Last updated: July 5, 2026
This policy explains what personal data FitSignal processes, why, and the rights you have. It covers website visitors, FitSignal customers, and the people who respond to the surveys our customers send.
FitSignal is operated by GroundForm Software LLC (“FitSignal”, “we”, “us”), a Wyoming limited liability company registered at 30 N Gould St, STE R, Sheridan, WY 82801, USA. FitSignal helps SaaS founders and product teams measure product-market fit (PMF) and Net Promoter Score (NPS) by surveying their own users through email campaigns, shareable survey links, and an embeddable in-app widget.
For privacy questions, or to exercise your rights, contact us at support@fitsignal.com.
We process personal data about three groups of people, and our role under data-protection law differs for each. A controller decides why and how data is used; a processor only acts on a controller’s instructions:
Where we rely on your consent (for example, non-essential cookies), you can withdraw it at any time; withdrawing consent doesn't affect any processing we already carried out.
FitSignal surveys are not anonymous. Responses are linked to the identity the surveying organization supplied about you — typically your name, email address, and persona or segment attributes — so the organization can see who said what and follow up with you.
The survey pages themselves and the embeddable widget load no analytics or advertising scripts and set no advertising cookies — the only data collected there is your survey response and its metadata.
If you have questions about how your responses will be used, ask the organization that sent you the survey — it controls that data and decides how it is used. We assist that organization in responding to your requests.
Our AI Improvement Analysis feature is run by a customer on the survey responses in its own workspace. It uses Anthropic's Claude models via Anthropic's commercial API: a fast model performs per-response sentiment analysis and competitor extraction, and a larger model clusters improvement themes from free-text answers.
Before any survey text is sent to Anthropic, an automated redaction pass removes email addresses, phone numbers, and URLs from it (keeping only a URL's domain, so mentions of competing products remain useful). Content-hashing ensures unchanged text is never re-processed. Anthropic does not use API inputs or outputs to train its models. The analysis results are stored with the customer's workspace. The providers we use are listed on our Subprocessors page at /subprocessors.
AI analysis summarises sentiment and themes for a human to read. It does not make automated decisions that produce legal or similarly significant effects about anyone.
We use strictly-necessary cookies (for example, for authentication) and, only with your consent, non-essential analytics and advertising. Your choice is recorded in a single first-party cookie, fs_consent (granted or denied, kept for one year), and you can change it at any time via the “Cookie settings” button in the footer. PostHog product analytics and Ahrefs marketing-site analytics load only after you accept. Our planned Google tag (Google Analytics 4 and Google Ads) uses Consent Mode v2 and runs cookieless while consent is denied. The fs_attribution ad-click cookie (90 days) is set only with consent. Vercel’s web analytics are cookieless and run without consent.
We use Sentry for error monitoring, which can capture a session replay when something goes wrong — recorded with all text and form inputs masked. Survey pages and the embeddable widget carry no analytics or advertising scripts at all. Full detail and controls are in our Cookie Policy at /cookies.
We share data only with the subprocessors that help us run the service, each under a data processing agreement. We do not sell your personal data for money. Our providers are:
The full list, with purposes, the data each provider may process, and locations, is on our Subprocessors page at /subprocessors. With your consent, our planned Google advertising and analytics tags would measure traffic and ad performance; depending on configuration this can involve “sharing” online identifiers for cross-context behavioural advertising as defined under some US state laws. These run only if you opt in, and you can withdraw consent at any time via the “Cookie settings” button in the footer.
We never pool one customer's data with another's. Your workspace's respondents, responses, and analysis results are isolated to your organization; we do not combine them across customers, sell them, or use them to build any cross-customer dataset or benchmark, and we do not use survey content to train AI models.
Survey responses, respondent contact details, and other workspace data are stored in a single Neon Postgres region in the United States. Where personal data of people in the EEA, UK, or Switzerland is transferred to the US or another third country, we rely on appropriate safeguards such as the EU Standard Contractual Clauses — with the UK Addendum for UK data — or an adequacy decision where one applies.
| Data | How long we keep it |
|---|---|
| Survey responses & respondent data | Retained while the customer's account is active, or until the customer deletes them from its workspace. |
| Account & workspace data | Deleted within 30 days of a verified account-closure request. |
| Generated export files (CSV, JSON, Excel) | Automatically deleted from storage 7 days after generation; download links expire on the same schedule. |
| AI analysis results | Stored with the workspace and deleted with it. |
| Billing & tax records | Retained by Paddle, our Merchant of Record, for as long as required by law. |
| Backups | Short-lived encrypted infrastructure backups, deleted on a rolling basis. |
Depending on where you live, you have rights over your personal data. These can include the right to access a copy of it, to correct it, to delete it, to receive it in a portable form, to restrict or object to certain processing, and — where we rely on consent — to withdraw that consent. In the EU/UK you can also complain to your local data-protection supervisory authority.
To make a request, email support@fitsignal.com and tell us what you'd like to do. We may need to confirm your identity first — usually by checking you control the email address on the account — so that we only disclose data to the right person. We'll acknowledge your request within a few days and aim to respond within one month; for complex requests we may extend this by up to two further months and will tell you why. There's no charge unless a request is clearly unfounded or excessive.
If you are a survey respondent, the organization that sent you the survey is the controller of your respondent data and responses, so please direct your request to it — if you contact us instead, we'll route your request to that organization and help it respond. The organization can correct or delete your contact record and can delete your individual responses from its workspace. We won't discriminate against you for exercising your rights.
If you're a resident of California or another US state with a privacy law, you have rights to know and access the personal information we hold about you (and the categories we collect, use, and disclose), to correct it, and to delete it, subject to legal exceptions.
We do not sell your personal information for money. With your consent, our planned Google advertising and analytics tags could count as “sharing” personal information (such as online identifiers) for cross-context behavioural advertising under California and similar US state laws. They are off by default and run only if you opt in, so you can exercise your right to opt out at any time by declining — or withdrawing consent — through our cookie banner and the “Cookie settings” button in the footer (see our Cookie Policy at /cookies). Under California’s “Shine the Light” law, we do not disclose personal information to third parties for their own direct marketing.
We will not discriminate against you for exercising these rights — your price and service stay the same. You may use an authorized agent to make a request for you; we'll ask for proof of their authority and may still verify your identity directly. Where a request concerns survey respondent data, the organization that sent the survey is the business/controller and we'll route or assist as described above. To exercise any of these rights, contact support@fitsignal.com.
We use encryption in transit and at rest (via our managed database provider), strict per-organization data isolation (every workspace record is scoped to its organization), rate-limiting and abuse protection, restricted access to production data, time-limited presigned URLs for export downloads, and error monitoring with all text and inputs masked. No system is perfectly secure, but security is designed in from the schema up.
If a personal-data breach affecting your information occurs, we'll act promptly to contain and assess it, and notify the people and authorities we're legally required to, without undue delay. For survey respondent data — where our customer is the controller — we notify the customer so it can meet its own obligations (see our Data Processing Agreement at /dpa).
FitSignal is a business tool intended for adults and is not directed to children. We do not knowingly collect data from anyone under 16.
We may update this policy as the product and the law evolve; we'll change the “last updated” date and, for material changes, give notice. Questions or requests: support@fitsignal.com, GroundForm Software LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA.
Related: Terms of Service · Cookie Policy · DPA · Subprocessors · Acceptable Use · Refund Policy