Privacy Policy

Signal Artisan — EU SaaS Edition (v1.2)
Effective date: 1 January, 2026 · Last updated: 15 December, 2025

This Privacy Policy explains how Signal Artisan (“we”, “us”, “our”) collects and processes personal data when you use Signal Artisan (the “Service”). It also explains your rights under the GDPR and related EU data protection laws.

1. Who We Are

The Service is operated by Dainis Berzins, a self-employed individual registered in Latvia as a provider of economic activity (pašnodarbināts). For most processing described in this policy, we act as the data controller.

Contact details:
Address: Ropazu 14A, Riga, Latvia, LV-1039
Email: support@signalartisan.com

Merchant of Record / billing: Payments for paid plans are processed by our authorised Merchant of Record, Paddle.com (or an affiliated Paddle entity) (“Paddle”). Paddle may act as an independent controller for payment processing, tax handling, fraud prevention, compliance, and related purposes. We receive limited purchase and subscription status information so we can provision and manage your access to the Service.

2. Personal Data We Collect

Depending on how you use the Service, we may collect:

  • Account data: name (if provided), email address, login identifiers, account settings.
  • Billing/subscription data: subscription status, plan, purchase timestamps, invoice/receipt references (payment details are handled by Paddle).
  • Usage data: feature usage, interactions, events, timestamps, workspace activity.
  • Technical data: IP address, device/browser info, cookies/identifiers, server logs.
  • Support/communications: messages you send to us, support tickets, feedback, and related metadata.
  • GDPR request data: information you provide when making a privacy request (e.g., identity verification information, correspondence, request status and fulfilment notes).
  • User content: data you upload or enter (e.g., metrics, signals, rules, descriptions).

Important: Please avoid including special category personal data (e.g., health data, political opinions) in User Content or support requests unless it is strictly necessary. If you do provide such data, we will process it only to the extent necessary to handle your request and operate the Service.

We process personal data only where we have a legal basis under GDPR. The table below explains why we process data and the legal basis we rely on.

Purpose Data typically used Legal basis (GDPR)
Provide the Service (account, core features, workspace) Account data, usage data, technical data, user content Contract (Art. 6(1)(b))
Billing and subscription management (access provisioning) Limited subscription status and purchase metadata from Paddle Contract (Art. 6(1)(b)); Legal obligation where applicable (Art. 6(1)(c))
Customer support and service communications Support/communications, account data, technical data Contract (Art. 6(1)(b)); Legitimate interests (Art. 6(1)(f))
Handle privacy requests (GDPR requests) and verify identity Account data, GDPR request data, support/communications Legal obligation (Art. 6(1)(c)); Legitimate interests (Art. 6(1)(f))
Security, abuse prevention, fraud detection Technical data, logs, usage data Legitimate interests (Art. 6(1)(f))
Improve and maintain the Service (debugging, performance) Usage data, technical data Legitimate interests (Art. 6(1)(f))
Marketing communications (e.g., newsletter) Email address, preferences Consent (Art. 6(1)(a)) (where required) and you can withdraw at any time
Compliance with legal obligations (e.g., accounting, tax, lawful requests) Account/billing metadata, logs where required Legal obligation (Art. 6(1)(c))

4. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, maintain sessions, and (where enabled) to understand usage. Where required by EU law, non-essential cookies are used only with your consent.

You can manage cookie preferences via our cookie banner (if enabled) and/or your browser settings. Disabling certain cookies may affect Service functionality.

5. Sharing Your Data

We may share personal data with:

  • Infrastructure and hosting (AWS): we use Amazon Web Services (“AWS”) to host and operate the Service.
  • Customer support and GDPR request tracking (Github): we use Github to manage support requests and to track GDPR requests and fulfilment.
  • Service providers (processors): providers supporting core operations (e.g., hosting, infrastructure, email delivery, analytics, error monitoring).
  • Paddle (Merchant of Record): for payment processing, tax calculation/collection, invoicing, fraud prevention, and subscription lifecycle.
  • Professional advisors: accountants, lawyers, auditors (when necessary).
  • Authorities: where required by law or to protect rights, safety, and security.

When we use processors, we require appropriate contractual protections (including data processing terms) consistent with GDPR. Some providers (such as Paddle) may process certain personal data as independent controllers for their own legal and compliance purposes.

5.1 Key Service Providers

  • Amazon Web Services (AWS) — hosting and infrastructure (processor).
  • Github — support ticketing and GDPR request tracking (processor).
  • Paddle — Merchant of Record and payment/subscription processing (may act as controller for payment and tax data).

6. International Transfers

Some service providers may process personal data outside the European Economic Area (EEA). Where this happens, we rely on appropriate safeguards such as adequacy decisions, Standard Contractual Clauses (SCCs), and (where applicable) supplementary measures.

Depending on your location and the provider’s operations, this may include processing in the United States or other jurisdictions.

7. Data Retention

We keep personal data only as long as needed for the purposes described above, unless a longer retention period is required by law.

  • Account data: retained while your account is active; deleted or anonymised after account deletion, subject to legal and operational needs.
  • Billing records: retained as required by applicable accounting and tax laws (some records are retained by Paddle as Merchant of Record).
  • Logs and security records: retained for a limited period appropriate to security, abuse prevention, and troubleshooting.
  • Support communications: retained for follow-up and quality purposes for a limited period.
  • GDPR request records: retained as necessary to demonstrate compliance, handle follow-ups, and maintain an audit trail.

8. Your Rights (GDPR)

Subject to conditions and exceptions under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate or incomplete data
  • Request deletion (erasure)
  • Restrict processing
  • Data portability
  • Object to processing based on legitimate interests
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at support@signalartisan.com. We may need to verify your identity before fulfilling your request.

Response time: We aim to respond to requests within one month. This period may be extended by up to two additional months for complex requests, in which case we will inform you of the extension and reasons.

9. Complaints

You have the right to lodge a complaint with your local supervisory authority. If you are in Latvia, this is the Data State Inspectorate (Datu valsts inspekcija).

10. Security

We use appropriate technical and organisational measures designed to protect personal data, such as access controls, encryption in transit, and logging/monitoring. We restrict access to personal data to authorised persons who need it to operate the Service and respond to requests.

No method of transmission or storage is 100% secure, but we work to maintain safeguards appropriate to the risk.

11. Children

The Service is not intended for children. If you believe a child has provided us with personal data, contact us and we will take appropriate steps to delete it.

12. Automated Decision-Making

We do not use automated decision-making (including profiling) that produces legal effects or similarly significant effects for you.

13. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and update the “Last updated” date above. If changes are material, we will provide additional notice where required.

14. Contact

For privacy questions or requests, contact:
📧 support@signalartisan.com