Privacy Policy
How we collect, use, and protect your personal data — in plain English.
Last updated: March 2026
1. Who we are
Signal & Flow is a trading name operated in the United Kingdom. We are the data controller for personal data collected through this website. You can contact us at hello@signalandflow.co.uk.
2. What data we collect
We collect the following personal data:
- Email address — provided when you use the analysis tool or contact us
- URLs you submit — the website addresses you ask us to analyse
- Payment information — handled entirely by Stripe; we never see or store your card details
- Contact form submissions — name, email, and message content when you contact us
- Usage data — basic server logs including IP address and request timestamps for security and rate limiting purposes
We do not use cookies for tracking or advertising. We do not collect personal data from the websites you ask us to analyse. See section 11 for a full account of what we store in your browser.
3. How we use your data
We use your personal data only for the following purposes:
- To deliver your analysis report to your email address
- To manage your credits and access to the service
- To respond to your contact form enquiries
- To prevent abuse, fraud, and excessive use of our service
- To comply with our legal obligations
We do not use your data for marketing unless you have explicitly opted in. We do not sell your data to third parties. We do not use your data to train AI models.
4. Our legal basis for processing
We process your personal data under the following legal bases under UK GDPR:
- Contract performance — processing your email and payment data is necessary to deliver the service you've paid for
- Legitimate interests — server logs and IP-based rate limiting are necessary to protect our service from abuse
- Legal obligation — we may retain certain data to comply with UK tax and financial record-keeping requirements
5. How long we keep your data
We retain your email address and analysis history for as long as you remain an active customer. If you request deletion, we will remove your data within 30 days except where we are required to retain it by law (for example, payment records which must be kept for 6 years under UK law).
6. Who we share your data with
We use the following third-party services to operate Signal & Flow:
- Stripe — payment processing. Stripe is PCI DSS Level 1 certified. Stripe Privacy Policy
- Resend — email delivery for your analysis reports. Resend Privacy Policy
- Anthropic — the AI provider that powers our analysis. Submitted page content is processed by Anthropic's API. Anthropic Privacy Policy
- Render — our hosting provider. Render Privacy Policy
We do not share your personal data with any other third parties.
7. Your rights under UK GDPR
You have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Rectification — request correction of inaccurate data
- Erasure — request deletion of your personal data
- Restriction — request that we restrict processing of your data
- Portability — request your data in a portable format
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us at hello@signalandflow.co.uk. We will respond within 30 days.
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
We take reasonable technical measures to protect your personal data, including encrypted connections (HTTPS), access controls, and server-side rate limiting. No system is completely secure, and we cannot guarantee the security of data transmitted over the internet.
9. Changes to this policy
We may update this privacy policy from time to time. We will always display the date of the most recent update at the top of this page. Continued use of the service after changes are posted constitutes acceptance of the revised policy.
10. Contact
For any questions about this privacy policy or your personal data, please contact us at hello@signalandflow.co.uk or use our contact form.
11. Cookies and local storage
We do not use cookies for tracking or advertising. We have no analytics scripts, no marketing pixels, and no third-party tracking of any kind. Here is a complete and honest account of what we do store.
What we store in your browser
We use your browser's localStorage — not cookies — to store a small number of items that are necessary for the service to function:
- sf_email — your email address, so you can access your report history without logging in each time. Only stored if you choose to enter it.
- sf_credit_code — your credit code, so you do not have to re-enter it between sessions. Only stored once you apply a code.
- sf-theme — your light or dark mode preference. Stored so your choice persists across visits.
These items are stored entirely within your browser and are never transmitted to our servers (except your email, which you provide directly when using the service). You can clear them at any time through your browser's developer tools or privacy settings.
Fonts
Our fonts (Syne, Barlow, Roboto Mono, Inter, Material Icons) are self-hosted and served directly from our own servers. No font requests are made to Google or any third party. Your browser does not contact fonts.googleapis.com or fonts.gstatic.com when visiting this site.
What we do not use
To be explicit: we do not use Google Analytics, Facebook Pixel, any other analytics platform, any advertising or retargeting scripts, session cookies, or any third-party tracking of any kind. The only external service your browser contacts when using Signal & Flow (beyond the page itself) is Google Fonts.
Managing your preferences
You can view what is stored and why at any time by clicking Manage Cookies in the footer of any page. To clear stored data, use your browser's built-in tools (Settings → Privacy → Clear browsing data, or equivalent). For more information on your rights around cookies and similar technologies, see the ICO's guidance on cookies.