How SenderSignal collects, uses, and protects personal data. We aim for the strictest standard between GDPR and CCPA so the same answer holds wherever you operate.
Last updated: April 27, 2026
SenderSignal is operated by Infoscience Labs (“we,” “us,” “our”), the data controller for the personal data described in this policy. You can reach us at privacy@sendersignal.com or through our parent company at infoscience.co.
When you create an account we collect your name, email address, and (for paid plans) billing information. We do not store full payment card numbers; those are tokenized through our PCI-DSS Level 1 payment processor.
To monitor your sending infrastructure we ask you to add domains and sending IPs. These are public identifiers and we treat them as such. We never receive, store, or process the content of any email message.
We collect basic telemetry about your use of the dashboard (pages visited, actions taken, performance metrics) to keep the product reliable and to improve it. We use first-party analytics; we do not embed third-party advertising trackers.
We set a small number of strictly necessary cookies for authentication and session continuity. We do not use advertising or cross-site tracking cookies.
We do not sell, rent, or share personal data with third-party advertisers. We do not use your data to train external models.
We rely on a small set of trusted infrastructure providers. The full, current list is available on request and is updated whenever a sub-processor changes. Categories include:
Each sub-processor is bound by a Data Processing Agreement that meets or exceeds the requirements of GDPR Article 28 and the CCPA service-provider terms.
By default, data is stored in the United States. Enterprise customers can request EU-residency for an additional fee. Cross-border transfers, where they occur, are governed by the EU Standard Contractual Clauses (SCCs) and equivalent UK addenda.
Account and billing data are retained for the life of your account plus 7 years for tax and audit purposes. Operational logs (probe results, alert history) are retained for 90 days on starter plans and up to 2 years on enterprise plans. You can request earlier deletion at any time.
Wherever you live, you can request access to your data, correction of inaccuracies, deletion, export of a portable copy, and restriction or objection to specific processing. Email privacy@sendersignal.com and we will respond within 30 days. Under GDPR, you also have the right to lodge a complaint with your local supervisory authority.
SenderSignal is SOC 2 Type II audited. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Customer secrets, API keys, and webhook signing keys are stored in a hardware-backed key management service. Access to production is governed by SSO, MFA, and least-privilege role assignment with audit logging.
SenderSignal is a B2B product not intended for use by individuals under 16. We do not knowingly collect personal data from children.
We will post material changes to this policy on this page and notify active customers by email at least 14 days before they take effect.
Questions about this policy? Email privacy@sendersignal.com.