PRIVACY POLICY – SIGNALTRUE

SignalTrue is a business-to-business software platform designed to help organizations understand team-level collaboration patterns, engagement signals, and operational rhythms. SignalTrue provides aggregated, derived insights to managers, HR, and leadership teams to support healthier team operations and better leadership decisions.

SignalTrue processes only metadata from integrated workplace tools and does not monitor individual employees, does not expose individual-level behavior, and does not provide raw data or insights to third parties.

DATA CONTROLLER

SignalTrue OÜ
Asula 4, 11312 Tallinn, Estonia
Email: privacy@signaltrue.ai

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy explains how SignalTrue accesses, uses, stores, protects, and deletes data, including Google user data, in compliance with the Google API Services User Data Policy, Google APIs Terms of Service, and applicable data protection laws.

INTEGRATIONS AND DATA SOURCES

SignalTrue may integrate with organizational workplace tools such as Google Workspace (Google Calendar), Slack, and Microsoft 365. Each integration uses read-only access and processes metadata only. Message bodies, file contents, and meeting content are not stored or displayed.

GOOGLE USER DATA ACCESSED

SignalTrue accesses Google Calendar data only via a read-only OAuth scope.

SignalTrue may process limited calendar metadata required to compute aggregated team-level metrics, including metadata related to meeting timing and invitation response behavior.

SignalTrue does not store or display raw Google Calendar events and does not access or persist the following as standalone data: event titles or summaries, event descriptions, meeting content or attachments, attendee lists as individual-level records, or organizer identity as a personal profile.

SignalTrue does not access historical Google Calendar data. Data collection begins only after a user explicitly connects their Google Calendar account.

OTHER METADATA PROCESSED

When connected, SignalTrue may process metadata from collaboration tools such as Slack or Microsoft 365, including message timestamps, response timing metadata, and channel-level activity signals.

SignalTrue may perform aggregated sentiment or tone analysis on public or work-related channels to detect team-level shifts. Raw message content is not stored, displayed, or made available to users.

DATA USAGE

SignalTrue uses all processed data solely to generate derived, aggregated signals at team level. Examples include meeting load indicators, response latency trends, after-hours activity rates, focus time ratios, collaboration breadth indicators, engagement drift detection, and composite team health or energy scores.

SignalTrue uses these derived signals to provide dashboards, alerts, and contextual recommendations intended to support leadership and HR decision-making. No raw event data or individual-level activity data is exposed.

DATA STORAGE

SignalTrue does not store raw calendar events or raw message content.

Only derived metrics, aggregated trend data, alerts, and contextual annotations are stored. All stored data is tenant-isolated and logically separated per customer organization.

DATA SHARING

SignalTrue does not sell, rent, license, or otherwise provide Google user data or derived insights to third parties.

SignalTrue does not share data for advertising, profiling, or marketing purposes and does not use Google user data to train artificial intelligence or machine learning models.

Notifications and alerts may be delivered via integrated platforms such as Slack or email. No data is provided to those platforms beyond what is required to deliver the notification.

Infrastructure providers used to operate the service act solely as data processors and do not use data for their own purposes.

DATA RETENTION

Data is retained while the customer account is active.

If an integration is disconnected, SignalTrue stops collecting new data from that source. Previously generated derived signals may be retained unless deletion is requested.

DATA DELETION

Customers may request deletion of all stored data via an administrator-level request.

Upon a valid deletion request, all derived metrics, alerts, and stored data associated with the customer organization are permanently deleted.

Individual employee deletion requests are not applicable, as SignalTrue stores only aggregated, team-level signals and does not store individual user profiles or raw activity logs.

DATA SECURITY

SignalTrue applies industry-standard security practices, including encryption in transit using TLS, encryption at rest, and strict tenant isolation.

Access to production data is restricted to authorized superadmin personnel only and limited to what is necessary to operate and support the service.

USER RIGHTS

Where applicable under data protection laws, customers may request access to, correction of, or deletion of their organization’s data through an authorized administrator.

COMPLIANCE WITH GOOGLE API SERVICES USER DATA POLICY

SignalTrue’s use of Google user data complies with the Google API Services User Data Policy, including Limited Use requirements.

Google user data is used only to provide SignalTrue’s user-facing features. Google user data is not sold, not used for advertising, not used for profiling, not used for surveillance, and not used for AI or machine learning model training.

CONTACT

For privacy, data protection, or deletion requests, authorized administrators may contact privacy@signaltrue.ai