Effective date: 28 June 2025
Signalbox is a relationship CRM built for professionals who care about their network. This policy covers both the Signalbox CRM web application (signalboxcrm.com) and the Signalbox Feed Chrome extension.
For the purposes of data protection law, the data controller is Signalbox (signalboxcrm.com). To contact us about privacy, email hello@signalboxcrm.com.
When you create an account we collect your email address and, optionally, your first name. This is used to authenticate you and personalise your experience. Legal basis: contract performance.
You choose what contact information to store — names, emails, phone numbers, LinkedIn URLs, company details, notes, and interaction history. This data is stored securely in your organisation's workspace and is not shared with third parties or used for any purpose other than providing the service to you. Legal basis: contract performance.
We collect basic usage telemetry (page views, feature interactions) to understand how the product is used and improve it. This data is aggregated and not linked to identifiable individuals beyond your user session. Legal basis: legitimate interest.
If you generate an API key, it is stored as a one-way hash (SHA-256). We cannot recover or display your key once issued. You can revoke keys from your account settings at any time.
The Signalbox Feed extension runs on LinkedIn pages. Here is a complete account of what it does and does not do with your data.
When you activate the extension you provide your Signalbox API key. This key is stored in your browser's local extension storage (chrome.storage.local) on your device only. It is sent to signalboxcrm.com solely to verify that the key is valid. It is never logged, shared, or transmitted anywhere else.
When you add a LinkedIn profile to a feed list, the extension stores that person's display name and their LinkedIn member ID on your device in local extension storage. This data never leaves your browser — it is not transmitted to Signalbox servers or any third party.
storage — to save your feed lists and API key locally on your devicescripting — to extract LinkedIn member IDs from profile pages you visittabs — to detect when you are viewing a LinkedIn profile pagelinkedin.com — to inject the sidebar panel and read profile identifierssignalboxcrm.com — to validate your API key on activationSignalbox CRM data is stored in Supabase, a managed cloud database provider, on infrastructure hosted in the EU. Data is encrypted at rest and in transit. Access is restricted to authenticated users within your organisation via row-level security policies.
Extension data is stored entirely on your local device using Chrome's built-in extension storage API. Signalbox has no access to your local extension data.
Under UK GDPR and the Data Protection Act 2018, you have the right to access, correct, or delete your personal data at any time. You can export all your contact data from the Settings page. To request deletion of your account and all associated data, email hello@signalboxcrm.com. We will respond within 30 days.
For the Chrome extension, all locally stored data (feed lists and API key) can be cleared at any time by removing the extension from Chrome, or by using Chrome's extension storage inspector in Developer Tools.
Signalbox uses the following third-party services to operate:
Each service operates under its own privacy policy and data processing agreement. We do not sell your data to any third party.
If we make material changes to this policy we will update the effective date above and, where appropriate, notify you by email. Continued use of Signalbox after changes take effect constitutes acceptance of the updated policy.
Questions or concerns about this policy? Email us at hello@signalboxcrm.com.