Privacy Policy

Last updated: April 1, 2026

1. Introduction

GovSignal ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our website (govsignal.co), newsletter, and related services (collectively, "the Service").

We comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA).

2. Data Controller

GovSignal is the data controller responsible for your personal data. For questions or requests regarding your data, contact us at privacy@govsignal.co.

3. Information We Collect

3.1 Information You Provide

  • Email address: Collected when you subscribe to our newsletter or create an account.
  • Name (optional): If you provide it during signup or account creation.
  • Payment information: For paid subscribers, we collect billing details through our payment processor (Stripe). We do not store full credit card numbers on our servers.
  • Industry and preference data: If you configure filters for your alerts, we store your selected industries, locations, and contract value preferences.
  • Communications: If you contact us via email, we retain the contents of your messages and our responses.

3.2 Information Collected Automatically

  • Usage data: Pages visited, time spent on pages, links clicked, and navigation patterns on our website.
  • Device information: Browser type, operating system, screen resolution, and device type.
  • IP address: Collected for security, fraud prevention, and approximate geographic location.
  • Email engagement: Open rates, click-through rates, and interaction with newsletter content, collected through our email service provider.
  • Cookies and similar technologies: See Section 7 for details.

4. How We Use Your Information

We use your personal data for the following purposes:

  • Delivering the Service: Sending your newsletter digest, processing your subscription, and providing access to paid features.
  • Personalization: Filtering contract alerts based on your selected industries, locations, and preferences.
  • Communication: Responding to your inquiries, sending service announcements, and notifying you of important changes.
  • Analytics and improvement: Understanding how subscribers use the Service so we can improve content, features, and user experience.
  • Security: Detecting and preventing fraud, abuse, and unauthorized access.
  • Legal compliance: Meeting our legal obligations and responding to lawful requests from authorities.

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Consent: You provide consent when you subscribe to our newsletter or opt in to marketing communications. You may withdraw consent at any time.
  • Contract: Processing is necessary to deliver our Service when you subscribe to a paid plan.
  • Legitimate interests: We process data for analytics, security, and Service improvement where our interests do not override your rights.
  • Legal obligation: We may process data to comply with applicable laws and regulations.

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of third parties, and only to the extent necessary to operate the Service:

  • Email service provider (Beehiiv): To deliver newsletters and manage subscriber lists.
  • Payment processor (Stripe): To process paid subscription payments securely.
  • Analytics providers (e.g., Google Analytics, Plausible): To understand website usage patterns. We use privacy-respecting analytics where possible.
  • Hosting providers: To serve our website and store data securely.
  • Legal and regulatory authorities: When required by law or to protect our rights.

All third-party providers are bound by data processing agreements and are required to handle your data in accordance with applicable privacy laws.

7. Cookies and Tracking Technologies

We use the following types of cookies:

  • Essential cookies: Required for the website to function, such as session management and security tokens. These cannot be disabled.
  • Analytics cookies: Used to understand how visitors interact with our website. These are anonymized where possible and can be disabled.
  • Preference cookies: Store your settings and preferences for return visits.

We do not use advertising or retargeting cookies. Our email newsletters contain tracking pixels to measure open rates and link clicks for the purpose of improving content relevance.

You can manage cookie preferences through your browser settings. Disabling cookies may affect certain website functionality.

8. Data Retention

  • Active subscribers: We retain your data for as long as your subscription is active.
  • Unsubscribed users: We retain your email address for 90 days after unsubscription for suppression purposes (to ensure we do not re-subscribe you), then delete it.
  • Payment records: Retained for 7 years to comply with tax and accounting regulations.
  • Analytics data: Aggregated and anonymized analytics are retained indefinitely. Individual-level analytics data is deleted after 26 months.
  • Communications: Support emails are retained for 2 years after resolution.

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request that we limit how we process your data.
  • Portability: Request a copy of your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@govsignal.co. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

California Residents (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To exercise your rights, contact privacy@govsignal.co.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (TLS) and at rest.
  • Access controls limiting data access to authorized personnel only.
  • Regular security assessments of our systems and third-party providers.
  • Secure payment processing through PCI-DSS compliant providers.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States. Where we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner's Office.

12. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: privacy@govsignal.co