PRIVACY POLICY - SIGNALO.NET

Effective Date: 3rd October 2025

1. INTRODUCTION

1.1 About This Policy

This Privacy Policy explains how Quantisnet LTD ("we", "us", "our", or "the Company") collects, uses, stores, and protects your personal information when you use the Signalo.net service ("Service", "Platform", or "Website").

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

This Privacy Policy should be read in conjunction with our Terms and Conditions, which govern your use of the Service.

1.2 Data Controller

Quantisnet LTD is the data controller responsible for your personal data.

Registered Office: Whitburn, Scotland , 102 Gardner Crescent, EH470NR
Company Registration Number: SC864611
Email: support@signalo.net
Data Protection Officer: data@signalo.net

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details provided above.

1.3 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will:

• Update the "Effective Date" at the top of this policy
• Notify you by email at least 14 days before the changes take effect
• Post the updated policy on our Website
• For material changes, we may seek your explicit consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

We collect information that you provide to us directly when you:

Account Registration:

• Full name or business name
• Email address
• Password (stored in encrypted form)
• Phone number (optional)
• Company/organisation name (if applicable)
• Job title (optional)
• Country/region

Subscription and Payment Information:

• Billing name and address
• Payment card details (processed and stored by our third-party payment providers - we do not store complete card details on our servers)
• Transaction history
• Invoicing information
• VAT number (if applicable)

Profile and Preferences:

• Profile picture/avatar
• Time zone settings
• Language preferences
• Notification preferences
• Social media account connections

Content You Create:

• Posts and captions you create or schedule
• Images, videos, and other media files you upload
• AI generation prompts and preferences
• Saved templates and drafts
• Comments and feedback

Communications:

• Messages sent through our support system
• Emails and correspondence with our team
• Survey responses and feedback
• Support tickets and help requests

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information:

Usage Data:

• Pages visited within the Service
• Features used and frequency of use
• Actions taken (e.g., posts scheduled, published)
• Time spent on the platform
• Click patterns and navigation paths
• Search queries within the Service

Device and Technical Information:

• IP address
• Browser type and version
• Operating system
• Device type (desktop, mobile, tablet)
• Screen resolution
• Device identifiers
• Referring/exit pages
• Date and time stamps

Cookies and Similar Technologies:

• Session cookies
• Persistent cookies
• Analytics cookies
• Marketing cookies
• Local storage data

See Section 9 for detailed information about cookies.

2.3 Information from Third-Party Sources

Social Media Platforms:

When you connect your social media accounts to our Service, we receive:

• Basic profile information (name, profile picture, user ID)
• Account permissions you grant us
• Page/account insights and analytics data
• Engagement metrics (likes, shares, comments, reach)
• Follower/audience demographics
• Publishing permissions and capabilities

We only access information necessary to provide our Services and only to the extent you authorise through the respective platform's authentication process.

External Image Sources:

• Search queries for stock photos
• Image selections and downloads
• License usage information

Payment Processors:

• Transaction confirmation data
• Payment status
• Fraud prevention information

2.4 Information from Other Users

If you are added to a team account or workspace, we may receive information about you from the account administrator, including:

• Your name and email address
• Your role and permissions
• Work-related information

2.5 Special Categories of Personal Data

We do not intentionally collect special categories of personal data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless you voluntarily include such information in content you create or upload. If you do so, you explicitly consent to our processing of such data in accordance with this Privacy Policy.

3. HOW WE USE YOUR INFORMATION

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds under UK GDPR:

Contract Performance (Article 6(1)(b)):

• To provide and deliver the Services you have requested
• To create and manage your account
• To process payments and subscriptions
• To communicate with you about your account

Legitimate Interests (Article 6(1)(f)):

• To improve and develop our Services
• To ensure platform security and prevent fraud
• To analyse usage patterns and optimise user experience
• To send marketing communications (where you have not opted out)
• To enforce our Terms and Conditions

Legal Obligation (Article 6(1)(c)):

• To comply with legal and regulatory requirements
• To respond to law enforcement requests
• To maintain accounting and tax records
• To prevent illegal activity

Consent (Article 6(1)(a)):

• To send promotional emails (where required)
• To use non-essential cookies
• To process special categories of data (if applicable)

You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.2 Purposes of Processing

We use your information for the following purposes:

Service Delivery:

• Creating and managing your account
• Authenticating your identity and authorising access
• Scheduling and publishing posts to your social media accounts
• Generating AI-powered content based on your requests
• Providing access to external image libraries
• Delivering analytics and performance reports
• Processing your subscription payments
• Providing customer support and responding to inquiries

Service Improvement:

• Analysing usage patterns to understand how users interact with our Service
• Identifying and fixing bugs and technical issues
• Developing new features and functionalities
• Conducting research and development
• Testing and optimising platform performance
• Improving AI algorithms and content generation quality

Communication:

• Sending transactional emails (account confirmation, password resets, payment receipts)
• Notifying you about service updates and changes
• Responding to your questions and support requests
• Conducting surveys and collecting feedback
• Sending newsletters and promotional materials (with your consent or where permitted)

Security and Fraud Prevention:

• Detecting and preventing fraudulent transactions
• Protecting against unauthorised access and security threats
• Monitoring for suspicious activity
• Enforcing our Terms and Conditions
• Preventing abuse and misuse of the Service

Legal Compliance:

• Complying with applicable laws and regulations
• Responding to legal requests and court orders
• Exercising or defending legal claims
• Maintaining records for tax and accounting purposes

Marketing:

• Personalising your experience on our platform
• Showing you relevant features and content
• Sending targeted marketing communications
• Analysing marketing campaign effectiveness
• Conducting market research

3.3 Automated Decision-Making

We use AI and automated systems to:

• Generate content suggestions based on your inputs
• Provide optimal posting time recommendations
• Detect potentially problematic content

These automated processes do not make decisions that significantly affect you legally or similarly. You always retain control over whether to use AI-generated content, and all final publishing decisions are made by you.

4. DATA SHARING AND DISCLOSURE

4.1 Our Commitment to Data Privacy

WE DO NOT SELL, RENT, OR TRADE YOUR PERSONAL DATA TO THIRD PARTIES FOR THEIR MARKETING PURPOSES.

Your data belongs to you, and we are committed to keeping it secure and confidential.

4.2 When We Share Your Information

We may share your personal data only in the following circumstances:

Service Providers and Processors:

We work with trusted third-party service providers who process data on our behalf under strict confidentiality agreements:

Hosting and Infrastructure:

• Cloud hosting providers (e.g., AWS, Google Cloud, Azure)
• Content delivery networks (CDN)
• Database management services

Payment Processing:

• Payment gateway providers (e.g., Stripe, PayPal)
• Fraud detection services
• Billing and invoicing platforms

Social Media Platforms:

• Facebook, Instagram, LinkedIn, Twitter/X, TikTok, and other platforms you connect
• We share only the content you choose to publish and authentication tokens

Analytics and Performance:

• Website analytics services (e.g., Google Analytics)
• Error tracking and monitoring tools
• Performance optimisation services

Communication Services:

• Email delivery services (e.g., SendGrid, Mailchimp)
• Customer support platforms
• Notification services

AI and Content Generation:

• AI content generation API providers
• Image processing services
• Natural language processing tools

External Image Sources:

• Stock photo providers (Unsplash, Pexels, etc.)
• Image licensing platforms

All service providers are contractually obligated to:

• Process data only according to our instructions
• Implement appropriate security measures
• Not use data for their own purposes
• Delete or return data when no longer needed

Legal Requirements:

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or subpoenas
• Respond to lawful requests from public authorities and law enforcement
• Enforce our Terms and Conditions
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or the public
• Detect, prevent, or address fraud, security, or technical issues

Business Transfers:

If we are involved in a merger, acquisition, bankruptcy, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our Website before your personal data is transferred and becomes subject to a different privacy policy.

With Your Consent:

We may share your information with third parties when you have given us explicit consent to do so.

Aggregated and Anonymised Data:

We may share aggregated, anonymised, or de-identified information that cannot reasonably be used to identify you. This may include:

• Usage statistics and trends
• Industry benchmarks and reports
• Research and development insights

4.3 International Data Transfers

Our Service providers are located in various countries, including outside the United Kingdom and European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses (SCCs) approved by the UK authorities
• Adequacy decisions by the UK Government
• Data Processing Agreements with appropriate security measures
• Binding Corporate Rules (where applicable)

You have the right to obtain information about the safeguards we use for international transfers by contacting us.

4.4 Social Media Platform Data Sharing

When you authorise our Service to access your social media accounts:

• We access only the permissions you explicitly grant
• We do not share your social media access tokens with any third parties
• We use your access solely to publish content on your behalf and retrieve analytics
• You can revoke access at any time through your social media account settings
• We do not read your private messages or access content beyond what's necessary for the Service

5. DATA RETENTION

5.1 How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data:

• Active accounts: Data retained while your account remains active
• Deleted accounts: Most data deleted within 30 days of account deletion
• Some data may be retained longer for legal compliance purposes

Transaction Records:

• Payment and billing information: Retained for 7 years to comply with tax and accounting regulations
• Invoice data: Retained as required by UK law

Usage and Analytics Data:

• Aggregated analytics: Retained indefinitely in anonymised form
• Individual usage logs: Retained for 12-24 months

Marketing Data:

• Email marketing data: Retained until you unsubscribe or request deletion
• After unsubscribe: Maintained on suppression list to prevent re-contact

Content and Files:

• Published posts: Retained in your account history
• Drafts and scheduled posts: Retained until you delete them
• Uploaded media: Retained while associated with your account
• After deletion: Removed from active systems within 30 days (may remain in backups for up to 90 days)

Legal and Compliance:

• Data subject requests: Records maintained for 3 years
• Legal claims: Retained for the duration of the claim plus applicable limitation period

Backups:

• Data may remain in backup systems for up to 90 days after deletion from active systems
• Backups are securely stored and not used for operational purposes

5.2 Deletion of Your Data

When you delete your account or request data deletion:

1. Your personal data is removed from active systems within 30 days
2. Data may remain in backup systems for up to 90 days
3. Some data may be retained where legally required
4. Aggregated, anonymised data may be retained indefinitely

6. YOUR RIGHTS AND CHOICES

Under UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

6.1 Right of Access

You have the right to:

• Request confirmation of whether we process your personal data
• Obtain a copy of your personal data
• Receive information about how we use your data

You can exercise this right by:

• Downloading your data from your account settings
• Contacting us with a data access request

We will respond to your request within one month (may be extended by two months for complex requests).

6.2 Right to Rectification

You have the right to:

• Correct inaccurate personal data
• Complete incomplete personal data

You can update most information directly in your account settings, or contact us for assistance.

6.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent and there's no other legal basis
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required for legal compliance

Note: This right is not absolute. We may retain data where:

• Required by law (e.g., tax records)
• Necessary for legal claims
• Required for compliance purposes

To delete your account: Go to Settings > Account > Delete Account, or contact our support team.

6.4 Right to Restriction of Processing

You have the right to restrict processing of your data when:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification

6.5 Right to Data Portability

You have the right to:

• Receive your personal data in a structured, commonly used, machine-readable format
• Transmit your data to another controller

This applies to data:

• You provided to us
• Processed based on consent or contract
• Processed by automated means

You can export your data from your account settings.

6.6 Right to Object

You have the right to object to processing based on:

• Legitimate interests (including profiling)
• Direct marketing (including profiling)
• Processing for scientific/historical research or statistics

To opt out of marketing: Click "unsubscribe" in any marketing email or update your email preferences in account settings.

6.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time:

• This doesn't affect the lawfulness of processing before withdrawal
• You can manage consent preferences in your account settings

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)

• Website: www.ico.org.uk
• Telephone: 0303 123 1113
• Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

6.9 How to Exercise Your Rights

To exercise any of these rights:

1. Log into your account and use available self-service tools
2. Email us at: [data protection email]
3. Write to us at: Quantisnet LTD, [full address]

We will respond within one month of receiving your request. For complex requests, this may be extended by up to two months, and we will inform you of any delay.

We may request identification to verify your identity before processing requests.

7. DATA SECURITY

7.1 Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage:

Technical Security:

• Industry-standard SSL/TLS encryption for data in transit
• Encryption of sensitive data at rest
• Secure password hashing (bcrypt or equivalent)
• Regular security updates and patches
• Firewall protection and intrusion detection
• Secure API authentication and authorisation
• Multi-factor authentication options
• Regular security audits and penetration testing

Organisational Security:

• Access controls and role-based permissions
• Employee confidentiality agreements
• Security awareness training for staff
• Data processing agreements with third parties
• Incident response procedures
• Regular backup procedures
• Disaster recovery plans

Infrastructure Security:

• Use of reputable cloud service providers with ISO 27001 certification
• Redundant systems and failover mechanisms
• Network segmentation
• Regular vulnerability assessments

7.2 Your Responsibility

While we implement strong security measures, you also play a role in protecting your data:

• Use a strong, unique password
• Enable two-factor authentication if available
• Keep your login credentials confidential
• Log out when using shared devices
• Keep your email account secure
• Report suspicious activity immediately
• Review connected social media permissions regularly

7.3 Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware
• Notify affected users without undue delay
• Provide information about the nature of the breach
• Describe measures taken to address the breach
• Advise on steps you can take to protect yourself

8. CHILDREN'S PRIVACY

8.1 Age Restrictions

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are under 18, do not:

• Register for an account
• Use or provide information on the Service
• Make any purchases
• Provide any information about yourself

8.2 Parental Notice

If we learn we have collected personal information from a child under 18 without parental consent, we will delete that information as quickly as possible.

If you believe we might have information from or about a child under 18, please contact us immediately at: [contact email]

8.3 Verification

We may implement age verification mechanisms to ensure compliance with this policy.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What Are Cookies

Cookies are small text files stored on your device when you visit our Website. They help us provide and improve our Service.

9.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Essential for the Service to function
• Enable account login and authentication
• Remember your language and preferences during your session
• Ensure security and fraud prevention
• Cannot be disabled

Functional Cookies:

• Remember your preferences and settings
• Provide enhanced functionality
• Personalise your experience
• Can be disabled but may affect functionality

Analytics Cookies:

• Help us understand how users interact with our Service
• Collect information about pages visited and errors encountered
• Allow us to improve Service performance
• Examples: Google Analytics, internal analytics

Marketing Cookies:

• Used to deliver relevant advertisements
• Track effectiveness of marketing campaigns
• Limit the number of times you see an ad
• Measure ad engagement
• Examples: Facebook Pixel, Google Ads

9.3 Third-Party Cookies

We use services from third parties that may set their own cookies:

Google Analytics:

• Tracks website usage and performance
• Privacy Policy: https://policies.google.com/privacy

Social Media Platforms:

• Enable social sharing features
• Track engagement with embedded content

Payment Processors:

• Facilitate secure payment processing
• Prevent fraudulent transactions

9.4 Cookie Management

You can control cookies through:

Browser Settings:

• Most browsers allow you to refuse or delete cookies
• Each browser has different settings - check your browser's help menu
• Note: Disabling necessary cookies may affect Service functionality

Cookie Preference Centre:

• Available on our Website
• Allows granular control over cookie categories
• Settings are saved and respected on future visits

Opt-Out Tools:

• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
• Your Online Choices: http://www.youronlinechoices.com/uk/

9.5 Do Not Track

Some browsers have "Do Not Track" features. Currently, there is no industry standard for responding to Do Not Track signals. We do not currently respond to Do Not Track signals, but we respect your privacy choices through our cookie preference centre.

9.6 Other Tracking Technologies

Local Storage:

• Used to store preferences and cached data
• Helps improve performance and user experience

Session Storage:

• Temporary storage during your browsing session
• Cleared when you close your browser

Pixels and Beacons:

• Small images that track email opens and engagement
• Used in marketing emails and on the Website

10. MARKETING COMMUNICATIONS

10.1 Types of Communications

We may send you:

Transactional Emails (always sent):

• Account confirmation and verification
• Password reset requests
• Payment receipts and invoices
• Service notifications and updates
• Security alerts
• Legal notices

Marketing Emails (optional):

• Product updates and new features
• Tips and best practices
• Special offers and promotions
• Newsletters
• Surveys and feedback requests

10.2 Your Marketing Choices

You can control marketing communications:

Opt-Out:

• Click "unsubscribe" in any marketing email
• Update preferences in your account settings
• Contact us to be removed from marketing lists

Opt-In:

• Check marketing preference boxes during registration
• Update preferences in account settings
• Re-subscribe through our Website

Note: Even if you opt out of marketing, you will still receive essential transactional emails.

10.3 Marketing Practices

We will:

• Honour opt-out requests promptly (within 5 business days)
• Not share your email for third-party marketing
• Provide clear unsubscribe options
• Respect your communication preferences
• Comply with UK electronic marketing regulations

11. CALIFORNIA AND US STATE PRIVACY RIGHTS

11.1 California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know:

• Categories of personal information collected
• Specific pieces of personal information
• Sources of information
• Business purposes for collection
• Categories of third parties with whom information is shared

Right to Delete:

• Request deletion of personal information we collected

Right to Opt-Out:

• Opt-out of sale of personal information (Note: We do not sell personal information)

Right to Non-Discrimination:

• Not be discriminated against for exercising CCPA rights

Right to Limit Use of Sensitive Personal Information:

• Limit use of sensitive personal information

11.2 Other US State Privacy Rights

Similar rights may apply if you are a resident of:

• Virginia (VCDPA)
• Colorado (CPA)
• Connecticut (CTDPA)
• Utah (UCPA)

11.3 How to Exercise US Rights

Contact us at: [privacy email] We will respond within 45 days (may be extended by 45 days with notice).

11.4 Authorised Agents

California residents can designate an authorised agent to make requests on their behalf. We may require verification of the agent's authority.

12. CONTACT INFORMATION

12.1 Data Protection Enquiries

For questions about this Privacy Policy or our data practices:

Email: data@signalo.net
Post: Data Protection Officer, Quantisnet LTD, 102 Gardner Crescent, EH470NR, Whitburn, Scotland
Website: https://signalo.net/

12.2 Response Times

We aim to respond to all enquiries within:

• General questions: 5 business days
• Data subject requests: 1 month (may be extended to 3 months for complex requests)
• Security concerns: 24-48 hours

12.3 Complaints

If you're not satisfied with our response, you can:

• Escalate within our organisation
• Contact the Information Commissioner's Office (ICO)
• Seek legal advice or remedies

13. SUPPLEMENTARY INFORMATION

13.1 Links to Other Websites

Our Service may contain links to third-party websites, plugins, and applications. Clicking those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

13.2 Social Media Features

Our Service includes social media features (e.g., share buttons). These features may collect your IP address and page visits, and may set cookies. Social media features are hosted by third parties and governed by their privacy policies.

13.3 Testimonials and Reviews

We may display personal testimonials and reviews on our Website. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, contact us.

13.4 Forums and Public Areas

Any information you post in public areas (if available) may be read, collected, and used by others. Exercise caution when disclosing personal information in these areas.

13.5 Changes to Our Business

If we undergo a business transition (merger, acquisition, sale of assets), your personal data may be among the transferred assets. You will be notified via email and/or prominent Website notice before your data becomes subject to a different privacy policy.

---

GLOSSARY OF TERMS

Personal Data: Information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion).

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: An entity that processes personal data on behalf of a controller.

UK GDPR: UK General Data Protection Regulation - the UK's version of GDPR after Brexit.

Consent: Freely given, specific, informed, and unambiguous indication of agreement to processing.

Legitimate Interest: A legal basis for processing where we have a genuine and legitimate reason that is balanced against your rights.

---

BY USING OUR SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.

---

Last Updated: 3rd October 2025

Quantisnet LTD - Registered in Scotland
SC864611
Registered Office: Whitburn, Scotland

---

Document Version: 1.0
Effective Date: 3rd October 2025
Next Review Date: 3rd October 2026