Privacy policy
Last updated: July 5, 2026
SignalWish (“we”, “us”) provides hosted feedback boards at signalwish.com and customer subdomains. This policy explains what we collect, why, and the choices you have. It applies to board owners (our customers) and to voters who participate on boards.
What we collect
Board owners: your email address, a password hash (we never store the password itself), your organization name, board content, and billing status. Payments are processed by Stripe; we never see or store card numbers.
Voters: your email address (used for verification and the notifications you request), the posts, votes, and comments you submit, and coarse technical data (IP address for rate limiting and abuse prevention). Your email is visible to the owner of the board you participate on, and to no one else. It is never displayed publicly.
How we use it
To operate the service: authenticating you, rendering boards, counting votes, sending magic links, shipped notifications, password resets, and — only if you opted in — board update emails. Every marketing-style email contains a one-click unsubscribe that is honored immediately and enforced by our email platform's suppression list.
Analytics
We use self-hosted, cookieless Umami analytics on our marketing pages and boards. It records page views without cross-site tracking, advertising identifiers, or sale of data.
Sharing
We share data only with the processors required to run SignalWish: Stripe (payments), Postmark (email delivery), and our hosting provider. We do not sell personal data, run ads, or share data with brokers. We may disclose information if legally required.
Retention and deletion
Board content is retained while the owning account exists. If a subscription lapses, boards become read-only but are not deleted. To delete your account, a board, or a voter profile (including votes and comments), email privacy@signalwish.com and we will complete the deletion within 30 days.
Security
Passwords are hashed with PBKDF2, sessions are HTTP-only cookies, traffic is TLS-encrypted, and voter actions are verified by signed tokens. No internet service can promise perfection; we promise prompt disclosure if an incident affects your data.
Your rights
You may request a copy, correction, or deletion of your personal data at any time via privacy@signalwish.com. If you are in the EU/EEA or UK, these requests are handled under GDPR; if in California, under CCPA.
Changes
We will post any changes to this policy here and update the date above. Material changes will be announced by email to board owners.
Questions? Email privacy@signalwish.com.