1. About this policy
Signalto Limited (“SignalTo”, “we”, “us”, “our”) respects your privacy and is committed to protecting your Personal Information in accordance with the Privacy Act 2020 and its information privacy principles.
This policy explains what Personal Information we collect, why we collect it, how we use and disclose it, where it is held, and the rights you have. Capitalised terms have the meanings given in our shared defined terms and in the Terms of Service.
Where we manage AI visibility for a business on behalf of a Customer or a Reseller, we Process information about that business and its website to deliver the Services. Our handling of that information as a service provider is governed by our Data Processing Terms. This policy applies to the Personal Information we collect and control in our own right.
2. The Personal Information we collect
We collect Personal Information that is reasonably necessary for our functions and activities, including:
- Account and contact information: name, email address, phone number, business name, role, and login credentials.
- Billing information: billing contact, billing email, and payment records. Card details are collected and stored by our payment provider, not by us.
- Partner information: for Resellers and Affiliates, business details, payout details (including bank or transfer account information held by our payments provider), and information needed to administer the partner relationship.
- Customer and site information: information about a Customer’s business and website that is necessary to deliver the Services. Much of this is business information rather than Personal Information, but it may include the Personal Information of individuals named on a website (for example staff listed on an “about” or “contact” page).
- Usage information: how you interact with the Console and our website, including log data, device and browser information, and IP address.
- Communications: records of your correspondence with us, including support requests.
3. How we collect it
We collect Personal Information directly from you when you create an account, start a Free Trial, subscribe, apply to a partner programme, contact us, or use the Services. We also collect it automatically through cookies and similar technologies when you use our website and Console (see our Cookies Policy), and from publicly available sources and the websites we are engaged to analyse.
Where it is reasonable and practicable, we collect Personal Information directly from the individual concerned. Where we collect information about a Customer’s website, we do so on the instruction of, and for, that Customer.
4. Why we use it
We use Personal Information to:
- provide, operate, maintain, and improve the Services;
- create and administer accounts, including authentication and team management;
- run the Free Trial and process subscriptions, billing, and partner payouts;
- generate AI Visibility Reports, Suggested Changes, Monthly Reports, and other outputs;
- monitor how AI Systems and search engines represent a business, which involves submitting queries to third-party AI Systems and data providers on the Customer’s behalf;
- provide support and respond to your enquiries;
- administer the Reseller and Affiliate programmes, including attribution and commission;
- protect the security and integrity of the Services and detect and prevent misuse;
- comply with our legal obligations; and
- send you service communications and, where you have not opted out, relevant updates about the Services.
5. How AI monitoring works
The Services monitor how AI Systems such as ChatGPT, Claude, Perplexity, and Google AI Overviews describe a business. We have no privileged or backend access to those systems. Monitoring is performed by submitting our own prompts to those systems and recording the responses. Those prompts may include a business name and related terms. We do not control how the operators of those AI Systems handle the queries we send them; their own terms and privacy practices apply to that handling.
6. When we disclose it
We do not sell your Personal Information. We disclose it only as follows:
- To Subprocessors and service providers who help us deliver the Services, such as hosting, payment processing, payout, data, and AI providers. These are listed in our Subprocessor list. They may only Process Personal Information on our instructions and for the purposes of providing their services to us.
- To AI Systems and data providers to the extent necessary to perform monitoring and generate outputs, as described in section 5.
- To a Reseller, where you are an End Client whose account is managed by that Reseller.
- Where required or authorised by law, including to comply with a lawful request from a regulator, court, or government agency.
- In connection with a sale or restructure of our business, where the recipient agrees to protect your Personal Information consistently with this policy.
7. Sending information overseas
Some of our Subprocessors are located outside New Zealand, including in the United States and other countries. This means your Personal Information may be disclosed to, stored, or Processed overseas. Before disclosing Personal Information to an overseas person, we take reasonable steps to ensure it is protected by comparable safeguards to those in the Privacy Act 2020, consistent with Information Privacy Principle 12, whether because the overseas person is required to protect the information in a way that provides comparable safeguards, or through our contractual arrangements with that person. By using the Services you acknowledge that your Personal Information may be held and Processed outside New Zealand for the purposes set out in this policy.
8. How we keep it secure
We take reasonable security safeguards to protect Personal Information against loss, unauthorised access, use, modification, or disclosure. These include access controls, encryption in transit, and limiting access to those who need it. No system is completely secure, and we cannot guarantee absolute security, but we work to protect your information and to respond promptly if something goes wrong.
If we experience a privacy breach that it is reasonable to believe has caused, or is likely to cause, serious harm, we will notify the Office of the Privacy Commissioner and affected individuals as required by the Privacy Act 2020.
9. How long we keep it
We keep Personal Information only for as long as it is needed for the purposes set out in this policy, or as required by law. When an account is closed, we retain the associated data for a limited period to allow reactivation and to meet our legal and operational obligations, after which it is deleted or de-identified. Anonymised and aggregated information that no longer identifies an individual may be retained to improve the Services.
10. Your rights
Under the Privacy Act 2020 you have the right to ask us:
- whether we hold Personal Information about you;
- for access to that information; and
- to correct that information if it is wrong.
To make a request, contact us using the details in section 13. We will respond as soon as reasonably practicable and within the timeframes required by the Privacy Act 2020. There is generally no charge for an access request, although we may charge a reasonable fee in limited circumstances permitted by law. If we decline a request, we will tell you why.
If you are an End Client whose account is managed by a Reseller, some requests may need to be directed to that Reseller, who controls the relevant account. We will help you identify the right contact.
11. Cookies
Our website and Console use cookies and similar technologies. Our Cookies Policy explains what we use and how you can manage them.
12. Children
The Services are intended for businesses and are not directed at children. We do not knowingly collect Personal Information from children.
13. Contact and complaints
If you have a question, an access or correction request, or a concern about how we handle your Personal Information, contact us at:
Signalto Limited Email: support@signalto.ai Registered office: c/- BDO Auckland, Level 10, BDO Tower, 19 Como Street, Takapuna, Auckland 0740, New Zealand
If you are not satisfied with our response, you may complain to the Office of the Privacy Commissioner: www.privacy.org.nz.
14. Changes to this policy
We may update this policy from time to time. The current version is always available at signalto.ai/legal/privacy, and the effective date at the top shows when it last changed. Where a change is material, we will take reasonable steps to let you know.