Last updated: February 8, 2026
Welcome to ReviewSignal.ai ("ReviewSignal", "we", "us", or "our"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG"), and all other applicable data protection legislation.
This Privacy Policy explains how we collect, use, store, and protect personal data when you visit our website at reviewsignal.ai, use our API services, or interact with us through email or other communication channels.
By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please refrain from using our services and contact us to exercise your rights as described in Section 7.
The data controller responsible for the processing of your personal data is:
ReviewSignal
Operated by Szymon Daniel
Güntherstraße 19
60528 Frankfurt am Main, Germany
Email: team@reviewsignal.ai
Website: https://reviewsignal.ai
As the data controller, we determine the purposes and means of processing personal data and are responsible for ensuring that all processing activities comply with applicable data protection laws.
We collect and process personal data from several categories of individuals. The scope and type of data collected depends on your relationship with ReviewSignal.
When you visit our website, we may collect the following data:
We do not use tracking cookies or third-party analytics services that profile individual users. See Section 9 (Cookies) for details.
When you register for our services or subscribe to a plan, we collect:
As part of our business-to-business (B2B) sales and marketing activities, we may process the following data about professionals at prospective client organizations:
This data is sourced from third-party business intelligence platforms (see Section 6) and is processed under our legitimate interest in B2B marketing. You may opt out of these communications at any time (see Section 7).
We process your personal data for the following purposes:
Under Article 6 of the GDPR, we process personal data on the following legal bases:
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Providing API services and managing subscriptions | Performance of a contract | Art. 6(1)(b) |
| Processing payments and invoicing | Performance of a contract | Art. 6(1)(b) |
| B2B outreach to prospective clients | Legitimate interest | Art. 6(1)(f) |
| Website analytics (anonymized) | Legitimate interest | Art. 6(1)(f) |
| Security monitoring and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Sending marketing communications to clients | Consent | Art. 6(1)(a) |
| Tax compliance and financial recordkeeping | Legal obligation | Art. 6(1)(c) |
We have conducted a Legitimate Interest Assessment (LIA) for our B2B outreach activities in accordance with Article 6(1)(f) of the GDPR and Recital 47. Our assessment concluded that:
If you believe our legitimate interest does not apply to your specific situation, you have the right to object at any time (see Section 7).
In accordance with Article 14 of the GDPR, we are transparent about the sources from which we obtain personal data, particularly when data is not collected directly from the data subject.
We use Apollo.io, a third-party business intelligence platform, to source professional contact information for our B2B outreach activities. Apollo.io aggregates publicly available business data from sources including:
The categories of data obtained from Apollo.io include: business email addresses, full names, job titles, company names, company size, industry classification, and professional social media profile URLs.
Apollo.io maintains its own GDPR compliance program. For more information, please refer to Apollo.io's Privacy Policy.
We collect data directly from you when you:
We automatically collect limited technical data when you visit our website through server logs and essential cookies (see Section 9).
Under the GDPR, you have the following rights regarding your personal data. You may exercise any of these rights free of charge by contacting us at team@reviewsignal.ai.
You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of that data along with information about how it is processed, the purposes of processing, the categories of data concerned, and the recipients or categories of recipients.
You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data without undue delay.
You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, when you object to processing and there are no overriding legitimate grounds, or when the data has been unlawfully processed. We will comply with erasure requests within 30 days unless a legal obligation requires us to retain the data.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV), and to transmit that data to another controller without hindrance.
You have the right to request the restriction of processing where you contest the accuracy of the data, where the processing is unlawful, where we no longer need the data but you require it for legal claims, or where you have objected to processing pending verification.
You have the right to object to the processing of your personal data at any time when processing is based on legitimate interests, including for direct marketing purposes. Upon receiving your objection, we will cease processing your data for those purposes unless we demonstrate compelling legitimate grounds that override your interests.
Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates the GDPR. See Section 8 for supervisory authority details.
How to exercise your rights: Send an email to team@reviewsignal.ai with the subject line "Data Subject Request" and specify which right(s) you wish to exercise. We will respond within 30 days. To verify your identity, we may request additional information. If your request is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee or refuse to act on the request, in accordance with Article 12(5) of the GDPR.
ReviewSignal is committed to full compliance with the General Data Protection Regulation (GDPR) and all applicable German data protection laws. Below we describe the technical and organizational measures we have implemented to safeguard your personal data.
For all questions and requests relating to data protection and privacy, please contact our data protection team:
Data Protection Contact
ReviewSignal - Data Protection
Güntherstraße 19, 60528 Frankfurt am Main, Germany
Email: team@reviewsignal.ai
Subject line: "Data Protection Inquiry"
As a Hessen-based entity, our competent supervisory authority is:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
(The Hessian Commissioner for Data Protection and Freedom of Information)
Gustav-Stresemann-Ring 1
65189 Wiesbaden, Germany
Phone: +49 611 1408-0
Email: poststelle@datenschutz.hessen.de
Website: https://datenschutz.hessen.de
You have the right to lodge a complaint with the Hessische Beauftragte für Datenschutz und Informationsfreiheit or any other EU supervisory authority if you believe your data protection rights have been violated.
In compliance with Article 30 of the GDPR, we maintain comprehensive records of all processing activities, including the purposes of processing, categories of data subjects and personal data, categories of recipients, data transfers, retention periods, and technical and organizational security measures.
Where a type of processing is likely to result in a high risk to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) in accordance with Article 35 of the GDPR prior to commencing such processing.
ReviewSignal takes a privacy-first approach to cookies. We use only strictly essential cookies that are necessary for the technical operation of our website and services.
Essential cookies are required for core website functionality and cannot be disabled. These include:
| Cookie | Purpose | Duration |
|---|---|---|
| Session ID | Maintains your authenticated session | Session (expires on browser close) |
| CSRF Token | Prevents cross-site request forgery attacks | Session |
Because we only use strictly essential cookies, a cookie consent banner is not required under GDPR Article 5(3) of the ePrivacy Directive and the German TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz).
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. The specific retention periods are:
| Data Category | Retention Period | Rationale |
|---|---|---|
| B2B leads (prospective clients) | 24 months from collection | Legitimate interest in B2B sales; reviewed biannually |
| Client account data | Duration of contract + 6 months | Contract performance and post-termination inquiries |
| Billing and invoice data | 10 years | German tax law (AO §147, HGB §257) |
| API usage logs | 12 months | Service delivery, billing verification, and security |
| Consumer review data | Aggregated and anonymized | Not personal data after anonymization; used for analytics |
| Support communications | 24 months from resolution | Quality assurance and dispute resolution |
| Server logs (anonymized IPs) | 90 days | Security and debugging |
After the applicable retention period expires, personal data is securely deleted or irreversibly anonymized. You may request earlier deletion at any time by exercising your Right to Erasure (see Section 7.3).
ReviewSignal is committed to keeping your data within the European Union. Our infrastructure is designed to ensure that personal data does not leave the EU/EEA.
Data location: All personal data is stored and processed on servers located in Google Cloud Platform (GCP) region europe-west3 (Frankfurt, Germany). This ensures full compliance with GDPR data residency requirements and German data protection standards.
Specifically:
In the limited case where a third-party service provider processes data outside the EU/EEA (e.g., Stripe for payment processing), we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or the service provider's certification under an adequacy decision.
We believe in transparent and fair subscription management. Below is our complete cancellation and refund policy.
No questions asked. No hidden retention flows. No phone calls required.
Cancellation takes effect at the end of your current billing period. You will retain full access to all features and data until the end of the period you have already paid for.
We offer a 14-day free trial for eligible new accounts. If you cancel within the trial period, you will not be charged. No credit card is required to start a trial. If you do not cancel before the trial expires, your selected subscription plan will activate and billing will commence.
If you wish to reactivate your account within 30 days of cancellation, your data and settings may be restored upon request. After 30 days, you will need to create a new account.
We use a limited number of third-party service providers to operate our platform. Each provider is contractually bound to process data only on our instructions and in compliance with GDPR requirements (Article 28 - Data Processing Agreements).
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing and subscription billing | Name, email, payment method, billing address, transaction history | EU (Dublin) with SCCs for global operations |
| Google Cloud Platform | Infrastructure hosting (servers, databases, storage) | All platform data (hosted in europe-west3, Frankfurt) | EU (Frankfurt, Germany) |
| Cloudflare, Inc. | DNS management, DDoS protection, and CDN | IP addresses, HTTP request metadata (transient processing) | Global edge network with EU data processing |
| Apollo.io | B2B lead generation and contact enrichment | Professional contact data (name, title, email, company) | United States (SCCs in place) |
We regularly review our third-party providers to ensure ongoing compliance with GDPR and our data protection standards. We do not sell, rent, or trade personal data to any third party.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, legal requirements, or regulatory guidance. When we make material changes, we will:
We encourage you to review this Privacy Policy periodically. Your continued use of our services after any changes constitutes your acknowledgment of the updated policy. If you do not agree with the revised policy, you may discontinue use of our services and request deletion of your data.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing activities, please contact us:
ReviewSignal - Privacy & Data Protection
Operated by Szymon Daniel
Güntherstraße 19
60528 Frankfurt am Main, Germany
General inquiries: team@reviewsignal.ai
Data protection requests: team@reviewsignal.ai (subject: "Data Protection Inquiry")
Data subject access requests: team@reviewsignal.ai (subject: "Data Subject Request")
Opt-out of communications: team@reviewsignal.ai (subject: "Unsubscribe")
We aim to respond to all inquiries within 30 days in accordance with GDPR Article 12(3).