Skip to content

Privacy Policy

Last updated: April 10, 2026

What We Collect

Account data: email, name, company, store URL, payment info (handled by Stripe — we never see card details).

Store data: when you connect a store, we store product catalogs, GTINs, descriptions, and inventory levels. API credentials are encrypted at rest using AES-256-GCM.

Scan results: URLs scanned, GEO scores, findings, and aggregated benchmarks.

Agent query logs: when AI agents query your MCP server, we log the agent name, tool called, query arguments, and response time. We do NOT log end-user PII.

How We Use It

  • Provide and improve the Service
  • Generate aggregated, anonymized industry benchmarks
  • Send weekly reports and score alerts (you can opt out)
  • Process payments via Stripe
  • Detect abuse and enforce our acceptable use policy

Subprocessors

We use the following third parties to operate the Service:

  • Stripe — payment processing (PCI DSS Level 1)
  • OpenAI — product data enrichment via GPT-4o-mini and AI visibility checks via gpt-4o-search-preview. See OpenAI data handling below.
  • Resend — transactional email delivery
  • Vercel — application hosting and edge network
  • PostgreSQL hosting provider — database storage with encryption at rest
  • Redis — job queue and rate limiting
  • Sentry — error monitoring (no PII captured)

OpenAI Data Handling

When you run a Feed Optimizer enrichment, the following data is sent to OpenAI's API:

  • Product titles, descriptions, brand, category, price, and existing attributes
  • The text returned by OpenAI is stored as enrichment suggestions for your review

When you run an AI Visibility check, the following is sent to OpenAI:

  • Your store's URL and brand name (as the search subject)
  • Generated product queries (e.g., “best waterproof hiking boots”)

Important:SignalixIQ uses OpenAI's API (not ChatGPT consumer). Per OpenAI's API data usage policy, data submitted via the API is NOT used to train OpenAI models and is retained for a maximum of 30 days for abuse monitoring. We do not send customer PII, payment data, or personal order details to OpenAI.

Your Rights (GDPR / CCPA)

You have the right to access, export, correct, or delete your personal data. Email hello@signalixiq.com to exercise these rights. We respond within 30 days.

EU residents: SignalixIQ acts as a data processor. You may execute a Data Processing Agreement (DPA) by emailing us.

Data Retention

Account data is retained while your account is active. Scan results are retained for 24 months. Agent query logs are retained for 12 months. After account deletion, all personal data is removed within 30 days.

Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies or behavioral advertising.

Security

All data is transmitted over HTTPS. Store API credentials are encrypted at rest using AES-256-GCM. We follow industry best practices for secret management. Report security issues to hello@signalixiq.com.

Contact

Privacy questions? Email hello@signalixiq.com.