Privacy Policy - gotosignal.com

The following describes the Privacy Policy for gotosignal.com website.

Your Privacy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. You agree to these policies by virtue of using our website in a way that leads to you providing us with personal information.

Information We Collect

We collect the following categories of information when you create an account and use gotosignal.com:

Account and registration data: name, email address, and (for email/password accounts) your password, verified through Firebase Authentication. If you sign up with Google, we receive your name, email address, and basic profile information from Google.
Account settings: optional details you provide, such as phone number, job title, company name, industry, postal address, and your preferred language, date format, time format, and timezone.
Business profile content: all content you create or upload to build your profiles (see "File Upload and Storage Practices" below), including any tracking codes, OpenPGP public keys, hours/schedules, testimonials, and links you add.
Billing data: when you subscribe, Stripe collects your payment and billing information on our behalf (see "Third-Party Service Providers"). We receive limited subscription status, plan, and billing metadata — not full card numbers.
Support and feedback data: if you submit feedback or a support request, we collect the message content, any attachments you upload, the page or route you were on, and basic diagnostic context to help us respond.
First-party usage and diagnostics: see "First-Party Analytics and Diagnostics" below.

For details about cookies and tracking technologies, please see our Cookie Policy.

State Law & Accompanying Rights

Please understand that you may have additional rights originating from State laws based on where you live. These State-based rights may augment, strengthen, or otherwise somehow compliment any privacy rights you have inherently or under Federal law. Our policy is to comply fully with the privacy policies of every jurisdiction in which we operate. Accordingly, you are free to use our Contact information to reach us at any time to assert any State rights.

Contact Information

If you have questions, concerns, or wish to exercise your privacy rights, you may contact us:

Email: support@gotosignal.com
Website:https://gotosignal.com
Company: Signal Business LLC

For data protection inquiries, GDPR requests, or CCPA requests, please email us at support@gotosignal.com with "Privacy Request" in the subject line. We will respond to your request within 30 days as required by applicable law.

Our Commitment To Children's Privacy

Protecting the privacy of the very young is especially important. For that reason, our website will never collect or maintain information at our website from those we actually know are under 18, and no part of our website is structured to attract anyone under 18.

Under our Terms of Service and Conditions of Use, children under 18 are not allowed to use our website and access our services. It is not our intention to offer products or services to minors.

First-Party Analytics and Diagnostics

Note: This section describes data that gotosignal.com itself collects to operate, secure, and improve the platform. It is separate from the third-party tracking codes that profile owners may add to their own profiles, which are described in the "User-Generated Profile Tracking Codes" section below. For details on cookies and similar technologies, see our Cookie Policy.

QR code and short-link analytics: When a visitor scans a QR code or opens a tracked link that you generate through our platform, we record analytics events to give you scan and engagement reporting. These events may include the approximate country (derived from network information), device category and operating system family (derived from the browser user-agent), timestamp, and the placement, SKU, or tracking code you associated with the link. The originating IP address may be processed transiently to derive this information and for security/fraud prevention; it is treated as restricted and is not exposed in standard profile-owner reporting.

Activity and security audit logs: For sensitive actions (for example sign-in, registration, profile creation, and administrative actions) we record an audit entry that may include the actor's account, the action, timestamp, and technical context such as browser user-agent, language, platform, screen size, timezone, and referring page. These logs support account security, abuse prevention, and compliance.

Error and performance diagnostics: If the application encounters an error, we may capture diagnostic context (such as an error fingerprint, the route, your browser/device characteristics, and, if you are signed in, your account identifier) to diagnose and fix issues. We also use Firebase Performance Monitoring to measure load-time and request-timing metrics. These diagnostics are used for reliability and are not used to build advertising profiles.

Server logs: Like most websites, our servers automatically log requests, including IP address, date/time, referring page, and user-agent, for operations, troubleshooting, and security.

User-Generated Profile Tracking Codes

Our platform allows users to create and customize their own business profiles. As part of this customization, users may choose to add third-party analytics and tracking codes to their profiles. These tracking codes are provided directly by the profile owner and are not controlled or managed by gotosignal.com.

Important Information for Profile Visitors:

When you visit a user-generated profile that contains tracking code, you may be subject to third-party tracking technologies, including cookies, pixels, and other tracking mechanisms.
The tracking code embedded in a profile is the responsibility of the profile owner, not gotosignal.com. Each profile owner's tracking implementation is subject to their own privacy policies and practices.
We maintain a security whitelist of legitimate analytics providers to ensure only recognized tracking services can be used. This includes major platforms such as Google Analytics, Facebook Pixel, Adobe Analytics, and many other established analytics services.
We do not have access to or control over the data collected by third-party tracking codes embedded in user profiles. Any data collection, use, or sharing is governed by the privacy policies of the respective analytics providers and profile owners.

Managing Tracking: You can manage or opt out of many tracking technologies by adjusting your browser settings, using privacy-focused browser extensions, or visiting the opt-out pages provided by individual analytics providers. Common opt-out resources include:

Network Advertising Initiative: http://www.networkadvertising.org/managing/opt_out.asp
Digital Advertising Alliance: http://www.aboutads.info/choices/
Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
Your browser's privacy and security settings

Profile Owner Responsibilities: If you are a profile owner who adds tracking code to your profile, you are responsible for:

Complying with all applicable privacy laws and regulations (including GDPR, CCPA, and other regional requirements)
Providing appropriate disclosures to visitors about tracking technologies used on your profile
Obtaining necessary consents where required by law
Ensuring your tracking implementation complies with our Terms of Service

We reserve the right to remove or disable tracking codes that violate our security policies, Terms of Service, or applicable laws. Only tracking codes from whitelisted analytics providers are permitted for security and privacy protection.

Third-Party Service Providers

gotosignal.com uses several third-party service providers to deliver our services. These providers have access to certain information necessary to perform their functions but are not permitted to use it for other purposes.

Firebase Services (Google): We use Firebase, a service provided by Google, for the following:

Firebase Authentication: For user account creation, email verification, and authentication. Google processes your email address and authentication data in accordance with their Privacy Policy.
Cloud Firestore: For storing your account information, business profile data, and application data. Data is stored securely in Google's cloud infrastructure.
Firebase Storage: For storing uploaded files, images, videos, and media content associated with your business profiles. Files are stored in Google Cloud Storage.

Google's use of information collected through Firebase is governed by Google's Privacy Policy, available at https://policies.google.com/privacy.

Stripe Payment Processing: We use Stripe, a third-party payment processor, to handle subscription payments. When you make a payment, Stripe collects and processes your payment information, including credit card details, billing address, and transaction data. We do not store your complete payment card information on our servers. Stripe's use of your information is governed by Stripe's Privacy Policy, available at https://stripe.com/privacy.

Google OAuth: If you choose to sign up or log in using Google OAuth, Google will share certain information with us, including your name, email address, and profile picture. This information is used to create and manage your account. Google's use of information is governed by Google's Privacy Policy.

Firebase App Check and Google reCAPTCHA: We use Firebase App Check with Google reCAPTCHA to verify that requests to our backend come from our genuine app and to protect against abuse. reCAPTCHA may collect device and usage signals and set cookies. Its use is governed by Google's Privacy Policy and reCAPTCHA terms.

Firebase Performance Monitoring (Google): We use Firebase Performance to collect performance metrics (such as load and request timings) to monitor and improve reliability. See Google's Privacy Policy.

Google Fonts: Our website and deployed profiles may load web fonts from Google Fonts. When a font is requested, your browser connects to Google's font servers, which may receive your IP address and request information. See Google's Privacy Policy.

Email delivery (Mailtrap): We use a third-party email delivery provider (Mailtrap) to send transactional and support-related emails, such as feedback replies and notifications. The provider processes the recipient email address and message content solely to deliver those emails on our behalf.

Data Sharing: We only share your personal information with these third-party service providers to the extent necessary to provide our services. These providers are contractually obligated to protect your information and use it only for the purposes we specify. We do not sell your personal information to third parties.

File Upload and Storage Practices

When you upload files (images, videos, audio, documents) to create or customize your business profiles, we collect and store these files using Firebase Storage, a secure cloud storage service provided by Google.

What We Collect: We collect files you upload, including:

Profile photos, logos, and cover images
Featured content images, videos, audio files, and documents
Custom action button images
Favicon, bookmark, and share images

How We Use Uploaded Files: Uploaded files are used solely to:

Display and customize your business profiles
Create QR codes and vCard files for profile sharing
Deploy your business profiles to make them publicly accessible

Storage Security: Files are stored securely in Firebase Storage with access controls. Only you, authorized administrators, and visitors to your deployed profiles (for publicly accessible content) can access your files. We implement security measures to protect against unauthorized access, alteration, disclosure, or destruction of your files.

File Size and Type Restrictions: We limit file uploads to 3MB per file and restrict file types to images (JPEG, PNG, GIF, WebP, SVG), videos (MP4, WebM), audio (MP3), and documents (PDF). Files that exceed these limits or are of unsupported types will be rejected.

Data Retention: Files are retained for as long as your account is active and your business profiles are deployed. If you delete a profile or file, it may be permanently removed from our storage. Upon account termination, all associated files may be deleted. We are not responsible for data loss resulting from account termination or file deletion.

Your Rights: You have the right to:

Upload, modify, or delete your files at any time through your account
Request deletion of specific files or all files associated with your account
Access your files through your deployed business profiles

Data Retention and Deletion Policy

Data Retention Period: We retain your personal information and business profile data for as long as your account is active and you continue to use our services. We may retain certain information for longer periods as required by law or for legitimate business purposes.

Active Accounts: For active accounts, we retain:

Account information (name, email, contact details) - retained while account is active
Business profile data and content - retained while profiles are deployed or saved
Uploaded files and media - retained while associated with active profiles
Subscription and payment records - retained for accounting and legal compliance purposes

Inactive or Terminated Accounts: Upon account deactivation or termination:

Your business profiles may become inaccessible or be removed
Uploaded files may be deleted after a grace period (typically 30 days)
Account information may be retained for legal, accounting, or security purposes as required by law
Subscription and payment records are retained for accounting and tax compliance (typically 7 years)

Right to Deletion: You have the right to request deletion of your personal information and data. To request deletion:

You may delete individual business profiles and associated files at any time through your account dashboard
To delete your entire account and all associated data, contact us at support@gotosignal.com with "Privacy Request" in the subject line. (Account deletion is handled on request; profiles and files can be removed by you directly as described above.)

Deletion Process: Upon receiving a deletion request:

We will process your request within 30 days
Your account and business profiles will be deactivated
Uploaded files and media will be deleted from our storage systems
Account information will be removed from our active databases
Certain information may be retained in backups for a limited period (typically up to 90 days) before permanent deletion

Exceptions to Deletion: We may retain certain information even after account deletion if:

Retention is required by law or legal obligations
Information is necessary for fraud prevention or security purposes
Information is needed for accounting or tax compliance
Information is part of aggregate or anonymized data that cannot be associated with you

Backup Retention: Data may exist in backup systems for a limited period (typically up to 90 days) after deletion. Backups are automatically purged on a regular schedule. We are not able to immediately delete information from all backup systems.

GDPR and CCPA Rights: If you are located in the European Economic Area (EEA) or California, you have additional rights regarding data deletion under GDPR and CCPA. Please contact us to exercise these rights.

Data Breach Notification

Our Commitment: We take data security seriously and implement industry-standard security measures to protect your personal information. However, no method of transmission over the internet or electronic storage is 100% secure.

Breach Notification Procedures: In the event of a data breach that may affect your personal information, we will:

Investigate the breach immediately and take steps to contain and remediate it
Notify affected users without undue delay, typically within 72 hours of becoming aware of the breach (as required by GDPR) or within the timeframes required by applicable law
Provide clear information about what happened, what data was affected, and what steps we are taking to address the breach
Provide guidance on steps you can take to protect yourself
Report the breach to relevant supervisory authorities as required by law

Notification Methods: We will notify you of a data breach via email to the address associated with your account. If email is not available or the breach is particularly severe, we may also use other methods such as posting a notice on our website or contacting you through other available means.

Your Responsibilities: It is important that you keep your account email address up to date so we can contact you in the event of a security incident. You should also monitor your account for any suspicious activity and report any concerns to us immediately.

International Data Transfers

Data Storage Locations: Your personal information and business profile data may be stored and processed in countries outside of your country of residence, including the United States. Our service providers, including Google (Firebase) and Stripe, may store and process data in various locations worldwide.

Data Transfer Safeguards: When we transfer your personal information outside of the European Economic Area (EEA) or other jurisdictions with data protection laws, we ensure appropriate safeguards are in place:

We use service providers that have implemented appropriate technical and organizational measures to protect your data
We rely on Standard Contractual Clauses (SCCs) approved by the European Commission where applicable
We ensure our service providers comply with applicable data protection laws and regulations
Google (Firebase) and Stripe maintain certifications and compliance with international data protection standards

Your Rights: If you are located in the EEA or other jurisdictions with data protection laws, you have the right to be informed about international data transfers and to object to certain transfers where permitted by law. However, please note that some transfers are necessary for us to provide our services to you.

Service Provider Locations:

Google (Firebase): Data may be stored in Google's data centers worldwide. Google is certified under various data protection frameworks. See Google's Privacy Policy for more information.
Stripe: Payment data is processed by Stripe, which maintains data centers in various locations. Stripe is PCI-DSS compliant and maintains appropriate data protection measures. See Stripe's Privacy Policy for more information.

By using our services, you consent to the transfer of your information to these locations and service providers as described in this Privacy Policy.

Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. This section summarizes your rights under various privacy laws, including GDPR (for EEA residents) and CCPA (for California residents).

Right to Access: You have the right to request access to the personal information we hold about you, including what data we collect, how we use it, and with whom we share it.

Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information. You can update much of your information directly through your account settings.

Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal information, subject to certain exceptions (such as legal obligations to retain data). You can delete your business profiles and uploaded files directly from your account dashboard; to delete your entire account, contact us at support@gotosignal.com.

Right to Restrict Processing: You have the right to request that we limit how we process your personal information in certain circumstances.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format, and to transmit that data to another service provider where technically feasible.

Right to Object: You have the right to object to certain types of processing of your personal information, including processing for direct marketing purposes.

Right to Withdraw Consent: Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing before the withdrawal.

Right to Non-Discrimination (CCPA): If you are a California resident, you have the right not to be discriminated against for exercising your privacy rights.

Right to Opt-Out of Sale (CCPA): We do not sell your personal information. If this changes in the future, California residents will have the right to opt-out of the sale of their personal information.

How to Exercise Your Rights: To exercise any of these rights, please contact us at support@gotosignal.com with "Privacy Request" in the subject line. Please include your name, email address, and a description of the right you wish to exercise. We may need to verify your identity before processing your request. We will respond to your request within 30 days (or as required by applicable law).

Appeals Process: If you are not satisfied with our response to your privacy request, you have the right to lodge a complaint with your local data protection authority (for EEA residents) or the California Attorney General (for California residents).

QR Code and vCard Data Disclosure

Our platform provides features for generating QR codes and downloadable vCard files to facilitate sharing of your business profile information.

QR Code Generation: When you use our QR code generation feature, we create a QR code that links to your business profile URL. The QR code contains your profile URL and is generated using third-party libraries. QR codes are generated on-demand and do not store additional personal information beyond the profile URL.

vCard (Virtual Contact Card) Files: Our platform generates vCard (.vcf) files that contain contact information from your business profile. vCard files may include:

Name (first name, last name)
Business name and job title
Email address
Phone numbers (mobile, work, home, SMS)
Physical address
Website URLs
Social media links
Digital business card URL

How vCard Data is Used: vCard files are generated from information you provide in your business profile. When someone downloads your vCard file, they receive a standard contact card file that can be imported into their address book or contact management system. The vCard file is a static file that contains the information you have chosen to include in your profile.

Data Control: You control what information is included in your vCard by choosing what information to include in your business profile. You can modify or remove information from your profile at any time, which will affect future vCard downloads but will not affect vCard files that have already been downloaded by others.

Third-Party Use: Once a vCard file is downloaded, the recipient may import it into their contact management system, email client, or address book. We are not responsible for how third parties use or store information from downloaded vCard files. Downloaded vCard files are outside our control.

Sharing Features: Our platform also provides sharing features that allow you to share your business profile via social media, email, or other methods. When you use these features, you are sharing your profile URL and any information you choose to include in the share message. We are not responsible for how recipients use shared information.

Other Collection of Personal Information

When visiting our website, the IP address used to access our website may be logged along with the dates and times of access. This information is purely used to analyze trends, administer our website, track users movement, and gather broad demographic information for internal use such as statistical assessments and website improvement. Most importantly, any recorded IP addresses are not linked to personally identifiable information.

Other information may be collected as well, which is rather typical of most websites. For instance, the source that referred you to our website is generally known. Likewise, your duration on our website, and your destination when you leave our website can also be tracked. Other common data collected includes the type of operating system the computer you are using to access our website has. Similarly, the type of web browser is often noted. Again, this is common data collection, and helps ultimately produce a better end-user experience.

Cookies are another common internet practice. Cookies are a key means of improving user experience by allowing us to customize your use of our website. Simple information is transferred to your computer to allow the content and experience to reflect your actions, preferences, and so on. You should simply make the assumption our website uses cookies, and note that you are free to make adjustments in your web browser to disable these or otherwise receive notification of cookies so you can take whatever desired action you so choose. Please understand that refusing cookies may cripple some of our website features and render some aspects useless to you.

At times, you will be fully aware of information received, as you are the direct source providing it. For instance, you may comment on a blog post, reply to an email (whether broadcast message or autoresponder), provide an email address, complete a survey, requests SMS, or otherwise. Likewise, purchases necessarily involve collecting certain information, such as credit card information processed through Stripe, your physical address for billing and/or shipping, phone number, and so on. Refusing to provide some of this information may lead to us being unable to provide you with the products or services you’ve requested.

A prime example of limited access to our website is where content may be protected by a username and password. Whether a username and password is generated by our website, or created by you, these will almost always be connected with some other information related to or connected with you. This is true since much content that is protected on the internet is subscription based, often paid for. Thus, the username and password must necessarily be tied to your other account data. Usernames and passwords, by their very nature, should be kept private.

Handling of Personal Information

Note that any personal information you provide to others apart from us or our vendors is wholly optional. As an example, you might disclose something in a blog post comment. That “private” information is now “public,” and we have no control over that. In like fashion, you sharing information with any other third party not functioning as a service provider to us puts that information beyond our control and becomes subject to the policy that party has in place.

Our primary intention for collecting personal and private information from you is simply to conduct our business. We can use this internally to better serve you. Accordingly, we see no reason to share your personal information to other parties and outside interests unless you have authorized us to do so.

Of course, there are instances where your information is stored with third party service providers, such as email service providers, as they provide services that are industry-leading in quality and security and are far more beneficial to our end user than attempting such services “in-house.” However, you are never required to deal with any such third party directly, they are limited in how they use your information, and they cannot sell or transfer it to others in any way.

However, of course, your information does comprise part of an overall whole. This aggregate of information, by contrast, may be used to understand our overall user base. Further, we may share this information about our website visitors as a whole, not individually, with third parties for various purposes, in our sole discretion.

While we are staunch privacy advocates, there are times when even we may be forced to abandon these ideals. Just as major search engines face ongoing compulsion to provide data against their will, so too may the same occur with our website. Illegal activity or other serious acts or allegations could create legal liability for our website. In those cases, we reserve the right to share your information, or else may simply be compelled to do so by law.

On the other hand, there may be times when we would need to share your private information in order to protect our own interests. For instance, in cases of suspected or alleged copyright infringement or other intellectual property violations, it may be necessary to share personal information.

Search Engine and AI Discoverability

When you deploy a business profile, you can choose whether it is discoverable by search engines and AI answer tools. If you enable discoverability and the profile is on our production environment, the public profile and the information you have chosen to display on it may be crawled, indexed, cached, and summarized by third-party search engines and AI/agent crawlers. Indexed and cached copies are outside our control and may persist even after you change or remove your profile.

If you disable discoverability (or while a profile is on a non-production environment), we instruct crawlers not to index the page; however, we cannot guarantee that every third-party crawler honors these instructions. Do not place information on a public profile that you are not comfortable making broadly available.

Changes to This Policy

CHANGE NOTICE: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this page. For material changes, we will provide additional notice where required by law (for example, by email or an in-app notice). We encourage you to review this page periodically.

PROPRIETARY CONTENT: The text and layout of this page are proprietary to Signal Business LLC and are provided for the information of our users. You may not copy, republish, or reuse this material for any other website or purpose without our written permission.

Links to Third Party Websites

We have included links on this website for your use and reference. We are not responsible for the privacy policies on these websites. You should be aware that the privacy policies of these websites may differ from our own.