Privacy Policy

Last Updated: December 2024

This Privacy Policy describes how PeopleSignals ("we", "our", or "us") collects, uses, and shares information when you use our HR early warning services and website.

At PeopleSignals, we believe in "signals, not surveillance." This policy explains how we uphold that philosophy while providing valuable insights to HR teams.

1. Introduction

PeopleSignals provides HR early warning services that help companies identify team-level risks related to attrition, burnout, and engagement. Our "signals, not surveillance" philosophy means we focus on aggregated team metrics rather than individual employee monitoring.

This Privacy Policy applies to:

  • Our website (getpeoplesignals.com)
  • Our SaaS platform and services
  • All data processing activities related to our services

2. Information We Collect

2.1 Information from HR Systems

When you connect your HR systems to PeopleSignals, we collect:

  • Employee identifiers (anonymized for processing)
  • Employment dates and tenure information
  • Department and team structure
  • Manager relationships
  • Time-off records and patterns
  • Role changes and promotions

2.2 Calendar Metadata

If you choose to connect Google Calendar or Outlook, we collect:

  • Meeting counts and durations
  • Schedule patterns and density
  • Presence of 1-on-1 meetings (without participant information)

We do NOT access:

  • Meeting titles, descriptions, or content
  • Attendee names or email addresses
  • Invitation content or attachments

2.3 Survey Responses

Through our built-in pulse surveys, we collect:

  • Aggregated survey responses
  • eNPS (Employee Net Promoter Score) data
  • Response rates and participation patterns

All survey data is:

  • Anonymized when fewer than 5 responses exist
  • Aggregated at team level (minimum 5 people)
  • Never linked to individual identities in reports

2.4 Website Usage

When you visit our website, we collect:

  • Pages visited and navigation patterns
  • Referrer information
  • Browser type and device information
  • Contact form submissions

3. Information We Do NOT Collect

In line with our "signals, not surveillance" philosophy, we explicitly do NOT collect:

  • Message content from Slack, Teams, or email
  • Screen monitoring or keyboard tracking data
  • Personal salary information (unless explicitly permitted by company policy)
  • Medical or health records
  • Individual "loyalty scores" or "flight risk" predictions
  • Personal contact information from HR systems
  • Performance review content

4. How We Use Information

We use the collected information to:

  • Calculate team-level risk scores - Identify patterns indicating attrition, burnout, or engagement risks at the team level
  • Generate insights and recommendations - Provide actionable guidance to HR teams based on aggregated data
  • Improve our service - Analyze usage patterns to enhance product features and accuracy
  • Communicate with administrators - Send alerts, reports, and service notifications
  • Ensure security and compliance - Monitor for suspicious activity and maintain audit logs

5. Data Sharing

We do NOT sell personal data to third parties.

We may share data with:

  • Service providers - Cloud hosting (AWS/GCP), email delivery, analytics services. All providers are bound by data processing agreements.
  • Legal requirements - When required by law, court order, or to protect rights and safety
  • With your consent - When you explicitly authorize data sharing

6. Data Protection

We implement industry-standard security measures:

  • Encryption in transit - TLS 1.3 for all data transmission
  • Encryption at rest - AES-256 encryption for stored data
  • Multi-tenant isolation - Strict data separation between customers
  • Access controls - Role-based access with MFA required
  • Audit logging - Comprehensive logging of all data access
  • Regular security reviews - Continuous monitoring and vulnerability assessments

7. Data Retention

We retain data according to the following schedule:

  • Active subscription - Data retained while your subscription is active
  • Historical trends - Up to 2 years of historical data (configurable by your organization)
  • Account deletion - 30-day grace period for data export, then complete removal
  • Backups - Deleted from backups within 90 days after deletion request
  • Audit logs - Retained for 1 year for security and compliance purposes

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the following rights:

  • Right to access - Request a copy of your personal data
  • Right to rectification - Correct inaccurate or incomplete data
  • Right to erasure - Request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing - Limit how we use your data
  • Right to data portability - Receive your data in a structured, machine-readable format
  • Right to object - Object to certain types of processing
  • Right to withdraw consent - Withdraw consent at any time (where processing is based on consent)

To exercise any of these rights, contact us at privacy@getpeoplesignals.com

9. Your Choices

You have the following choices regarding your data:

  • Request data export - Download all data associated with your account
  • Request account deletion - Permanently delete your account and all associated data
  • Opt out of marketing - Unsubscribe from promotional emails (service emails will continue)
  • Exclusion from processing - Individual employees can request to be excluded from data processing

10. International Transfers

Your data may be processed in the European Union or United States, depending on your choice during onboarding. We do not transfer data across regions without your explicit consent.

For cross-border transfers, we use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate data protection.

11. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@getpeoplesignals.com

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via:

  • Email notification to account administrators
  • Prominent notice on our website
  • In-app notification

Your continued use of our services after changes are made constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy inquiries:
privacy@getpeoplesignals.com

General inquiries:
hello@getpeoplesignals.com

Data Protection Officer:
dpo@getpeoplesignals.com

We will respond to all requests within 30 days as required by GDPR.

This Privacy Policy was last reviewed on December 2024.
For questions or concerns, contact privacy@getpeoplesignals.com

← Back to Security