Privacy Policy

Last Updated: March 21, 2026

Sigentra is built on the principle of Data Minimization. We have engineered our platform to be a Zero-Cookie environment.

  • No Trackers: We do not use marketing pixels, advertising cookies, or third-party analytics that identify individual users.
  • No Consent Banner Required: Because we do not use non-essential cookies, we provide a faster, more private experience without the need for intrusive pop-ups.

1. Information We Collect

We collect only what is strictly necessary to provide our services and support:

  • Account Data: Name and email via Google OAuth (Identity Provider).
  • Communication Data: If you contact us via Sales or Support, we retain your email and message history to resolve your request (Basis: Legitimate Interest).
  • Audit Data: URLs and technical metadata of the websites you submit for monitoring.
  • Billing: Payment processing is handled entirely by Stripe. Sigentra does not see or store your credit card digits.

2. How We Use Your Information

We process your information only when we have a legal basis to do so (such as performing our contract with you, protecting our legal interests, or with your explicit consent).

A. To Provide and Maintain the Service

  • Identity Management: We use your Google OAuth data to create your account, manage your subscription, and ensure only you can access your domain's audit history.
  • The Sigentra Engine: We use the URLs you provide to perform technical scans via our headless browser infrastructure (Browserless).
  • The Sigentra Seal: Our API processes transient data (IP addresses) to serve the live compliance badge on your website. Note: This data is processed in real-time and is never stored or profiled.

B. To Ensure Security and Integrity

  • Fraud Prevention: We use technical logs to prevent automated abuse of our scanning engine and to secure our API endpoints.
  • Verification: To confirm you own the domains you are auditing, protecting the privacy of third-party website owners.

C. For Business Operations (The "Legal" Layer)

  • Billing & Payments: We share necessary data with Stripe to process your payments and manage tax compliance.
  • Support & Communication: We use the contact information you provide through sales or support inquiries to respond to your requests and provide technical assistance.

D. What We NEVER Do

To maintain the highest standard of integrity, Sigentra guarantees the following:

  • No Data Selling: We do not sell, rent, or trade your personal information to third parties.
  • No Cross-Context Tracking: We do not use your data to track you across other websites or build advertising profiles.
  • No Visual Data Retention: Because we audit code rather than pixels, we do not capture or store screenshots of your website or your users' interactions.

3. Information Sharing and Disclosure

Sigentra Badge: To serve the live Sigentra Badge on your website, our API processes visitor requests:

  • Transient Processing: We process the visitor's IP address and User Agent to serve the correct SVG badge.
  • No Retention: This data is processed in volatile memory and is not stored, logged, or profiled. We do not track the visitors of our clients.

4. Data Residency & International Transfers

  • Infrastructure: Our primary database is hosted via Supabase in AWS US-East-1 (North Virginia).
  • US Users: Data is handled in accordance with CCPA/CPRA, TDPSA (Texas), and other state frameworks.
  • EU/UK Users: As a US-hosted service, we rely on Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework to ensure a high level of protection for your data transferred to the United States.

5. Third-Party Sub-Processors

We utilize the following partners, each audited for 2026 compliance standards:

  • Supabase (USA): Database and Identity.
  • Vercel (Global): Hosting and Edge Functions.
  • Browserless (USA): Headless browser engine for website audits.
  • Stripe (Global): Secure payment processing.
  • Resend (USA): Email delivery.

6. Your Rights

Regardless of your location, you have the right to:

  • Access & Export: Download your full audit and account history.
  • Deletion: Permanently remove your account and all domain data.
  • Opt-Out: Since we do not sell your data, there is no "Do Not Sell" list to join—your privacy is the default.

6. Data Protection & Contact Information

Sigentra Ltd is the data controller responsible for your personal information. We have appointed a Data Protection Point of Contact who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights (such as data access or deletion), please contact us using the details set out below:

  • Full Name of Legal Entity: Sigentra Ltd

  • Email Address: moc.artnegis@tcatnoc

  • Postal Address: 124 City Road, London, United Kingdom, EC1V 2NX

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

7. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

8. Contact Us

If you have any questions about this Privacy Policy, please contact us.