Privacy Policy
Last updated: 2026-04-16
Effective Date: 2026-04-16 | Last Updated: 2026-04-16
Introduction
SignalAEO LLC, a Utah limited liability company ("SignalAEO," "we," "us," or "our") operates the SignalAEO platform, which measures how AI-powered answer engines — including ChatGPT, Perplexity, and Gemini — respond to queries relevant to your business. This Privacy Policy explains what personal information we collect, how we use and protect it, and what choices you have.
This Policy applies to:
- Our website at signalaeo.com (the "Site")
- The SignalAEO web application and any associated APIs (collectively, the "Service")
- Any communications between you and SignalAEO, including email and support interactions
By accessing or using the Service, you agree to the collection and use of your information as described in this Policy. If you do not agree, please discontinue use of the Service.
We operate from the United States (Utah) and our mailing address is 3300 Triumph Blvd, Suites 100 and 200, Lehi, UT 84043. We may process your data in the US and other countries. See Section 6 (International Data Transfers) for details.
Information We Collect
We collect information in three ways: information you provide directly, information generated automatically as you use the Service, and information from third parties.
Account Data
When you create a SignalAEO account or purchase a subscription, you provide:
- Identity information: Full name, business name
- Contact information: Email address, phone number (if provided)
- Authentication credentials: Password (stored in hashed form; we do not store plaintext passwords)
- Business information: Industry, location, target geographic markets, and any keywords or business categories you configure for monitoring
- Account preferences: Notification settings, reporting frequency, dashboard configuration
Billing Data
When you subscribe to a paid plan, our payment processor collects payment information. We receive:
- Subscription tier and billing cycle
- Last four digits of the payment method
- Billing address
- Transaction history (amounts, dates, subscription events)
We do not receive or store full credit card numbers, CVV codes, or bank account details. Payment card data is handled by Stripe, Inc. and governed by that provider's privacy policy and PCI-DSS compliance program.
Usage Data
As you use the Service, we automatically collect information about how you interact with it:
- Pages viewed, features accessed, and time spent in the application
- Dashboard actions (reports run, settings changed, exports generated)
- Search queries entered within the SignalAEO interface
- Error logs and diagnostic data
- IP address, browser type, operating system, and device identifiers
- Referring URL and session duration
AI Query Observation Data
This is the core of the SignalAEO Service. We operate a fleet of consumer-grade mobile devices across multiple geographic regions in the United States, configured to match your target markets. When we run an observation on your behalf:
- What we query: Search prompts and question strings you configure, or that our system generates based on your business profile and monitored keywords
- What we capture: The AI-generated response text returned by a given answer engine at the time of the observation, including whether your business, competitors, or other entities are cited
- Source device metadata: Geographic region of the device used, device type category, the AI platform queried, and the timestamp. The real accounts used on these devices are owned and operated by SignalAEO itself; they are not owned by third-party participants, so no end-user personal information is implicated in the observation process
- Citation analysis: Structured data extracted from AI responses, including entity names mentioned, ranking position, and sentiment classification
- Historical response data: Time-series snapshots of AI responses to track change over time
What we do not capture: We do not record audio, collect personal browsing history unrelated to AI observations, or intercept communications.
Support Data
When you contact our support team, we collect your name and email, the content of your inquiry, attachments you submit, and support ticket metadata.
How We Use Your Information
Service Delivery
- Operate the SignalAEO platform and provide the features you subscribe to
- Run AI observation queries on your behalf using your configured keywords and target locations
- Generate reports, dashboards, and recommendations based on observation data
- Send automated alerts and scheduled reports per your notification preferences
- Process payments and manage your subscription
Service Improvement
- Analyze aggregated, de-identified usage patterns to understand which features are most valuable
- Debug errors and improve platform stability
- Develop new features and product capabilities
- Train and refine internal models used to classify AI responses (using aggregated, anonymized query data only)
Communication
- Send transactional emails related to your account (receipts, password resets, subscription changes)
- Send service announcements (platform updates, scheduled maintenance, changes to terms)
- Send marketing communications — only if you have opted in or where otherwise permitted by applicable law
- Respond to support requests, questions, and feedback
Legal Compliance and Safety
- Comply with applicable laws and regulations
- Respond to lawful requests from courts, regulators, or law enforcement
- Enforce our Terms of Service and protect the rights and safety of SignalAEO, our users, and third parties
- Detect, investigate, and prevent fraud, abuse, and security incidents
Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data only when we have a valid legal basis.
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract — necessary to perform the services you requested |
| Processing payments | Contract — necessary to fulfill the subscription agreement |
| Running AI observations per your configuration | Contract — core service delivery |
| Sending transactional emails | Contract / Legitimate Interest |
| Analyzing usage to improve the Service | Legitimate Interest |
| Sending marketing communications | Consent |
| Complying with legal obligations | Legal Obligation |
| Fraud detection and security | Legitimate Interest |
Where we rely on legitimate interests, you have the right to object. See Section 8.
How We Share Your Information
We do not sell your personal information. We do not sell or rent your data to data brokers, advertisers, or third parties for their independent marketing purposes.
Service Providers (Sub-processors)
We engage trusted third-party companies to help us operate the Service. Categories of service providers include:
- Cloud infrastructure: AWS Lightsail (us-west-1, Northern California region) provides hosting, storage, and database services
- Payment processing: Stripe, Inc.
- Email delivery: Email delivery is currently handled by our cloud infrastructure provider; no separate email sub-processor is currently in use.
- Customer support: Customer support is handled in-house via hosted email on our AWS infrastructure; no separate ticketing sub-processor is currently engaged.
- Analytics: None currently deployed; privacy-preserving analytics planned.
- Error monitoring: Application logs retained on our AWS infrastructure; no separate error-monitoring sub-processor is currently engaged.
A complete list of our current sub-processors is available at /subprocessors/.
Legal Disclosure
We may disclose your information if required by law or if we believe in good faith that disclosure is necessary to comply with a legal obligation, protect the rights or safety of SignalAEO or our users, enforce our Terms of Service, or detect, prevent, or address fraud or security issues.
Business Transfers
If SignalAEO is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
Aggregate and De-identified Data
We may share aggregate, anonymized, or de-identified data with partners, researchers, or the public. This data is not personal information.
International Data Transfers
SignalAEO is based in the United States. If you access the Service from the EEA, UK, Switzerland, or other regions with data protection laws that differ from US law, your personal data will be transferred to and processed in the United States.
For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions where applicable.
Specifically, for EEA transfers we rely on the EU Standard Contractual Clauses (2021) Module Two (Controller-to-Processor); for UK transfers we apply the UK International Data Transfer Addendum (B1.0); and for transfers from Switzerland we rely on the standard form for Swiss FADP compliance.
Data Retention
We retain personal information only as long as necessary for the purposes described in this Policy, to fulfill our contractual obligations, and to comply with legal requirements.
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 24 months after account closure |
| AI observation data (raw query results) | 24 months from collection, then de-identified or deleted |
| Billing records | 7 years after the transaction (tax and accounting compliance) |
| Support communications | 3 years from ticket closure |
| Usage and analytics logs | 24 months, then aggregated |
| Marketing consent records | Until consent is withdrawn, plus 3 years for compliance evidence |
When you close your account, we will delete or de-identify your personal data within 90 days, except where retention is required for legal compliance or legitimate business purposes.
Your Privacy Rights
Rights Under GDPR (EEA/UK Users)
- Right of access: Request a copy of the personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure ("right to be forgotten"): Request deletion of your personal data, subject to legal retention obligations
- Right to restrict processing: Ask us to pause certain processing activities while a dispute is resolved
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes
- Rights related to automated decision-making: Not to be subject to solely automated decisions that produce legal or similarly significant effects, without human review
Rights Under CCPA/CPRA (California Residents)
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected
- Right to delete: Request deletion of personal information we have collected, subject to exceptions
- Right to correct: Request correction of inaccurate personal information
- Right to opt out of sale or sharing: We do not sell or share your personal information for cross-context behavioral advertising
- Right to limit use of sensitive personal information: SignalAEO does not intentionally collect CPRA-defined "sensitive personal information," so this right is not generally engaged by our processing.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights
CCPA Categories of Personal Information Collected
| CCPA Category | Examples We Collect | Sold? |
|---|---|---|
| Identifiers | Name, email, IP address | No |
| Commercial information | Subscription history, billing records | No |
| Internet or other electronic network activity | Usage logs, feature interactions | No |
| Geolocation data | Approximate location via IP (not precise GPS) | No |
| Inferences drawn from other information | Business profile, citation performance trends | No |
Rights for Other Jurisdictions
If you are located outside the US, EEA, UK, or Switzerland, you may have rights under local law. Contact contact@signalaeo.com to exercise any such rights.
How to Exercise Your Rights
To submit a privacy rights request, please contact us at:
- Email: contact@signalaeo.com
- Postal address: 3300 Triumph Blvd, Suites 100 and 200, Lehi, UT 84043
- Web form: Please contact contact@signalaeo.com to submit a rights request; a web-based form is on our roadmap.
Verification Process
To protect your information from unauthorized access, we will verify your identity before fulfilling a request. We will respond to verifiable requests within 30 days.
We will not charge a fee for reasonable requests. If requests are manifestly unfounded, excessive, or repetitive, we may charge a reasonable fee or decline to act.
Authorized Agents
California residents may designate an authorized agent to submit rights requests on their behalf. We will require written proof of the agent's authority and may still verify your identity directly.
DPO Contact
SignalAEO has not appointed a Data Protection Officer under GDPR Article 37; our processing scope does not currently meet the mandatory designation thresholds. For privacy inquiries, contact contact@signalaeo.com.
Children's Privacy
The Service is intended for business users and is not directed to individuals under the age of 13 (or 16 for users in the EEA/UK). We do not knowingly collect personal data from children under these age thresholds.
If you believe we have inadvertently collected information from a child, please contact us immediately at contact@signalaeo.com and we will delete it promptly.
Cookies and Tracking Technologies
We use cookies and similar technologies to operate the Service and understand how it is used. For full cookie details, see our Cookie Policy.
| Cookie Category | Purpose | Can You Opt Out? |
|---|---|---|
| Essential / Strictly Necessary | Required for the Service to function — authentication, session management, security | No — required for the Service to work |
| Functional / Preference | Remember your settings and preferences | Yes — via cookie settings |
| Analytics | Privacy-preserving analytics; none currently deployed. Planned rollout will use a no-cookie analytics provider. | Yes — via cookie consent banner or browser settings |
| Marketing / Advertising | None currently in use. | Yes — via cookie consent banner |
Cookie Consent
When you first visit our Site, we present a cookie consent banner. You can accept all cookies, accept essential only, or manage preferences category-by-category. You can change your cookie preferences at any time via the cookie settings link in the footer.
Do Not Track and Global Privacy Control
Some browsers send a "Do Not Track" (DNT) signal. Our Service does not currently change its behavior in response to DNT signals. We do honor the Global Privacy Control (GPC) signal as an opt-out of sale or sharing where required by applicable law, though we do not sell or share personal data for cross-context behavioral advertising.
AI and Automated Decision-Making
How AI Is Used
The core SignalAEO service involves observing and analyzing the outputs of third-party AI systems (ChatGPT, Perplexity, Gemini, and others). We use automated classification to detect whether your business is cited in an AI response, classify the sentiment or framing of a citation, identify trends in citation frequency over time, and generate recommendations for improving your AI visibility.
Does Automated Processing Affect You?
Our automated systems produce reports and recommendations, but they do not make legally significant decisions about you or your business. Recommendations are advisory only — a human on your team makes decisions about whether and how to act on them.
Third-Party AI Model Disclaimer
We observe the responses generated by third-party AI platforms but do not control those models, their training data, or their outputs. The citations or non-citations that appear in AI responses reflect decisions made by those platforms — not by SignalAEO.
Data Security
We take reasonable technical and organizational measures to protect your personal information. A brief summary:
- Data is encrypted in transit using TLS 1.2 or higher
- Data at rest is encrypted using AES-256
- Access to production systems is restricted to authorized personnel on a least-privilege basis
- We conduct security testing at least annually, with penetration tests performed by a third-party firm on an annual basis
For a detailed description of our security practices, please visit our Security page.
No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections and will notify you promptly if a breach affecting your data occurs.
Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated Policy on our Site with a new "Last Updated" date, notify you by email if you have an account and the change materially affects your rights, and where required by law, obtain your renewed consent.
We encourage you to review this Policy periodically. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
Contact Us
If you have questions, concerns, or requests related to this Privacy Policy, please contact us:
SignalAEO LLC3300 Triumph Blvd, Suites 100 and 200
Lehi, UT 84043
Email: contact@signalaeo.com
Legal notices: contact@signalaeo.com
Data Protection Officer: SignalAEO has not appointed a Data Protection Officer; privacy inquiries should be directed to contact@signalaeo.com.
For EEA/UK users: if you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.