Skip to main content

Privacy Policy

Effective July 5, 2026 · SignalEDI Inc.

How SignalEDI handles personal and business data across accounts, usage logs, payments, and support. Cross-link to the DPA for processor obligations and subprocessors.

On this page

1Information We Collect

We collect the following types of information:

  • Account Information: Name, email address, phone number, company name, job title, and business type provided during registration.
  • Usage Data: Information about how you interact with the Service, including EDI transaction logs, file processing records, and feature usage.
  • Technical Data: IP address, browser type, device information, and access timestamps collected automatically.
  • Payment Information: Billing details processed securely through Stripe. We do not store full credit card numbers on our servers.
  • Cookies & Analytics: Session cookies required for authentication, product analytics events (PostHog) describing feature usage, and — on our public marketing pages only — Google advertising and analytics tags used for campaign measurement and remarketing. Advertising tags are not loaded inside the customer dashboard.

2How We Use Your Information

  • To provide, maintain, and improve the Service;
  • To process transactions and send related notifications;
  • To respond to support requests and communicate with you;
  • To detect, prevent, and address technical issues and security threats;
  • To comply with legal obligations and enforce our Terms of Service.

3Data Sharing

We do not sell your personal information. We may share information with:

  • Service providers who assist in operating the platform (hosting, payment processing, email delivery);
  • Law enforcement or regulatory authorities when required by law;
  • Professional advisors (legal, accounting) as necessary for business operations.

For a complete list of our sub-processors, see Section 7 below or our Data Processing Agreement.

4Data Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest for databases and file storage, role-based access controls, and continuous automated compliance and security scanning with internal security exposure assessments. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

5Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. EDI transaction data is retained according to your plan’s retention period (14 to 365 days); optional archival vault add-ons extend retention of archived documents to 2, 5, or 7 years at your election.

If you delete your account or workspace, operational and personal data are deleted or anonymized after a 30-day grace window (during which you can cancel the request). We retain a minimal administrative record after deletion: workspace identifier, company name, plan, billing and invoice history (held by our payment processor, Stripe), contract dates, and the audit trail of the deletion itself — kept to satisfy legal, tax, accounting, and security obligations. Immutable audit logs are retained for up to 7 years with personal references anonymized.

6Your Rights

You have the right to:

  • Access & export: Download a machine-readable copy of your personal data any time from the Billing page (self-serve JSON bundle). Workspace administrators can additionally export the complete workspace — members, trading partners, EDI documents and transactions, mappings, configuration, and audit trail — from the same page.
  • Correction: Update your profile and company information directly in account settings, or ask us to correct anything you cannot edit yourself.
  • Deletion: Request deletion of your account — or, for workspace owners, the entire workspace and its customer data — self-serve from the app. Deletion executes after a 30-day grace window (cancellable until then), subject to the administrative-records retention described in Section 5.
  • Objection / restriction: Object to or restrict certain processing of your data.

You can also exercise any of these rights by email at privacy@signaledi.com or support@signaledi.com.

7AI Data Processing

  • SignalEDI uses AI models (powered by OpenAI) to provide automated support drafting, mapping suggestions, error explanations, and internal operations.
  • Before any prompt is sent to an external AI provider, SignalEDI applies pattern-based de-identification (including HIPAA Safe Harbor-style redaction for common PHI identifiers). Raw EDI payload bodies and full transaction content are not intentionally sent to external AI providers.
  • AI features may operate on operational metadata (e.g. redacted error text, partner names, ticket subjects). Healthcare customers must execute a BAA before transmitting PHI-bearing transaction sets (837, 835, 270, 271, and related sets).
  • SignalEDI sets the OpenAI store: false flag on every chat completion request so OpenAI does not retain prompt or response content beyond the request lifecycle.
  • Operational logs of AI interactions are stored in SignalEDI’s database for audit and quality purposes, governed by the retention policy in Section 5.
  • Client can request deletion of AI conversation history by contacting support@signaledi.com.

8International Data Transfers

  • Data is primarily stored and processed in the United States on Amazon Web Services (AWS) infrastructure (application hosting, PostgreSQL database, and object storage in the US East region). Limited legacy data may remain with our prior hosting providers (Vercel, Neon) during the ongoing migration window.
  • For EU, UK, and Swiss data subjects, international transfers are protected by Standard Contractual Clauses (EU Commission Decision 2021/914).
  • Clients may request execution of Standard Contractual Clauses by contacting support@signaledi.com.

9Sub-processors

SignalEDI uses the following sub-processors, each bound by data processing agreements:

  • Amazon Web Services (AWS)Application hosting, PostgreSQL database, and object storage (US East)
  • VercelLegacy hosting/CDN and object storage during the AWS migration window
  • NeonLegacy database (PostgreSQL) during the AWS migration window
  • StripePayment processing
  • ResendEmail delivery
  • UpstashRedis caching and rate limiting
  • PostHogProduct analytics (feature-usage events; no customer EDI payload data)
  • OpenAIAI processing (support drafting, mapping assistance) — prompts de-identified before transmission; not used for model training
  • SentryError and performance monitoring
  • SvixOutbound webhook delivery
  • Google (Ads and Analytics APIs)Marketing attribution and ad-account reporting (no customer EDI payload data)
  • TwilioSMS notifications (operational alerts only)
  • LinkedInOAuth and marketing post publishing (no customer EDI data)
  • Microsoft GraphTeams notifications and calendar integrations (optional)
  • Instantly.aiSales outreach orchestration (no customer EDI data)
  • Intuit QuickBooks OnlineERP connector sync when customer connects QuickBooks
  • Google Search Console and YouTube APIsSEO rank tracking and marketing video publishing (no customer EDI data)
  • SlackInternal operational alerts and inbound webhook notifications
  • InngestDurable workflow and cron orchestration — events carry only references (gateway/job/run ids); customer EDI payloads are fetched and processed server-side and never transit Inngest

10CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You may request information about what personal information we collect, use, disclose, and sell.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell personal information. No opt-out is necessary.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise these rights, email support@signaledi.com.

11Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12Contact

For questions about this Privacy Policy, contact us at support@signaledi.com.

© 2026 SignalEDI Inc. All rights reserved.

© 2026 SignalEDI Inc. All rights reserved.