SignalSecureUSA
Legal

Privacy Policy

Last updated: January 1, 2026. This policy describes how SignalSecureUSA collects, uses, and protects your information.

Our Privacy Commitment

SignalSecureUSA is built on the principle that privacy is a fundamental right. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our secure messaging platform and related services.

We are committed to transparency about our data practices and have designed our systems with privacy-by-design principles. This means we collect only the minimum information necessary to provide our services and protect it with the highest security standards.

Information We Collect

Account Information: When you create an account, we collect your phone number or email address for verification purposes. We do not require or store your real name unless you choose to provide it.

Profile Information: You may optionally provide a profile name, profile picture, and status message. This information is encrypted and stored securely.

Contact Information: To facilitate secure communication, we may access your device's contact list (with your permission) to help you find other SignalSecureUSA users. Contact information is hashed and encrypted before transmission.

Usage Information: We collect minimal technical information necessary to provide our services, including device type, operating system version, and app version for compatibility and security purposes.

Message Content and Encryption

Zero-Knowledge Architecture: We cannot read your messages, view your files, or listen to your calls. All content is encrypted end-to-end using the Signal Protocol with AES-256 encryption.

Message Metadata: We collect minimal metadata necessary for message delivery, including sender and recipient identifiers, timestamps, and delivery confirmations. This metadata is encrypted and automatically deleted after 30 days.

Disappearing Messages: When you enable disappearing messages, content is automatically deleted from our servers and your devices according to your specified timeframe.

File Sharing: Shared files are encrypted before upload and automatically deleted from our servers after 30 days or when all recipients have downloaded them, whichever comes first.

How We Use Your Information

Service Provision: We use your information solely to provide, maintain, and improve our secure messaging services, including message delivery, account authentication, and technical support.

Security and Safety: We may use information to detect, prevent, and respond to fraud, abuse, security risks, and technical issues that could harm SignalSecureUSA, our users, or the public.

Legal Compliance: We may process information to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

Service Communications: We may send you service-related communications, including security alerts, account notifications, and important updates about our services.

Information Sharing and Disclosure

No Sale of Personal Information: We do not sell, rent, or trade your personal information to third parties for commercial purposes.

Service Providers: We may share limited information with trusted service providers who assist us in operating our platform, such as cloud infrastructure providers. These providers are contractually bound to protect your information.

Legal Requirements: We may disclose information if required by law, court order, or governmental request. We will notify affected users when legally permitted.

Business Transfers: In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the transaction, subject to the same privacy protections.

Data Storage and Security

US-Based Infrastructure: All data is stored on servers located within the United States and subject to U.S. privacy laws and regulations.

Encryption at Rest: All stored data is encrypted using AES-256 encryption with keys managed through secure key management systems.

Access Controls: We implement strict access controls and monitoring to ensure only authorized personnel can access systems, and all access is logged and audited.

Regular Security Audits: Our security practices are regularly reviewed by independent third-party security firms to ensure compliance with industry standards.

Your Privacy Rights

Access and Portability: You have the right to access your personal information and request a copy of your data in a portable format.

Correction and Updates: You can update or correct your account information at any time through your account settings.

Deletion: You may delete your account and associated data at any time. Upon deletion, your information is permanently removed from our systems within 30 days.

Opt-Out Rights: You can opt out of non-essential communications and certain data processing activities through your account settings.

HIPAA Compliance for Healthcare Users

Business Associate Agreements: Healthcare organizations using our Team or Enterprise plans can enter into Business Associate Agreements (BAAs) to ensure HIPAA compliance.

Protected Health Information: We implement additional safeguards for healthcare users, including enhanced audit logging, data retention controls, and breach notification procedures.

Access Controls: Healthcare organizations can implement role-based access controls and user authentication requirements to protect patient information.

Audit Trails: Comprehensive audit trails are maintained for all healthcare-related communications and file transfers.

Children's Privacy Protection

Age Restrictions: Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Parental Consent: Users between 13 and 18 years of age must have parental consent to use our services.

Educational Use: Schools and educational institutions using our services must comply with COPPA and FERPA requirements when applicable.

Reporting: If we become aware that we have collected information from a child under 13, we will take immediate steps to delete such information.

Data Retention and Deletion

Message Retention: Messages are stored only as long as necessary for delivery. Once delivered, messages are deleted from our servers unless backup features are enabled.

Account Information: Account information is retained for as long as your account is active. Upon account deletion, information is permanently removed within 30 days.

Legal Hold: In rare cases, we may be required to retain information longer due to legal obligations or ongoing investigations.

Automatic Deletion: We implement automatic deletion policies to ensure information is not retained longer than necessary.

International Data Transfers

US-Based Operations: All data processing and storage occurs within the United States to ensure compliance with U.S. privacy laws.

Cross-Border Communications: When you communicate with users in other countries, your encrypted messages may transit through international networks, but content remains encrypted.

Adequacy Decisions: We comply with applicable international data transfer requirements and adequacy decisions.

Safeguards: Additional safeguards are implemented for any international data processing activities.

Security Incident Response

Incident Detection: We maintain 24/7 security monitoring to detect and respond to potential security incidents.

Response Procedures: In the event of a security incident, we follow established procedures to contain, investigate, and remediate the issue.

User Notification: We will notify affected users of security incidents that may impact their personal information as required by law.

Regulatory Reporting: We comply with all applicable breach notification requirements and regulatory reporting obligations.

Updates to This Privacy Policy

Policy Changes: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification: We will notify users of material changes to this Privacy Policy through our services or other appropriate means.

Effective Date: Changes to this Privacy Policy will be effective immediately upon posting unless otherwise specified.

Continued Use: Your continued use of our services after changes are posted constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have questions about this Privacy Policy or our privacy practices, please contact us:

  • Email: [email protected]
  • Phone: +1-202-555-0147
  • Mail: SignalSecureUSA Privacy Office, Washington, D.C., United States

We are committed to addressing your privacy concerns and will respond to your inquiries within 30 days.