Signalbox

Privacy Policy

Effective date: 28 June 2025

Who we are

Signalbox is a relationship CRM built for professionals who care about their network. This policy covers both the Signalbox CRM web application (signalboxcrm.com) and the Signalbox Feed Chrome extension.

For the purposes of data protection law, the data controller is Signalbox (signalboxcrm.com). To contact us about privacy, email hello@signalboxcrm.com.


Signalbox CRM — what we collect and why

Account and profile data

When you create an account we collect your email address and, optionally, your first name. This is used to authenticate you and personalise your experience. Legal basis: contract performance.

Contact records

You choose what contact information to store — names, emails, phone numbers, LinkedIn URLs, company details, notes, and interaction history. This data is stored securely in your organisation's workspace and is not shared with third parties or used for any purpose other than providing the service to you. Legal basis: contract performance.

Usage data

We collect basic usage telemetry (page views, feature interactions) to understand how the product is used and improve it. This data is aggregated and not linked to identifiable individuals beyond your user session. Legal basis: legitimate interest.

API keys

If you generate an API key, it is stored as a one-way hash (SHA-256). We cannot recover or display your key once issued. You can revoke keys from your account settings at any time.


Signalbox Feed Chrome extension — what it collects and why

The Signalbox Feed extension runs on LinkedIn pages. Here is a complete account of what it does and does not do with your data.

API key (stored locally)

When you activate the extension you provide your Signalbox API key. This key is stored in your browser's local extension storage (chrome.storage.local) on your device only. It is sent to signalboxcrm.com solely to verify that the key is valid. It is never logged, shared, or transmitted anywhere else.

LinkedIn profile identifiers (stored locally)

When you add a LinkedIn profile to a feed list, the extension stores that person's display name and their LinkedIn member ID on your device in local extension storage. This data never leaves your browser — it is not transmitted to Signalbox servers or any third party.

What the extension does not do

  • Does not read, store, or transmit your LinkedIn messages, connections, or feed content
  • Does not track your browsing history or activity outside of LinkedIn
  • Does not use cookies or any cross-site tracking
  • Does not sell, share, or transmit any LinkedIn data to Signalbox servers
  • Does not access any data beyond what is needed to identify a profile for your personal feed list

Permissions used

  • storage — to save your feed lists and API key locally on your device
  • scripting — to extract LinkedIn member IDs from profile pages you visit
  • tabs — to detect when you are viewing a LinkedIn profile page
  • linkedin.com — to inject the sidebar panel and read profile identifiers
  • signalboxcrm.com — to validate your API key on activation

Data storage and security

Signalbox CRM data is stored in Supabase, a managed cloud database provider, on infrastructure hosted in the EU. Data is encrypted at rest and in transit. Access is restricted to authenticated users within your organisation via row-level security policies.

Extension data is stored entirely on your local device using Chrome's built-in extension storage API. Signalbox has no access to your local extension data.


Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to access, correct, or delete your personal data at any time. You can export all your contact data from the Settings page. To request deletion of your account and all associated data, email hello@signalboxcrm.com. We will respond within 30 days.

For the Chrome extension, all locally stored data (feed lists and API key) can be cleared at any time by removing the extension from Chrome, or by using Chrome's extension storage inspector in Developer Tools.


Third-party services

Signalbox uses the following third-party services to operate:

  • Supabase — database and authentication
  • Vercel — web hosting and deployment

Each service operates under its own privacy policy and data processing agreement. We do not sell your data to any third party.


Changes to this policy

If we make material changes to this policy we will update the effective date above and, where appropriate, notify you by email. Continued use of Signalbox after changes take effect constitutes acceptance of the updated policy.


Contact

Questions or concerns about this policy? Email us at hello@signalboxcrm.com.