Privacy Policy

Introduction

Signal B2B (Pty) Ltd ("Signal B2B", "we", "us", "our") operates the website signalb2b.io and the Signal B2B lead-intelligence platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, store, and otherwise process personal information.

We are committed to protecting personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) of South Africa ("POPIA") and, where applicable, the EU General Data Protection Regulation 2016/679 ("GDPR") and the UK GDPR and Data Protection Act 2018 (together, "UK GDPR").

This Policy applies to three categories of individuals:

• Users — people who register for, access, or use the Service (including account holders and their colleagues);
• Prospects — individuals whose business contact details appear in our lead database because they are identifiable as professional contacts of a business (for example, employees listed on company websites, public professional profiles, or in third-party B2B data sources); and
• Website visitors — people who visit signalb2b.io.

Who We Are (Responsible Party / Controller)

For the purposes of POPIA, Signal B2B (Pty) Ltd is the Responsible Party. For the purposes of GDPR and UK GDPR, we are the data controller of personal data processed through the Service, except where we act as a processor/operator on behalf of our customers (see Section 11).

Personal Information We Collect

3.1 Information you provide directly (Users)

• Identifiers: full name, job title, employer, business email address, business phone number.
• Account credentials: username, hashed password, multi-factor authentication details.
• Billing information: billing contact, VAT/tax number, billing address, and payment instrument details (processed by our payment provider — we do not store full card numbers).
• Communications: support tickets, messages, feedback, survey responses.
• User content: search queries, saved lists, notes, tags, exports, and other content you create in the Service.

3.2 Information collected automatically (Users and website visitors)

• Device and technical data: IP address, browser type and version, operating system, device identifiers, language settings, time zone.
• Usage data: pages viewed, features used, search terms entered, links clicked, referring URL, timestamps, session duration.
• Cookies and similar technologies: as described in Section 9.

3.3 Information about Prospects

We maintain a B2B lead-intelligence database containing business contact information about individuals in their professional capacity. This typically includes: full name; job title, seniority, and department; employer name, company size, industry, and location; business email address; business phone number; public professional profile URLs (e.g., LinkedIn); and publicly available signals indicating buying intent, hiring activity, technology usage, funding events, or other business changes relevant to B2B sales and marketing.

We obtain Prospect data from publicly available sources and from third-party data providers who warrant that they have collected and may lawfully share the data for B2B purposes. We do not knowingly collect special-category personal information or data relating to children.

3.4 Information from third parties

• Authentication providers (e.g., Google, Microsoft) if you sign in via single sign-on.
• Payment processors confirming transaction status.
• Enrichment and data-licensing partners supplying Prospect data.
• Analytics, advertising, and referral partners.

Why We Process Personal Information & Our Lawful Basis

4.1 Users and website visitors

• Providing and operating the Service — necessary for the performance of our contract with you (GDPR Art. 6(1)(b); POPIA s.11(1)(b)).
• Account administration, billing, and customer support — contract performance and compliance with legal obligations.
• Security, fraud prevention, and enforcement — legitimate interests in maintaining a safe and reliable service.
• Product analytics and improving features — legitimate interests in operating and improving the Service.
• Marketing to existing customers — legitimate interests and the soft opt-in under applicable e-privacy rules. You may opt out at any time.
• Marketing to prospective customers — consent (GDPR Art. 6(1)(a); POPIA s.11(1)(a)).
• Legal compliance, tax, and accounting — legal obligation (GDPR Art. 6(1)(c); POPIA s.11(1)(c)).

4.2 Prospects

We process Prospect personal information to build and maintain a B2B lead-intelligence database that our customers use for lawful B2B sales and marketing. Our primary lawful basis is our legitimate interests (and those of our customers) in operating a commercially useful business-to-business intelligence service (GDPR Art. 6(1)(f); POPIA s.11(1)(f)).

Where we or our customers send electronic marketing to Prospects, the customer is responsible for ensuring an appropriate lawful basis for the specific communication, including consent where required by applicable e-privacy laws.

How We Share Personal Information

We share personal information only as described below, and only to the extent necessary:

• Customers of the Service — Prospect data is made available to our customers through the Service so they can conduct B2B sales and marketing outreach. Each customer acts as an independent controller/responsible party in relation to the Prospect data they access.
• Service providers — cloud hosting, database, analytics, customer-support, email delivery, payment processing, identity/authentication, and similar providers, bound by written contracts requiring appropriate safeguards.
• Group companies and affiliates — where necessary for the purposes set out in this Policy and subject to equivalent protections.
• Professional advisers — lawyers, auditors, insurers, and accountants, where reasonably necessary.
• Law enforcement and regulators — where required by law, court order, or to protect our or a third party's rights, property, or safety.
• Corporate transactions — in connection with a merger, acquisition, financing, reorganisation, or sale of assets. We will notify affected individuals where required.

International Transfers of Personal Information

Signal B2B is based in South Africa. We, our group companies, and our service providers may process personal information in countries other than your country of residence, including jurisdictions that may not offer the same level of protection. When we transfer personal information across borders, we put in place appropriate safeguards, which may include:

• Transfers to a country recognised by the relevant authority as providing adequate protection;
• For GDPR/UK GDPR transfers out of the EEA/UK: Standard Contractual Clauses (SCCs), UK IDTA, or UK Addendum, together with any required supplementary measures;
• For POPIA transfers out of South Africa: contractual safeguards binding the recipient to principles substantially similar to POPIA (s.72), the data subject's consent, or another lawful ground.

You may request a copy of the relevant safeguards by contacting privacy@signalb2b.io.

How Long We Keep Personal Information

Your Rights

8.1 Rights under POPIA

• Access — to confirm whether we hold personal information about you and to request a copy.
• Correction — to request correction of inaccurate, irrelevant, excessive, or outdated information.
• Deletion/destruction — to request deletion or destruction of personal information that is no longer authorised to be retained.
• Objection — to object, on reasonable grounds, to the processing of your personal information, including for direct marketing.
• Withdraw consent — where processing is based on consent, at any time without affecting prior lawful processing.
• Complain — to lodge a complaint with the Information Regulator (South Africa).

8.2 Additional rights under GDPR and UK GDPR

• Restriction of processing — in specified circumstances.
• Data portability — to receive certain personal data in a structured, machine-readable format and transmit it to another controller.
• No solely automated decision-making — we do not carry out automated decision-making that produces legal or similarly significant effects.
• Lodge a complaint — with your local supervisory authority in the EU/EEA or with the UK ICO.

8.3 How to exercise your rights

Email privacy@signalb2b.io. We may need to verify your identity before acting on your request. We will respond within the timeframes required by applicable law (typically within one month under GDPR/UK GDPR and as reasonably practicable under POPIA).

8.4 Regulator contact details

• Information Regulator (South Africa): JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 | inforeg@justice.gov.za | inforegulator.org.za
• UK ICO: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF | ico.org.uk
• EU/EEA: the supervisory authority in your country of residence, work, or the place of the alleged infringement. See edpb.europa.eu.

Cookies and Similar Technologies

We and our service providers use cookies, pixels, local storage, and similar technologies on signalb2b.io to operate the site, remember your preferences, measure performance, and (where you have consented or we are otherwise permitted) deliver relevant marketing.

Where required by law (including in the EU, UK, and South Africa), we set non-essential cookies only with your consent, obtained via our cookie banner. You can change your preferences at any time by clicking "Cookie settings" in the footer of signalb2b.io, or by adjusting your browser settings.

How We Protect Personal Information

We maintain appropriate technical and organisational measures designed to protect personal information against loss, unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption in transit (TLS) and encryption at rest for sensitive data stores;
• Role-based access controls, multi-factor authentication, and least-privilege principles;
• Network segregation, logging, monitoring, and vulnerability management;
• Contractual obligations on our service providers to maintain appropriate security;
• Staff training and confidentiality obligations;
• Documented incident-response procedures.

No method of transmission or storage is completely secure. If we become aware of a security compromise affecting personal information, we will notify the Information Regulator, supervisory authorities, and affected individuals as required by law.

Customers' Use of the Service

When customers use the Service to identify, contact, or enrich data about Prospects, the customer determines the purposes and means of that processing and acts as an independent responsible party / controller in relation to that activity. Customers are responsible for:

• Ensuring they have an appropriate lawful basis for contacting Prospects, including obtaining consent where required;
• Providing transparency notices to Prospects as required by POPIA, GDPR, and UK GDPR;
• Honouring objection, opt-out, and deletion requests from Prospects;
• Complying with direct-marketing laws applicable to their jurisdiction and the jurisdiction of each Prospect.

Where we process personal information solely on behalf of a customer (for example, where a customer uploads their own CRM or contact list), we act as an operator / processor. Our data processing terms are available on request or form part of our master agreement.

Children

The Service is intended for business users and is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information about a child, please contact privacy@signalb2b.io and we will take steps to delete it.

Automated Decision-Making

We do not use personal information to make decisions based solely on automated processing that produce legal or similarly significant effects. We do use automated techniques (including scoring, enrichment, and probabilistic matching) to build and maintain the lead database; these do not by themselves produce legal effects concerning Prospects.

Changes to This Policy

We may update this Policy from time to time. When we do, we will change the "Last updated" date at the top. If the changes are material, we will provide additional notice (for example, by email or an in-product notification). We encourage you to review this Policy periodically.

How to Contact Us

If you have questions, concerns, or requests about this Policy or our processing of personal information: