Privacy Policy

Last Updated: April 5, 2026

Sigentra is built on the principle of Data Minimization. We have engineered our platform to be a Zero-Cookie environment.

  • No Trackers: We do not use marketing pixels, advertising cookies, or third-party analytics that identify individual users.
  • No Consent Banner Required: Because we do not use non-essential cookies, we provide a faster, more private experience without the need for intrusive pop-ups.

1. Information We Collect

We collect only what is strictly necessary to provide our services and support:

  • Account Data: Name and email via Google OAuth (Identity Provider).
  • Communication Data: If you contact us via Sales or Support, we retain your email and message history to resolve your request (Basis: Legitimate Interest).
  • Audit Data: URLs and technical metadata of the websites you submit for monitoring.
  • Billing: Payment processing is handled entirely by Stripe. Sigentra does not see or store your credit card digits.

2. How We Use Your Information

We process your information only when we have a legal basis to do so (such as performing our contract with you, protecting our legal interests, or with your explicit consent).

A. To Provide and Maintain the Service

  • Identity Management: We use your Google OAuth data to create your account, manage your subscription, and ensure only you can access your domain's audit history.
  • The Sigentra Engine: We use the URLs you provide to perform technical scans via our headless browser infrastructure (Browserless).
  • The Sigentra Seal: Our API processes transient data (IP addresses) to serve the live compliance badge on your website. Note: This data is processed in real-time and is never stored or profiled.

B. To Ensure Security and Integrity

  • Fraud Prevention: We use technical logs to prevent automated abuse of our scanning engine and to secure our API endpoints.
  • Verification: To confirm you own the domains you are auditing, protecting the privacy of third-party website owners.

C. For Business Operations (The "Legal" Layer)

  • Billing & Payments: We share necessary data with Stripe to process your payments and manage tax compliance.
  • Support & Communication: We use the contact information you provide through sales or support inquiries to respond to your requests and provide technical assistance.

D. What We NEVER Do

To maintain the highest standard of integrity, Sigentra guarantees the following:

  • No Data Selling: We do not sell, rent, or trade your personal information to third parties.
  • No Cross-Context Tracking: We do not use your data to track you across other websites or build advertising profiles.
  • No Visual Data Retention: Because we audit code rather than pixels, we do not capture or store screenshots of your website or your users' interactions.

3. Information Sharing and Disclosure

Sigentra Badge: To serve the live Sigentra Badge on your website, our API processes visitor requests:

  • Transient Processing: We process the visitor's IP address and User Agent to serve the correct SVG badge.
  • No Retention: This data is processed in volatile memory and is not stored, logged, or profiled. We do not track the visitors of our clients.

4. Data Residency & International Transfers

  • Infrastructure: Our primary database is hosted via Supabase in AWS US-East-1 (North Virginia).
  • US Users: Data is handled in accordance with CCPA/CPRA, TDPSA (Texas), and other state frameworks.
  • EU/UK Users: As a US-hosted service, we rely on Standard Contractual Clauses (SCCs) or the EU-U.S. Data Privacy Framework to ensure a high level of protection for your data transferred to the United States.

5. Third-Party Sub-Processors

We utilize the following partners, each audited for 2026 compliance standards:

  • Supabase (USA): Database and Identity.
  • Vercel (Global): Hosting and Edge Functions.
  • Browserless (USA): Headless browser engine for website audits.
  • Stripe (Global): Secure payment processing.
  • Resend (USA): Email delivery.

6. Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We maintain specific retention criteria for different types of data:

  • Account Data: We retain your account information (name, email) for the duration of your active subscription to provide you with access to our services.
  • Audit & Domain Data: Website audit reports and associated metadata are stored for the life of your account to allow you to track compliance history.
  • Account Closure & Deletion: If you choose to close your account, all associated personal and domain data will be permanently deleted from our primary production databases within 30 days.
  • Legal Obligations: We may retain certain information (such as billing records) for longer periods where required by law (e.g., for tax or accounting purposes).

7. Your Rights

Under global data protection laws (including GDPR and CCPA/CPRA), you possess specific rights regarding your personal information. Regardless of your location, Sigentra honors these rights:

  • Right to Access: You have the right to request a copy of the personal data we hold about you. You can view your account details and audit history directly within the Sigentra dashboard.
  • Right to Erasure (Right to be Forgotten): You have the right to request the permanent deletion of your account and all associated domain data. Upon request, we will purge all your records from our primary databases and sub-processors.
  • Right to Data Portability: You have the right to receive your data in a structured, commonly used, and machine-readable format. You can export your full audit and account history at any time.
  • Right to Rectification: You have the right to correct any inaccurate or incomplete personal information we hold about you.
  • Opt-Out: Since we do not sell your data, there is no "Do Not Sell" list to join—your privacy is the default state of our platform.

8. Data Protection & Contact Information

Sigentra Ltd is the data controller responsible for your personal information. We have appointed a Data Protection Point of Contact who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights (such as data access or deletion), please contact us using the details set out below:

  • Full Name of Legal Entity: Sigentra Ltd

  • Email Address: moc.artnegis@tcatnoc

  • Postal Address: 124 City Road, London, United Kingdom, EC1V 2NX

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us.