← Back to Signal

Privacy Policy

Last updated: 1 January 2026

1. Introduction

Signal by Verity Solutions ("Signal", "we", "us", or "our") is committed to protecting your personal data and respecting your privacy. Verity Solutions is a wholly owned subsidiary, and operating name of Benefits For Expats. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have in relation to that data.

This Policy applies to personal data processed in connection with the Signal platform, websites, applications, APIs, and related services (collectively, the "Services"). It is designed to be aligned with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and Australia's Privacy Act 1988, among other applicable data protection laws.

For the purposes of UK and EU data protection law, Verity Solutions acts as the data controller in respect of personal data we collect about visitors to our websites and account holders. Where we process personal data on behalf of business customers (for example, contact details of leads they upload), we act as a data processor and our customer is the data controller.

2. Categories of Data We Collect

2.1 Personal Data You Provide

  • Account data: name, email address, password (hashed), company name, job title, billing address, and tax information.
  • Communications: messages you send to us through support channels, sales enquiries, surveys, or feedback forms.
  • Customer Content: data you upload, import, or generate within the Services, including lead lists, business names, contact details, notes, and email content.

2.2 Technical Data

  • IP address, device identifiers, browser type and version, operating system, language preferences, and time zone settings;
  • Log data including access times, pages or features used, referring URLs, and error reports;
  • Authentication tokens, session identifiers, and security telemetry used to detect fraud or abuse.

2.3 Usage Data

  • Information about how you interact with the Services, such as features used, queries run, exports performed, and frequency and duration of sessions;
  • Aggregated and anonymised analytics derived from your usage patterns, used to improve the Services.

2.4 Payment Data

Payment information is processed by our payment service providers (such as Stripe). We do not store full card numbers on our systems; we only retain limited information such as the last four digits, card brand, expiry date, and a transaction reference.

3. Purposes of Processing

We process personal data for the following purposes:

  • To provide, operate, and maintain the Services and to authenticate users;
  • To process transactions, manage subscriptions, and send transactional communications such as receipts and service notices;
  • To provide customer support and respond to enquiries;
  • To monitor, secure, and improve the Services, including to detect and prevent fraud, abuse, and unauthorised access;
  • To analyse usage patterns and develop new features, functionality, and product improvements;
  • To send you marketing communications about Signal and related services, where you have consented or where we are otherwise lawfully permitted to do so;
  • To comply with legal, regulatory, tax, accounting, and reporting obligations; and
  • To establish, exercise, or defend legal claims.

4. Legal Bases for Processing

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

  • Contract: processing is necessary to perform our contract with you (for example, providing the Services and managing your account).
  • Legitimate interests: processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Examples include securing the Services, preventing fraud, improving features, and conducting limited business-to-business marketing.
  • Consent: where required by law (for example, certain cookies or electronic marketing), we process personal data based on your consent, which you may withdraw at any time without affecting prior lawful processing.
  • Legal obligation: processing is necessary to comply with a legal or regulatory obligation to which we are subject (for example, tax, accounting, or anti-money-laundering requirements).

5. Data Sharing

We do not sell your personal data. We share personal data only with the following categories of recipients and only to the extent necessary:

  • Service providers and processors: trusted vendors who provide hosting, infrastructure, analytics, email delivery, customer support, and payment processing on our behalf, under written agreements that require appropriate safeguards.
  • Affiliates: entities within the Verity Solutions and Benefits For Expats group that support the operation of the Services and act under consistent privacy and security standards.
  • Legal and regulatory disclosures: where we are required to disclose personal data to comply with a legal obligation, court order, or lawful request from a regulator or law enforcement authority, or to protect our rights, property, or safety, or those of our users or others.
  • Business transfers: in connection with a merger, acquisition, restructuring, financing, or sale of assets, in which case personal data may be transferred subject to standard confidentiality protections and continued application of this Policy.

6. International Data Transfers

Signal operates globally, and your personal data may be transferred to, stored in, or processed in countries other than your own, including the United Kingdom, the European Economic Area, Canada, the United States, and Australia.

Where we transfer personal data from the UK or EEA to a country that has not been recognised by the UK Government or European Commission as providing an adequate level of protection, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses, the UK International Data Transfer Agreement or Addendum, and supplementary technical and organisational measures where required.

You may request further information about the safeguards we use by contacting us at the address below.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, tax, accounting, or reporting requirements, and to establish, exercise, or defend legal claims.

In general:

  • Account data is retained for the duration of your account and for a reasonable period thereafter to handle post-termination matters;
  • Customer Content is retained while your subscription is active and deleted or returned in accordance with your instructions and applicable law upon termination;
  • Billing and tax records are retained for the period required by applicable financial and tax legislation;
  • Security and audit logs are retained for a limited period appropriate to detect and investigate incidents.

When personal data is no longer required, we will securely delete, anonymise, or aggregate it.

8. Security Measures

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, or disclosure. These measures include:

  • Encryption of data in transit using TLS and encryption of sensitive data at rest;
  • Role-based access controls, least-privilege provisioning, and authentication safeguards;
  • Network segmentation, firewalling, and continuous security monitoring;
  • Regular vulnerability scanning, dependency monitoring, and patch management;
  • Written confidentiality and data protection commitments from staff and processors;
  • Internal policies covering incident response, business continuity, and secure software development.

While we take security seriously, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Your Rights

Depending on your jurisdiction and the nature of the processing, you may have the following rights in relation to your personal data:

  • Access: the right to obtain confirmation of whether we process your personal data and a copy of that data;
  • Rectification: the right to have inaccurate or incomplete personal data corrected;
  • Erasure: the right to request deletion of your personal data in certain circumstances;
  • Restriction: the right to request restriction of processing in certain circumstances;
  • Objection: the right to object to processing based on our legitimate interests, and to object to direct marketing at any time;
  • Portability: the right to receive certain personal data you provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller;
  • Withdrawal of consent: the right to withdraw consent at any time where processing is based on consent;
  • Right to lodge a complaint: the right to lodge a complaint with your local data protection authority, including the UK Information Commissioner's Office, an EU supervisory authority, the Office of the Privacy Commissioner of Canada, or the Office of the Australian Information Commissioner.

To exercise any of these rights, please contact us at the address below. We may need to verify your identity before responding to your request and will do so within the timeframes required by applicable law.

10. Cookies

Our websites and Services use cookies and similar technologies. Please refer to our Cookie Policy for detailed information about the types of cookies we use, the purposes for which they are used, and how you can manage your preferences.

11. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or have any other privacy-related concerns, please contact our Data Protection contact at:

Email: privacy@verity-solutions.com
Postal: Data Protection, Verity Solutions, c/o Benefits For Expats, United Kingdom.

Terms & ConditionsPrivacy PolicyLegal DisclaimerCookie Policy