Security and Data Protection

Access Control

• Workspace data is available only to authenticated users associated with that workspace.
• Administrative access is restricted to approved internal accounts.
• Integration access is granted only after merchant authorization.
• Protected customer data is requested only when required for product functionality.

Integration Permissions

SignalOps requests integration permissions based on the feature being used. For Shopify, operational analysis may require order and product data. Customer-level action workflows may require customer email and marketing consent status so merchants can create consent-aware segments.

SignalOps does not need customer payment data, unnecessary addresses, or unrelated profile fields for revenue leak detection or merchant-approved retention workflows.

Merchant Approval for Customer Actions

SignalOps is designed so customer-facing actions are reviewed before execution. The product can draft a segment and an email, but merchants must approve exports, drafts, or campaign actions before they are used. SignalOps does not silently message customers.

Data Handling

• We limit collected data to what is needed for diagnostics, reporting, support, billing, and approved workflows.
• We separate operational diagnostics from customer action workflows where possible.
• We avoid storing unnecessary sensitive fields.
• We support integration disconnect flows and data retention controls.

Transport and Service Security

SignalOps is intended to be served over HTTPS in production. Transactional email is sent through a configured email provider, payments are handled by the configured payment provider, and platform logs are used to monitor reliability and security issues.

Reporting Security Issues

If you believe you have found a security issue in SignalOps, contact us with a clear description, reproduction steps, affected URLs, and the potential impact. We will review and respond as quickly as possible.