Legal

Privacy Policy

Last updated: May 25, 2026

1. Introduction

Product Signal ("we", "our", or "us") provides a B2B SaaS platform for product discovery and customer feedback intelligence. This Privacy Policy explains how we collect, use, share, and protect personal data when you visit our website or use the Product Signal platform (the "Service").

This policy is intended for business customers, their authorized users, and website visitors. It does not replace any Data Processing Agreement ("DPA") we enter into with a customer.

2. Our Role Under GDPR

We act as a controller for personal data we process for our own business purposes, such as website analytics, account administration, authentication, customer support, product security, and service communications.

We act as a processor when we process personal data that a customer imports, syncs, submits, or instructs us to process through the Service. For that customer data, the customer is responsible for determining the purposes and legal basis for the processing, and our processing is governed by the customer's instructions and the DPA.

3. Personal Data We Collect

Depending on how you use the Service, we may collect or process the following categories of personal data:

  • Account data — your name, email address, authentication credentials such as password hashes, profile details, session information, and organization membership details.
  • Organization data — your organization name and membership details.
  • Source and integration data — connected source configuration, API credentials or tokens, sync status, and related metadata.
  • Customer data imported into the Service — company records, contact names, email addresses, feedback, call transcripts, notes, source URLs, dates, metadata, and other content synced from tools such as Productboard and Leexi.
  • Product discovery data — topics, hypotheses, evidence, AI-generated insights, extracted pains, summaries, embeddings, outreach drafts, sent outreach messages, and responses submitted through the Service.
  • Usage and technical data — pages visited, features used, actions taken, server logs, IP address, browser or device information, and security events.
  • Communications — emails, support requests, beta feedback, and other messages you send to us or generate through the Service.

4. How We Use Personal Data

We use personal data for the following purposes:

  • Provide and administer the Service — to create accounts, authenticate users, manage organizations, operate integrations, sync data, and deliver the features customers request.
  • Generate product intelligence — to create embeddings, semantic search results, summaries, extracted pains, topic evidence, hypotheses, outreach drafts, and related AI-powered outputs based on customer instructions.
  • Communicate with users and customers — to send transactional emails, respond to support requests, manage beta feedback, and provide service-related notices.
  • Protect the Service — to monitor reliability, debug issues, prevent abuse, investigate incidents, and maintain security.
  • Improve the Service — to understand feature usage, fix bugs, and improve product quality. We do not use customer content to train AI models.
  • Comply with law — to meet legal, accounting, tax, regulatory, and dispute-resolution obligations.

We do not sell your personal data or use it to train AI models.

5. Legal Bases

When we act as a controller, we rely on the following legal bases under GDPR:

  • Contract — where processing is necessary to provide the Service or take steps requested before entering into a contract.
  • Legitimate interests — where processing is necessary to operate, secure, improve, and communicate about the Service, provided those interests are not overridden by individual rights.
  • Legal obligation — where processing is required to comply with applicable law.
  • Consent — where we ask for consent, such as for certain optional communications or non-essential tracking if introduced in the future.

When we act as a processor, our customer's legal basis applies, and we process customer data only on documented instructions from that customer.

6. AI Processing

Product Signal uses AI service providers to generate embeddings, semantic search results, summaries, pain extraction, outreach drafts, and related product intelligence features. Customer content may be sent to these providers only as needed to provide the requested Service features.

We do not use customer content or personal data to train Product Signal AI models, and we contractually require AI subprocessors to process personal data only for the purpose of providing their services to us.

7. Data Sharing

We share personal data only in the following circumstances:

  • Subprocessors — we use third-party services to operate the platform. See our Subprocessors page for the full list.
  • Customer-directed integrations — when a customer connects third-party tools such as Productboard or Leexi, we access and process data from those tools according to the customer's configuration and instructions.
  • Legal requirements — we may disclose data when required by law, court order, or governmental authority.
  • Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you in advance.

We do not share your customer data with other Product Signal customers or third parties for marketing purposes.

8. International Transfers

Some of our subprocessors and service providers may process personal data outside the European Economic Area, including in the United States. Where required, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses, adequacy decisions, or equivalent contractual protections.

9. Data Retention

We retain account and organization data for as long as needed to provide the Service, manage the customer relationship, and comply with legal obligations. If an account or customer workspace is closed, we delete or anonymize personal data within a reasonable period, unless we need to keep it for legal, security, backup, dispute-resolution, or compliance purposes.

Customer data imported into the Service is retained according to the customer's instructions, the applicable agreement, and our DPA. On request or termination, we will delete or return customer data as described in the DPA or applicable order form.

10. Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include encryption in transit, access controls, least-privilege permissions, logging, backups, and personnel access limited to authorized roles.

No system is completely secure. If we become aware of a personal data breach, we will notify affected customers, users, regulators, or other parties as required by applicable law and our contractual commitments.

11. Cookies and Analytics

We use strictly necessary cookies and similar technologies for authentication, session management, security, and preference storage.

Our marketing website uses Plausible Analytics to understand aggregate website usage without advertising cookies. We do not use third-party advertising cookies or sell analytics data.

12. Your Rights (GDPR)

If GDPR applies to you, you may have the following rights regarding personal data for which we act as controller:

  • Access — request a copy of the data we hold about you.
  • Rectification — request correction of inaccurate data.
  • Erasure — request deletion of your personal data.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Restriction — request that we restrict how we use your data.
  • Withdraw consent — withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at legal@productsignal.com. We will respond within the time required by applicable law.

If your request relates to personal data we process on behalf of a customer, we may refer your request to that customer or process it according to their instructions.

You also have the right to lodge a complaint with your local data protection authority.

13. Third-Party Services

The Service integrates with third-party platforms (Productboard, Leexi) at your direction. When you connect these integrations, their own privacy policies apply to data stored in those services. We only access the data you explicitly authorize via their APIs.

14. Children's Privacy

Product Signal is not directed to children under the age of 16. We do not knowingly collect personal data from children.

15. Changes to This Policy

We may update this policy from time to time. We will notify you by email and update the "last updated" date above. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

16. Contact

For any privacy-related questions or requests, contact us at:

Product Signal
legal@productsignal.com

Legal Terms of Service DPA Subprocessors