Privacy Policy

Last updated: July 5, 2026

This policy explains what personal data FitSignal processes, why, and the rights you have. It covers website visitors, FitSignal customers, and the people who respond to the surveys our customers send.

1. Who we are

FitSignal is operated by GroundForm Software LLC (“FitSignal”, “we”, “us”), a Wyoming limited liability company registered at 30 N Gould St, STE R, Sheridan, WY 82801, USA. FitSignal helps SaaS founders and product teams measure product-market fit (PMF) and Net Promoter Score (NPS) by surveying their own users through email campaigns, shareable survey links, and an embeddable in-app widget.

For privacy questions, or to exercise your rights, contact us at support@fitsignal.com.

2. Who this policy is for

We process personal data about three groups of people, and our role under data-protection law differs for each. A controller decides why and how data is used; a processor only acts on a controller’s instructions:

  • Website visitors — people who browse our marketing site. We are the controller.
  • Customers & account holders — people who sign up, run a workspace, and create projects and surveys. We are the controller for account, billing, support, and marketing data.
  • Survey respondents — the end-users of our customers: people invited by a customer to answer a PMF or NPS survey about that customer's product. Here the customer (the organization that sent you the survey) is the controller and decides why surveys run; FitSignal acts as a processor on the customer's behalf under our Data Processing Agreement at /dpa. If you received a survey, please direct privacy requests to the organization that sent it — we assist that organization in responding.

3. What we collect and why

Website visitors

  • Device and usage data (pages viewed, approximate region, product usage) via analytics — only after you accept non-essential cookies. See our Cookie Policy at /cookies.
  • Basic, cookieless web-performance analytics via our hosting provider (Vercel), which don't identify you and don't require consent.
  • If you reach us from one of our ads: the ad-click identifier and campaign parameters in the link, stored in a first-party cookie for up to 90 days and used only to measure which ads lead to a signup — and only after you accept non-essential cookies.
  • Anything you send us directly: your name, email, and message, used to respond to you.

Customers & account holders

  • Account data: name, email address, and organization name (via our authentication provider, Clerk).
  • Project and survey configuration: the projects you create, the personas and segments you define, and the surveys you set up.
  • Respondent data you supply to run surveys: the names, email addresses, and persona or segment attributes of your own users. You are responsible for having a lawful basis to provide these — see the customer responsibilities section of our Terms of Service at /terms.
  • Billing data: handled by Paddle, acting as our Merchant of Record. Paddle runs checkout, invoicing, and VAT/sales tax; it handles your payment details, and we receive transaction metadata, not full card numbers.
  • Support and communications: messages you send us and our replies.

Survey respondents

  • Survey answers: PMF and NPS ratings, multiple-choice answers, and any free-text feedback you choose to write.
  • Identity data the surveying organization supplied about you: typically your name, email address, and persona or segment attributes.
  • Response metadata collected with each response: device type, locale, and user agent. This helps the organization understand response context and helps us prevent abuse.
  • Survey invitations and reminders are transactional emails we send on the surveying organization's behalf (from send.fitsignal.com) as part of running its survey — they are not FitSignal marketing, and responding never signs you up to hear from us.

4. Lawful bases (GDPR)

  • Providing the service to customers — performance of a contract.
  • Survey respondent processing — the customer (the organization that sent the survey) sets the lawful basis, typically its legitimate interests in understanding and improving its own product, or consent where the customer chooses to rely on it.
  • Website analytics, advertising, and other non-essential cookies — your consent.
  • Security, fraud/abuse prevention, and product improvement — our legitimate interests.
  • Legal and tax obligations — compliance with law.

Where we rely on your consent (for example, non-essential cookies), you can withdraw it at any time; withdrawing consent doesn't affect any processing we already carried out.

5. Survey responses and your identity

FitSignal surveys are not anonymous. Responses are linked to the identity the surveying organization supplied about you — typically your name, email address, and persona or segment attributes — so the organization can see who said what and follow up with you.

  • Email surveys use a tokenized personal link that is unique to you; answering through it associates your response with your record in the organization’s workspace.
  • Responses collected through the embeddable in-app widget may include an end-user identifier that the organization passes to the widget from its own application.
  • With each response we also store response metadata: device type, locale, and user agent.

The survey pages themselves and the embeddable widget load no analytics or advertising scripts and set no advertising cookies — the only data collected there is your survey response and its metadata.

If you have questions about how your responses will be used, ask the organization that sent you the survey — it controls that data and decides how it is used. We assist that organization in responding to your requests.

6. AI processing

Our AI Improvement Analysis feature is run by a customer on the survey responses in its own workspace. It uses Anthropic's Claude models via Anthropic's commercial API: a fast model performs per-response sentiment analysis and competitor extraction, and a larger model clusters improvement themes from free-text answers.

Before any survey text is sent to Anthropic, an automated redaction pass removes email addresses, phone numbers, and URLs from it (keeping only a URL's domain, so mentions of competing products remain useful). Content-hashing ensures unchanged text is never re-processed. Anthropic does not use API inputs or outputs to train its models. The analysis results are stored with the customer's workspace. The providers we use are listed on our Subprocessors page at /subprocessors.

AI analysis summarises sentiment and themes for a human to read. It does not make automated decisions that produce legal or similarly significant effects about anyone.

7. Cookies & analytics

We use strictly-necessary cookies (for example, for authentication) and, only with your consent, non-essential analytics and advertising. Your choice is recorded in a single first-party cookie, fs_consent (granted or denied, kept for one year), and you can change it at any time via the “Cookie settings” button in the footer. PostHog product analytics and Ahrefs marketing-site analytics load only after you accept. Our planned Google tag (Google Analytics 4 and Google Ads) uses Consent Mode v2 and runs cookieless while consent is denied. The fs_attribution ad-click cookie (90 days) is set only with consent. Vercel’s web analytics are cookieless and run without consent.

We use Sentry for error monitoring, which can capture a session replay when something goes wrong — recorded with all text and form inputs masked. Survey pages and the embeddable widget carry no analytics or advertising scripts at all. Full detail and controls are in our Cookie Policy at /cookies.

8. Sharing & international transfers

We share data only with the subprocessors that help us run the service, each under a data processing agreement. We do not sell your personal data for money. Our providers are:

  • Vercel — application hosting, edge delivery, and cookieless web analytics (US/global)
  • Clerk — authentication and account management (US)
  • Neon — primary Postgres database (US)
  • Upstash — Redis rate-limiting and cache (US)
  • Resend — transactional and survey email, sent from send.fitsignal.com (US)
  • Trigger.dev — background jobs: survey sends, AI analysis, exports, scheduled cleanup (US)
  • PostHog — product analytics, consent-gated (US/EU)
  • Ahrefs — marketing-site analytics, consent-gated and cookieless (Singapore)
  • Google — Google Ads and Google Analytics 4, consent-gated, planned (US)
  • Sentry — error monitoring and session replay with all text masked (US/EU)
  • Anthropic — AI analysis of PII-redacted survey text (US)
  • Paddle — Merchant of Record billing (UK/US)
  • Cloudflare — R2 object storage for exports and uploaded assets, accessed via time-limited presigned URLs (US/global)

The full list, with purposes, the data each provider may process, and locations, is on our Subprocessors page at /subprocessors. With your consent, our planned Google advertising and analytics tags would measure traffic and ad performance; depending on configuration this can involve “sharing” online identifiers for cross-context behavioural advertising as defined under some US state laws. These run only if you opt in, and you can withdraw consent at any time via the “Cookie settings” button in the footer.

We never pool one customer's data with another's. Your workspace's respondents, responses, and analysis results are isolated to your organization; we do not combine them across customers, sell them, or use them to build any cross-customer dataset or benchmark, and we do not use survey content to train AI models.

Survey responses, respondent contact details, and other workspace data are stored in a single Neon Postgres region in the United States. Where personal data of people in the EEA, UK, or Switzerland is transferred to the US or another third country, we rely on appropriate safeguards such as the EU Standard Contractual Clauses — with the UK Addendum for UK data — or an adequacy decision where one applies.

9. How long we keep data

DataHow long we keep it
Survey responses & respondent dataRetained while the customer's account is active, or until the customer deletes them from its workspace.
Account & workspace dataDeleted within 30 days of a verified account-closure request.
Generated export files (CSV, JSON, Excel)Automatically deleted from storage 7 days after generation; download links expire on the same schedule.
AI analysis resultsStored with the workspace and deleted with it.
Billing & tax recordsRetained by Paddle, our Merchant of Record, for as long as required by law.
BackupsShort-lived encrypted infrastructure backups, deleted on a rolling basis.

10. Your rights

Depending on where you live, you have rights over your personal data. These can include the right to access a copy of it, to correct it, to delete it, to receive it in a portable form, to restrict or object to certain processing, and — where we rely on consent — to withdraw that consent. In the EU/UK you can also complain to your local data-protection supervisory authority.

To make a request, email support@fitsignal.com and tell us what you'd like to do. We may need to confirm your identity first — usually by checking you control the email address on the account — so that we only disclose data to the right person. We'll acknowledge your request within a few days and aim to respond within one month; for complex requests we may extend this by up to two further months and will tell you why. There's no charge unless a request is clearly unfounded or excessive.

If you are a survey respondent, the organization that sent you the survey is the controller of your respondent data and responses, so please direct your request to it — if you contact us instead, we'll route your request to that organization and help it respond. The organization can correct or delete your contact record and can delete your individual responses from its workspace. We won't discriminate against you for exercising your rights.

11. US state privacy rights

If you're a resident of California or another US state with a privacy law, you have rights to know and access the personal information we hold about you (and the categories we collect, use, and disclose), to correct it, and to delete it, subject to legal exceptions.

We do not sell your personal information for money. With your consent, our planned Google advertising and analytics tags could count as “sharing” personal information (such as online identifiers) for cross-context behavioural advertising under California and similar US state laws. They are off by default and run only if you opt in, so you can exercise your right to opt out at any time by declining — or withdrawing consent — through our cookie banner and the “Cookie settings” button in the footer (see our Cookie Policy at /cookies). Under California’s “Shine the Light” law, we do not disclose personal information to third parties for their own direct marketing.

We will not discriminate against you for exercising these rights — your price and service stay the same. You may use an authorized agent to make a request for you; we'll ask for proof of their authority and may still verify your identity directly. Where a request concerns survey respondent data, the organization that sent the survey is the business/controller and we'll route or assist as described above. To exercise any of these rights, contact support@fitsignal.com.

12. Security

We use encryption in transit and at rest (via our managed database provider), strict per-organization data isolation (every workspace record is scoped to its organization), rate-limiting and abuse protection, restricted access to production data, time-limited presigned URLs for export downloads, and error monitoring with all text and inputs masked. No system is perfectly secure, but security is designed in from the schema up.

If a personal-data breach affecting your information occurs, we'll act promptly to contain and assess it, and notify the people and authorities we're legally required to, without undue delay. For survey respondent data — where our customer is the controller — we notify the customer so it can meet its own obligations (see our Data Processing Agreement at /dpa).

13. Children

FitSignal is a business tool intended for adults and is not directed to children. We do not knowingly collect data from anyone under 16.

14. Changes & contact

We may update this policy as the product and the law evolve; we'll change the “last updated” date and, for material changes, give notice. Questions or requests: support@fitsignal.com, GroundForm Software LLC, 30 N Gould St, STE R, Sheridan, WY 82801, USA.


Related: Terms of Service · Cookie Policy · DPA · Subprocessors · Acceptable Use · Refund Policy