Privacy Policy

Last updated: January 2026

SignalBreak ("we", "us", "our") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our AI Governance Intelligence Platform.

1. Who We Are

SignalBreak is operated by Navitec Ltd, Company #16885355, registered in England and Wales.

Contact: privacy@signalbreak.io

2. Information We Collect

2.1 Account Information

  • Name and email address
  • Organisation name and size
  • Role/job title
  • Authentication data (managed by Clerk)

2.2 Platform Data

  • AI workflows you create and configure
  • Provider bindings and dependencies
  • Governance framework selections
  • Report configurations and generated reports

2.3 Usage Data

  • Pages visited and features used
  • Session duration and frequency
  • Browser type and device information
  • IP address (anonymised for analytics)

2.4 Data We Process on Your Behalf

  • Workflow names and descriptions you provide
  • Risk assessments and scores
  • Compliance documentation

3. How We Use Your Information

PurposeLegal Basis
Provide and maintain the serviceContract performance
Send service notificationsContract performance
Improve our platformLegitimate interest
Respond to support requestsContract performance
Comply with legal obligationsLegal requirement
Send product updates (with consent)Consent

4. AI and Automated Processing

SignalBreak uses AI (large language models) to:

  • Enrich signals with impact analysis
  • Generate governance summaries
  • Create report narratives

Important:

  • Your workflow data is processed to provide these features
  • We do not use your data to train AI models
  • AI-generated content is always clearly labelled
  • You can request human review of any AI-assisted decision

5. Data Sharing

We share your data only with:

RecipientPurposeSafeguards
SupabaseDatabase hostingEU data centres, DPA in place
ClerkAuthenticationSOC 2 certified, DPA in place
VercelApplication hostingGDPR compliant
Anthropic/OpenAIAI processingData not used for training, DPA in place

We do not sell your data or share it for advertising purposes.

6. Data Retention

Data TypeRetention Period
Account dataDuration of account + 30 days
Workflow dataDuration of account + 30 days
Signals12 months
ReportsDuration of account
Usage analytics26 months (anonymised)

You can request deletion at any time — see "Your Rights" below.

7. Data Security

We protect your data with:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (AES-256)
  • Row-level security in database
  • Regular security assessments
  • Access controls and audit logging

8. International Transfers

Your data may be processed in:

  • United Kingdom
  • European Union
  • United States (for AI processing)

For US transfers, we rely on Standard Contractual Clauses and ensure providers are committed to equivalent protections.

9. Your Rights (GDPR)

You have the right to:

RightHow to Exercise
Access your dataSettings → Export Data, or email us
Correct inaccurate dataEdit in platform, or email us
Delete your dataSettings → Delete Account, or email us
Export your dataSettings → Export Data
Object to processingEmail us
Restrict processingEmail us
Withdraw consentEmail us or unsubscribe links

We respond to requests within 30 days.

10. Cookies

We use cookies for essential functionality and analytics. See our Cookie Policy for details.

11. Children

SignalBreak is not intended for use by anyone under 18. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this policy periodically. We'll notify you of significant changes via email or in-platform notification.

13. Contact Us

For privacy queries or to exercise your rights:

Email: privacy@signalbreak.io

Postal:
Navitec Ltd
86-90 Paul Street, London EC2A 4NE
United Kingdom

14. Complaints

If you're unhappy with how we've handled your data, you can complain to the Information Commissioner's Office (ICO):

Website: ico.org.uk

Phone: 0303 123 1113