Privacy Policy

Last updated: March 24, 2026

1. Who we are

This Privacy Policy describes how Signal Ops AI (“we,” “us”) collects, uses, stores, and shares information when you use our website and cloud service (the “Service”). The Service is operated for business customers (typically organizations). If you use the Service under an organization’s account, that organization’s administrator may control certain settings and user access.

2. What data we collect

We collect information you provide and data generated when you use the Service.

  • Account and profile: name, email address, and password (stored using a hashed representation). When you invite team members, we process the email addresses and roles you assign.
  • Organization: organization name, plan or subscription tier, currency, and workspace identifiers needed to isolate data between customers.
  • Synced Jira and project data: when you connect Atlassian Jira Cloud (or similar integrations), we import and store project metadata, worklogs, issues, and resource or user identifiers as needed to calculate profitability, margins, and alerts. Scope follows your Jira permissions and the integration you authorize.
  • Financial inputs you enter: revenue, budgets, cost rates, and related fields you configure in the product for included projects.
  • Technical and support data: log data, diagnostics, and messages you send through support or contact forms, used to operate and secure the Service and respond to you.

3. How we use data

We use the information above to:

  • Provide, operate, and improve the Service (authentication, multi-tenant isolation, calculations, alerts).
  • Process subscriptions and payments where applicable.
  • Send transactional and product-related email (for example, account, security, or onboarding messages).
  • Detect abuse, fraud, and security issues; comply with law; and enforce our terms.
  • Communicate with you about support requests you initiate.

We do not sell your personal information. We may use aggregated or de-identified data for analytics and product improvement.

4. Third-party services

We use subprocessors to run the Service. Categories include hosting and databases, payment processing, email delivery, and integration APIs. Depending on your use of the product, we may process data through:

  • Infrastructure and hosting: cloud providers where the application and databases run. Data is stored in environments we configure with access controls appropriate for a multi-tenant SaaS product.
  • Payments (Stripe): where self-serve checkout or subscription billing is available, Stripe (or a similar payment processor) may receive billing details, payment method tokens, and transaction metadata needed to process payments. Stripe’s privacy policy and terms govern their processing of payment data.
  • Email (Resend or similar): we use an email delivery provider to send transactional and product email (e.g. verification, invitations, notifications). The provider processes recipient addresses and message metadata as a data processor.
  • Atlassian Jira: when you connect Jira, we use Atlassian’s APIs to read data you authorize. Atlassian’s terms and privacy policy apply to their services. We use Jira data only to provide the Service, not to train third-party models unrelated to your workspace unless we separately disclose and obtain consent where required.

We enter into agreements with subprocessors that require appropriate security and confidentiality for the services they perform for us.

5. Data security

We implement administrative, technical, and organizational measures designed to protect data, including encryption in transit (such as HTTPS), access controls, authentication, and logical separation of customer data by organization. No method of transmission or storage is completely secure; we work to reduce risk in line with the nature of the Service.

6. Data retention

We retain account and organization data as long as your workspace is active. Synced integration data is retained to support calculations, history, and auditability. If you disconnect an integration or close your account, we delete or anonymize data in line with our retention practices and legal obligations. You may request deletion of personal data by contacting us; we will respond in accordance with applicable law.

7. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. You can update some information in the Service. For other requests, contact us via the Contact page and indicate that your request is privacy-related. We may need to verify your identity before responding.

8. International transfers

If you access the Service from outside the country where our primary infrastructure is located, your data may be processed in a country with different data protection laws. We take steps designed to ensure appropriate safeguards where required by law.

9. Updates to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest revision. We encourage you to review this page periodically. Continued use of the Service after updates constitutes acceptance of the revised policy where permitted by law.

10. Contact

For privacy questions or requests, use our Contact page and indicate that your message is about privacy. We will respond as required by applicable law.