Last updated: 8.12.2025
1. Introduction
This Privacy Policy explains how Signal Beam ("we," "us," or "our"), operated by JP Peters, based in Berlin, Germany, collects, uses, stores, and protects personal data when you use our service.
Signal Beam is a SaaS application that connects Webflow websites to the TikTok Events API, enabling server-side event tracking, deduplication, and improved ad attribution.
This policy applies to:
- Customers: Individuals or businesses who create a Signal Beam account and use our service
- End-Users: Visitors to websites operated by our Customers where Signal Beam tracking is installed
By using Signal Beam, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our service.
2. Data Controller
The data controller for Signal Beam is:
JP Peters Berlin, Germany Email: admin@signalbeam.co
For any privacy-related questions or requests, please contact us at admin@signalbeam.co.
3. Information We Collect
3.1 Customer Account Data
When you create a Signal Beam account, we collect:
- Email address
- Name (if provided)
- Webflow account information (via OAuth)
- Webflow site identifiers and access tokens
3.2 Billing Data
We use Paddle as our payment processor. Paddle collects and processes:
- Payment method details
- Billing address
- Transaction history
We do not store your full payment card details. Paddle acts as the Merchant of Record and handles billing data in accordance with their own privacy policy.
3.3 End-User Event Data
When Customers install Signal Beam on their websites, we collect data about their website visitors, including:
- Behavioral data: Page views, button clicks, form submissions, scroll depth, time on site, video engagement
- Technical data: IP address, browser type, device type, operating system, referrer URL
- User identifiers: TikTok Click ID (ttclid), external IDs, cookies
3.4 Form Submission Data
When Customers configure form tracking, we may process:
- Email addresses
- Phone numbers
- Custom form field values mapped by the Customer
Important: All personally identifiable information (PII) such as emails and phone numbers are normalized and hashed using SHA-256 on our servers before being transmitted to TikTok. We do not store unhashed PII from form submissions.
3.5 Usage Data
We collect data about how Customers use the Signal Beam dashboard, including:
- Feature usage
- Login activity
- Configuration changes
4. How We Use Your Data
We use the collected data for the following purposes:
- Service Delivery: To provide, maintain, and improve Signal Beam functionality
- Event Tracking: To process and forward events to the TikTok Events API on behalf of Customers
- Lead Scoring: To calculate engagement scores for website visitors
- Analytics: To display dashboards, reports, and conversion funnels to Customers
- Billing: To process payments and manage subscriptions via Paddle
- Support: To respond to Customer inquiries and provide technical assistance
- Security: To detect, prevent, and address fraud, abuse, or security issues
- Legal Compliance: To comply with applicable laws and regulations
5. Legal Basis for Processing (GDPR)
For individuals in the European Economic Area (EEA), we process personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our service to Customers
- Legitimate Interests: Analytics, security, and service improvement, where these interests are not overridden by your rights
- Consent: Where you have given explicit consent (e.g., for marketing cookies)
- Legal Obligation: Where processing is required by law
6. Cookies and Tracking Technologies
Signal Beam uses cookies and similar technologies on our website and dashboard:
6.1 Essential Cookies
Required for authentication, security, and core functionality. These cannot be disabled.
6.2 Analytics Cookies
We use the following analytics tools to understand how users interact with our service:
- PostHog: Product analytics and user behavior
- Google Analytics: Website traffic and usage patterns
- Sentry: Error monitoring and performance tracking
6.3 Marketing Cookies
We use advertising pixels to measure and optimize our marketing campaigns:
- TikTok Pixel
- Meta (Facebook) Pixel
- Google Ads Pixel
You can manage cookie preferences through your browser settings or by using our cookie consent controls where available.
7. Third-Party Services and Subprocessors
We share data with the following third-party service providers:
ProviderPurposeLocationSupabaseDatabase and authenticationEU / USRailwayApplication hostingEU / USPaddlePayment processing (Merchant of Record)UK / USWebflowPlatform integration (OAuth)USTikTokEvents API (on Customer's behalf)US / GlobalPostHogProduct analyticsEU / USGoogle AnalyticsWebsite analyticsUSSentryError monitoringUSMetaMarketing pixelsUSGoogle AdsMarketing pixelsUS
These providers are contractually obligated to protect your data and only process it as instructed.
8. International Data Transfers
Signal Beam is operated from Germany, but our servers and third-party providers are located in both the European Union and the United States.
When transferring personal data outside the EEA, we rely on:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Privacy Framework certification (where applicable)
9. Data Retention
We retain data for the following periods:
- Event and Visitor Data: Configurable by Customers, with a default retention period of 365 days, after which data is automatically deleted
- Customer Account Data: Retained for the duration of your account and for up to 3 years after termination for legal and audit purposes
- Billing Records: Retained as required by tax and accounting laws (typically 7-10 years)
- Security Logs: Retained for up to 12 months
Customers may configure shorter retention periods for event data through their dashboard settings.
10. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- HTTPS/TLS encryption for all data in transit
- Encryption at rest for stored data
- Hashed passwords using industry-standard algorithms
- SHA-256 hashing of PII before transmission to third parties
- Access controls and authentication for all systems
- Regular security reviews
While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Your Rights
11.1 Rights Under GDPR (EEA Residents)
If you are located in the EEA, you have the following rights:
- Access: Request a copy of the personal data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Request that we limit how we process your data
- Portability: Request your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
11.2 Rights Under CCPA (California Residents)
If you are a California resident, you have the following rights:
- Right to Know: Request information about the categories and specific pieces of personal data we have collected
- Right to Delete: Request deletion of your personal data
- Right to Opt-Out: Opt out of the "sale" of personal data
We do not sell personal data as defined under the CCPA.
- Non-Discrimination: We will not discriminate against you for exercising your privacy rights
11.3 Exercising Your Rights
To exercise any of these rights, please contact us at:
Email: admin@signalbeam.co
We will respond to your request within 30 days. We may need to verify your identity before processing your request.
12. Customer Responsibilities
If you are a Signal Beam Customer, you acknowledge that:
- You are responsible for obtaining all necessary consents from your website visitors before enabling tracking (e.g., cookie consent banners)
- You are the data controller for End-User data collected through your website
- Signal Beam acts as a data processor on your behalf for End-User data
- You must not use Signal Beam to collect sensitive data (health, financial, children's data) in violation of applicable laws or TikTok's policies
- You must configure Signal Beam's compliance tools (Consent Mode, Do Not Sell options) appropriately for your jurisdiction
Signal Beam provides tools to assist with compliance but does not guarantee legal compliance. Customers are responsible for ensuring their use of the service complies with applicable laws.
13. End-User Data and Customer Websites
When you visit a website that uses Signal Beam:
- The website operator (our Customer) is the data controller for your data
- Signal Beam processes your data on behalf of the website operator
- For questions about how a specific website uses your data, please refer to that website's privacy policy
- Data may be shared with TikTok for advertising attribution purposes
14. Children's Privacy
Signal Beam is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children under 18.
If you believe we have inadvertently collected data from a child under 18, please contact us at admin@signalbeam.co, and we will promptly delete the information.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the updated policy on our website
- Notify Customers via email or in-app notification
Your continued use of Signal Beam after changes are posted constitutes acceptance of the updated Privacy Policy.
16. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
JP Peters Berlin, Germany Email: admin@signalbeam.co
