Privacy Policy

Last updated: 4 June 2026 · ICO registration: pending

1. Controller

Borrowsignal is the data controller for both (a) customer account data and (b) UK director / company data we deliver to customers.

2. What we collect about customers

• Email address (you provide on signup);
• Optional metadata: role, company, company size;
• Filter preferences: cities, SIC codes, delivery channel;
• IP address + user agent at signup and login (security);
• Payment data: handled by Dodo Payments — we never see your card.

3. What we collect about UK directors / companies (the data we sell)

• Company name + Companies House number + incorporation date;
• Registered office address (public registry);
• SIC codes + company status;
• Director names + officer roles (Companies House public officers data);
• Telephone numbers where publicly visible on Google Business Profile or company website;
• Outreach-hook text generated by AI from the above public data.

4. Legal basis

Customer data: contract (delivering the service you paid for) + legitimate interest (security, fraud prevention).

UK director / company data: legitimate interest under UK GDPR (Data (Use and Access) Act 2025) for B2B direct marketing facilitation. Our Legitimate Interest Assessment (LIA) is on file at hello@borrowsignal.com on request.

5. Who we share with (sub-processors)

• Dodo Payments (Estonia/EU) — billing;
• Resend (US, EU-US DPF certified) — email delivery;
• Fly.io (US/EU hosting) — application infrastructure (London region);
• Neon (US/EU) — database hosting;
• Cloudflare (US, with UK edge) — DNS, static asset delivery.

We never share data with marketing networks, analytics providers, or third-party data resellers.

6. Retention

• Customer account data: lifetime of subscription + 90 days post-cancellation;
• Audit logs: 7 years (UK accounting requirement);
• UK director / company data: leads delivered are retained 90 days, then purged from delivery history.

7. Your rights (UK GDPR)

• Access: download your data via the dashboard;
• Rectification: edit your account in the dashboard;
• Erasure: one-click delete in the dashboard (Account options → Delete);
• Objection (UK director / company subjects): email hello@borrowsignal.com with your company number — we add you to suppression within 24h.

8. Cookies

We use only essential cookies (session management). No tracking, no analytics, no advertising cookies. No cookie banner required under UK GDPR for essential cookies.

9. International transfers

Our service providers may process data outside the UK/EEA under the EU-US Data Privacy Framework or Standard Contractual Clauses with adequacy assessments.

10. Complaints

You can complain to the UK Information Commissioner's Office at ico.org.uk.

11. Contact

Data Protection contact: hello@borrowsignal.com