Privacy Policy

1. Introduction

Signal Ltd ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our safeguarding platform ("Service").

We are the data controller for the purposes of UK GDPR and the Data Protection Act 2018. This policy applies to all users of our Service.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly, including:

• Account Information: Name, email address, phone number, job title, organization
• Student Records: Student names, dates of birth, identifiers, safeguarding concerns
• Incident Data: Incident descriptions, dates, categories, severity levels
• Documents: Files you upload, including their metadata
• Communications: Enquiries, support requests, feedback

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Pages visited, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, performance data
• Cookies: See our Cookie Policy for details

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Process your requests and transactions
• Send you technical notices, updates, and support messages
• Respond to your enquiries and provide customer support
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and safeguarding requirements
• Send marketing communications (with your consent)

4. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To provide the Service you've subscribed to
• Legitimate Interests: To improve our Service and ensure security
• Legal Obligation: To comply with statutory safeguarding duties
• Consent: For marketing communications (where required)
• Special Category Data: Safeguarding data is processed under Article 9(2)(b) (employment/social protection) and Article 9(2)(g) (substantial public interest)

5. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: Cloud hosting (Microsoft Azure), email services, analytics tools
• Legal Authorities: When required by law or to protect rights and safety
• Statutory Bodies: Local authorities, police, safeguarding boards (as required by safeguarding legislation)
• Professional Advisors: Lawyers, auditors, insurers (as necessary)

All third-party service providers are contractually bound to protect your data and use it only for specified purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (TLS) and at rest (AES-256)
• Multi-factor authentication and passkey support
• Role-based access controls
• Regular security audits and penetration testing
• Secure data centers in the UK/EU
• Backup and disaster recovery procedures
• Staff training on data protection

7. Data Retention

We retain your data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations (including safeguarding record-keeping requirements)
• Resolve disputes and enforce agreements

Safeguarding records are typically retained until a student reaches age 25, in line with statutory guidance. Account data is deleted 30 days after subscription termination unless longer retention is required by law.

8. Your Rights

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal retention requirements)
• Restriction: Request limitation of processing
• Portability: Receive your data in a structured, machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at privacy@signal.com. We will respond within one month.

9. International Transfers

Your data is stored in Microsoft Azure data centers located in the UK and EU. If we transfer data outside the UK/EU, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

10. Children's Privacy

Our Service is designed for use by educational professionals, not children. We process data about children as part of safeguarding records, but children should not create accounts or use the Service directly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after such notice constitutes acceptance of the updated policy.

12. Contact and Complaints

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):