Updated: 2026-05-01

Privacy notice

This document explains what personal data UserSignals collects, why it is needed, how we process it, and what rights you have. Deliberately in plain language.

Who we are

UserSignals is an operations team for AI visibility. For personal data law purposes, the controller for the processing described below is ECONDATA TECHSCRIBE LTD, a Republic of Cyprus limited company (registration number HE455945, registered office Peiraios 30, Floor 1, Flat 1, Strovolos 2023, Nicosia, Cyprus), trading as UserSignals. For privacy questions and requests about your rights: hello@usersignals.ai.

What we collect

When you submit the contact form on the "Contact" page, we collect:

  • Your name and email address — so we can address you by name and reply to your request.
  • Optionally — another contact channel (for example, a LinkedIn, Telegram, or Signal account), if you prefer not to communicate by email.
  • Information about your situation that you provide in the form: company name, website, business type, markets and languages, description of the visibility problem, current vendors, legal caveats, urgency, and approximate budget — we need this to prepare a meaningful first reply.

We use this information only to respond to your request. We do not add you to marketing newsletters, do not transfer it to third parties (except the payment processor when payment is made — see below), and do not aggregate or analyze data outside your specific correspondence. We also store the date and time of form submission and a salted SHA-256 hash of your IP address — this is needed for spam protection. We never store the IP address itself, device fingerprint, or browser metadata.

Payments

Payments are processed by a third-party service (card or crypto payment processor). We do not receive, store, or have access to your card number, bank account, or crypto wallet details. We receive only a payment status notification (received, failed, refunded) and a transaction identifier. The processor name and a link to its privacy policy are shown on the payment page — the processing of payment data is described there.

What we do not collect

  • Tracking cookies are not used. Our analytics tool works without cookies and does not store user identifiers.
  • Third-party ad trackers, retargeting pixels, and marketing automation tags are not connected.
  • Automated profiling and automated decision-making with legal effects are not used.
  • We do not sell or transfer personal data to marketing partners.

Legal basis for processing

Contact form requests are processed under Article 6(1)(b) GDPR — steps at your request before a possible service contract. IP address hashing for spam protection is based on Article 6(1)(f) GDPR, as a legitimate interest in securing the service. Payment status data is processed under Article 6(1)(b) GDPR, as part of fulfilling the work contract.

How long we keep it

  • Contact form requests: kept for the full duration of project work plus 24 months — for context; then deleted as the period expires. Requests that do not lead to a project are kept for 12 months and then deleted.
  • Payment records: kept for 7 years, as required by Republic of Cyprus tax and accounting law, then deleted.
  • Analytics data: aggregated only after 30 days; individual visit records are not retained beyond that point.
  • Server and security logs: kept for 90 days — enough for incident response and abuse handling; then deleted.
  • IP address hashes: kept for 90 days — enough for spam protection; then deleted.
  • Email correspondence: kept while the relationship is active, or for 24 months after the last contact — whichever is longer.

Your rights

Under Articles 15–22 of the GDPR you have specific rights regarding your personal data:

  • Article 15 — access: confirmation that we process your data and a copy of it.
  • Article 16 — rectification: correction of inaccurate or incomplete data.
  • Article 17 — erasure ("right to be forgotten"): deletion of data we no longer have a legal basis to keep.
  • Article 18 — restriction of processing: a temporary halt while a dispute is resolved.
  • Article 20 — portability: a machine-readable export of data you provided.
  • Article 21 — objection: opposition to processing based on legitimate interest.
  • Article 22 — automated decision-making: we do not run any (see "What we do not collect").

To exercise any of these rights, write to hello@usersignals.ai. We respond within 30 days. If you believe we processed your data in violation of the law, you have the right to lodge a complaint with the supervisory authority in Cyprus — the Office of the Commissioner for Personal Data Protection (https://www.dataprotection.gov.cy) — or with the data protection authority of your own EU member state.

International data transfers

Our infrastructure is hosted in European Union (Germany). If third-party processors (card or crypto payment processor, email provider) operate outside the European Union, those transfers rely on standard contractual clauses and the recipient's published safeguards.

Changes to this notice

We update this notice when our data processing processes materially change. The "Updated" date at the top of the page shows the latest version. We announce material changes on the site homepage for 30 days.