or transfer your workspace data at any time from Settings → Danger zone. Data is irreversibly removed within 30 days of account deletion. EU customers retain full GDPR rights including access, rectification, and erasure; write to privacy@signalflow.example to exercise them.