Signal Email — Privacy, Data Protection & Cookies Policy
Last edited on 5 June 2026
1. Who we are and how to contact us
This Privacy Policy explains how Signal collects, uses, stores, shares, and protects information in connection with Signal Email (the “Email Service” or “Service”).
The data controller is Signal Ocean Ltd, a private limited company incorporated under the laws of England and Wales, registered office 83 Cambridge Street, Pimlico, SW1V 4PS, London, England, together with its affiliate Signal Ocean Single Member Private Company, 110 Vouliagmenis Avenue, Glyfada, 166 74, Greece (together, “Signal”, “we”, “us”).
- Privacy / data protection enquiries and rights requests: privacy@thesignalgroup.com
- Security incidents: security@thesignalgroup.com
- Data protection contact: privacy@thesignalgroup.com — we are not required to appoint, and have not appointed, a Data Protection Officer.
2. Scope
This Policy applies to the Email Service, including the data we access from your Connected Accounts (Microsoft Exchange / Microsoft 365, Google / Gmail, and generic IMAP/SMTP mailboxes) and the data we collect when You register for and use the Service. It supplements, and where the context requires is read together with, the Terms of Use. Third-party services have their own privacy policies, which govern their handling of your data.
3. Definitions
Capitalised terms have the meaning given in the Terms of Use. In addition:
“Connected Account” — a third-party email account You connect to the Service.
“Email Data” — the content and metadata of email messages and attachments accessed, received, sent, stored, or indexed through a Connected Account, including headers, sender/recipient addresses, subject lines, message bodies, attachments, timestamps, folder/label information, and message identifiers.
“Google User Data” — data the Service obtains through Google API Services (Gmail and related APIs).
“Microsoft Data” — data the Service obtains through Microsoft Services (Microsoft Graph / Exchange and related APIs).
“App” / “Plugin” — a software extension that runs within the Service (in a sandboxed frame) and can access defined categories of data through the Service’s apps framework, subject to the permissions it declares and that an administrator approves. Apps may be provided by Signal (“First-Party Apps”), by third-party developers via the apps marketplace (“Third-Party Apps”), or built by your own organisation for use within your account only (“Private Apps”).
“App Provider” — the entity that publishes an App. For First-Party Apps, this is Signal; for Third-Party Apps, the third-party developer; for Private Apps, your organisation.
“Personal Information” / “personal data” — any information relating to an identified or identifiable individual.
4. The information we access and collect
(A) Account and registration data. Name, work email address, organisation, job title, and authentication identifiers when You register or sign in.
(B) Connection credentials. OAuth access and refresh tokens (or, for IMAP/SMTP, the credentials You provide) that allow the Service to connect to your Connected Accounts. Tokens and credentials are stored encrypted and are used only to operate the Service on your behalf.
(C) Email Data. With your authorisation, and on your instruction, the Service accesses and processes:
- Message content — subject lines, message bodies, and attachments;
- Message metadata — sender, recipient, cc/bcc addresses, timestamps, message and thread identifiers, folder/label and read/unread status.
(D) Chat data and metadata. Where the Service includes messaging/chat features, the content of those messages and associated metadata (participants, timestamps, identifiers).
(E) Usage, device, and log data. IP address, browser and device type, operating system, language, time zone, access logs, feature usage, session duration, and diagnostic/telemetry data, collected to operate, secure, and improve the Service.
We request only the minimum third-party API permissions (scopes) needed to provide the features You use, applying the principle of least privilege. The specific Gmail and Microsoft Graph scopes used by the Service, and the feature each enables, are listed in Annex A.
5. How we obtain the data and the legal basis for processing
We obtain Email Data through Microsoft Services, Google API Services, and IMAP/SMTP, in each case after You authorise the connection via OAuth (or by providing IMAP/SMTP credentials). We process Personal Information only where we have a lawful basis, which may include:
| Purpose | Lawful basis (UK/EU GDPR) |
|---|---|
| Providing the Email Service to You under the Terms (connecting accounts, sending/receiving, storing, indexing, search) | Performance of a contract |
| Classifying, organising, extracting structured information from, and summarising Email Data to deliver user-facing features | Performance of a contract / legitimate interests |
| Making authorised data available to Apps you or your organisation install (section 7A) | Performance of a contract; consent (at the administrator’s direction) |
| Securing the Service, preventing abuse and fraud, maintaining reliability | Legitimate interests; legal obligation |
| Service and account communications | Performance of a contract; legitimate interests |
| Complying with legal and regulatory obligations | Legal obligation |
| Marketing communications (where applicable) | Consent (you may opt out at any time) |
Where Signal acts as a processor of Email Data on your instructions (for example, where the Service is provided to your organisation), the lawful basis for the underlying processing is determined by You as controller, and Signal processes the data only on documented instructions under a data processing agreement (section 12).
6. How we use the data — and the limits we place on that use
We use the data described above only to provide, maintain, secure, and improve the user-facing features of the Email Service, and to meet our legal obligations. Specifically:
- to connect your Connected Accounts and send, receive, read, compose, store, and organise email;
- to index Email Data so You can search and retrieve your messages within the Service;
- to classify and organise messages and to extract and present structured information (for example fixtures, cargoes, vessel positions, and lineups) and summaries, as visible features of the Service;
- to provide customer support and respond to your requests;
- to monitor, troubleshoot, secure, and improve the Service; and
- to comply with applicable law.
We commit that:
- Limited use. We limit our use of Email Data — and of any data aggregated, anonymised, or derived from it — to providing or improving features that are visible and prominent in the Service’s user interface.
- No selling, no advertising. We do not sell Email Data, and we do not use Email Data (or data derived from it) for advertising, including personalised, retargeting, or interest-based advertising.
- No model training on your content. We do not use your Email Data to train generalised or foundation artificial-intelligence models. Any automated processing is performed to deliver features to You and does not contribute to models used for other customers’ general benefit, except using data that has been fully aggregated and anonymised so that it can no longer be associated with You or any individual.
- Limited human access. We do not allow humans to read your Email Data except: (a) where You have given specific consent (for example, to investigate a support issue You raise); (b) where necessary for security purposes, such as investigating abuse, or to maintain or improve the Service in a way that requires limited, controlled access; (c) where the data has been aggregated and anonymised; or (d) where required by law.
- Limited transfer. We do not transfer Email Data except as necessary to provide or improve the Service (including to the sub-processors in section 9), to make data available to Apps you or your organisation install as described in section 7A, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users and continued protection of the data.
7. Compliance with Google and Microsoft data policies
(A) Google API Services. The Email Service’s access to, use of, storage of, and sharing of Google User Data complies with the Google API Services User Data Policy, including the Limited Use requirements. Our use of information received from Google API Services is limited to the practices disclosed in this Policy, in particular the commitments in section 6. The Email Service is a user-facing email client that allows users to compose, send, read, and process email, which is a permitted use of the Gmail API.
(B) Microsoft Services. The Email Service’s access to and use of Microsoft Data complies with the applicable Microsoft APIs Terms of Use and Microsoft’s data-handling and least-privilege requirements for Microsoft Graph. We request only the Microsoft Graph permissions necessary to provide the features You use (see Annex A) and use Microsoft Data only to provide those features, consistent with the commitments in section 6.
7A. Apps, plugins and integrations
The Service includes an apps framework that lets you extend its functionality with First-Party, Third-Party, and Private Apps installed from the apps marketplace.
(A) Installation and authorisation. Apps are installed by an organisation administrator, who reviews and approves the permissions an App requests before it is enabled. Installing an App authorises the Service to make the data covered by those permissions available to the App. Administrators can uninstall an App or rotate its credentials at any time, which ends its access.
(B) Marketplace approval of Third-Party Apps. Before a Third-Party App can be listed and made available in the apps marketplace, it must pass Signal’s app approval workflow. We review the App against our developer and security requirements — including the permissions (scopes) it requests, its declared data use, and its origin — and only approved Apps are published to the marketplace. Approval is not an endorsement and does not make Signal responsible for the App Provider’s ongoing data handling; it is a baseline review intended to reduce risk. We may suspend or remove an App from the marketplace if it no longer meets our requirements.
(C) What Apps can access. An App can access only the data permitted by the permissions (scopes) it declares and that an administrator approves, on the principle of least privilege. Today these scopes are limited to thread context and structured or derived data — for example, identifiers and extracted entities such as vessel, voyage, and tag information surfaced as “chips.” Apps are not given your raw message bodies or attachments, unless an App you or your organisation explicitly authorise requires it. Personal tags are never exposed to Apps. The specific scopes an App requests are shown to the administrator at installation.
(D) Third-Party Apps act independently. A Third-Party App is operated by its developer, not by Signal. When you install and use a Third-Party App, data covered by its permissions is shared with that developer, who acts as an independent controller (or your processor) and handles it under its own privacy policy and terms, which we encourage you to review. Signal does not control, and is not responsible for, how a Third-Party App’s provider uses data once it is transmitted to that App. Such Apps may transmit data to servers outside Signal’s infrastructure.
(E) Private Apps. Where your organisation builds a Private App for use within its own account, your organisation determines what that App does with the data it accesses and acts as controller for that processing. Signal makes the authorised data available on your organisation’s instruction.
(F) Limited Use is preserved. We make data from Google API Services and Microsoft Services available to an App only to provide a feature you have chosen to use, and only to the extent permitted by Google’s Limited Use requirements and Microsoft’s data-handling requirements. We do not make such data available to Apps for advertising, for sale, or to train generalised AI models. Where an App would receive Google or Microsoft data, that transfer occurs only with your authorisation and consistent with those providers’ policies.
(G) Security. Apps run in a sandboxed frame with restricted permissions, authenticate with short-lived, per-user, org-scoped tokens, and are loaded only from registered, validated origins. These controls limit, but cannot eliminate, the risks of running third-party code; you remain responsible for the Apps your organisation chooses to install.
8. Where we store data and how we secure it
(A) Hosting and location. Email Data, attachments, and associated metadata are stored on Microsoft Azure. We support persisting data in any global Azure region where a Microsoft datacenter is available. The default region is West Europe, and another supported region can be used to meet your data-residency requirements. Email message content and attachments are stored in Azure storage; metadata (and chat metadata) is stored in an Azure database (PostgreSQL).
(B) Security measures. We apply technical and organisational measures appropriate to the risk, including:
- encryption of data in transit (TLS) and at rest;
- encryption and access control of OAuth tokens and credentials;
- role-based access control, least-privilege access, and audit logging;
- network controls, monitoring, and vulnerability management;
- secure software-development practices and change management; and
- regular penetration testing of the production environment supporting the Service.
(C) Certifications and frameworks. Signal operates an information security management system certified to ISO/IEC 27001 and processes personal data in accordance with the GDPR.
No system is completely secure; while we take reasonable steps to protect your data, we cannot guarantee absolute security.
9. Sub-processors and recipients
We share data only as needed to operate the Service and as set out below. Current sub-processors include:
| Sub-processor | Purpose | Location |
|---|---|---|
| Microsoft (Azure) | Cloud hosting, storage, database | West Europe (default); any Azure region globally on request |
| Microsoft (Microsoft Graph / Exchange) | Source mail provider for connected Microsoft accounts | per provider |
| Google (Gmail API) | Source mail provider for connected Google accounts | per provider |
| Clerk | Authentication / identity | United States |
| Anthropic | AI processing of Email Data to deliver extraction, classification, and summarisation features | United States |
| Ably | Real-time delivery of in-app updates and chat | United Kingdom (HQ); global edge network |
Third-Party Apps you install through the apps framework are not Signal sub-processors; they are independent recipients you choose, and they handle data under their own terms (see section 7A).
We may also disclose data: to Affiliates for the purposes described here; to comply with law, court orders, or regulatory requests; to protect the rights, security, and integrity of Signal, our users, or others; and in connection with a merger, acquisition, or sale of assets, with notice to affected users and continued protection of the data. We do not otherwise sell or rent Personal Information.
10. Data retention and deletion
We retain Email Data and associated metadata for as long as your Connected Account remains connected and your account is active, and thereafter only as needed for the purposes described here or as required by law.
- On disconnecting a Connected Account or deleting your account, we cease accessing new Email Data and delete or de-identify the stored Email Data for that account within 30 days, except where retention is required by law.
- Revoking access: You may revoke the Service’s access at any time through the Service or your provider’s settings (Google Account permissions / Microsoft My Apps).
- Apps: uninstalling an App ends its access to your data going forward. Data already transmitted to a Third-Party App is retained and deleted under that App Provider’s policy, not Signal’s (see section 7A).
- Backups: residual copies in routine backups are deleted on their normal expiry cycle.
- Account/administrative data may be retained for up to seven (7) years after termination where required for legal, tax, or audit purposes.
11. International transfers
Where Personal Information is transferred outside the UK or EEA, we ensure an appropriate safeguard is in place, such as an adequacy decision or the relevant Standard Contractual Clauses / UK International Data Transfer Agreement, together with any supplementary measures required. For more detail, contact privacy@thesignalgroup.com.
12. Controller / processor roles and the DPA
Signal acts in dual roles depending on the data concerned:
- Processor of Email Data. Where Signal processes Email Data (and chat content) on your behalf and on your documented instructions — for example, as part of providing the Service to your organisation — Signal acts as a processor and You (or your organisation) act as the controller. This processing is governed by Signal’s Data Processing Agreement (DPA), which forms part of the Agreement and addresses the subject matter, nature, purpose and duration of processing; the types of personal data and categories of data subjects; security measures; authorised sub-processors and flow-down terms; assistance with data-subject requests, breach notification, and data-protection impact assessments; deletion or return of data on termination; audit rights; and international-transfer mechanisms (Standard Contractual Clauses / UK IDTA).
- Controller of account, usage and security data. Where Signal determines the purposes and means of processing — for example account and registration data, usage, device and log data, and data processed to secure, support, bill, and improve the Service — Signal acts as a controller, and this Policy describes that processing.
The DPA is incorporated into the Agreement and is available on request at privacy@thesignalgroup.com.
13. Your data protection rights
Subject to applicable law, You have the right to: be informed about processing; access your Personal Information; have inaccurate data corrected; have data erased in certain circumstances; restrict or object to processing; data portability; and withdraw consent where processing is based on consent (without affecting prior lawful processing).
How to exercise your rights / subject access requests (SARs). Send requests to privacy@thesignalgroup.com. We will acknowledge and respond within one (1) month of receipt (extendable by two further months for complex requests, with notice). We will verify your identity before acting. Where Signal acts as a processor, we will promptly forward relevant requests to the controller and assist as required. For data held by a Third-Party or Private App, requests may need to be directed to that App Provider as controller (see section 7A). There is normally no charge.
14. Children
The Email Service is intended for business users and is not directed to children. We do not knowingly collect Personal Information from children.
15. Cookies and similar technologies
The Service uses a small number of strictly necessary cookies (for authentication and security) and functional browser storage (for remembering your preferences). We do not use analytics, advertising, or tracking cookies, and we do not use cookies to profile You or share data with advertisers. Because the cookies we set are strictly necessary, no cookie-consent banner is required for them under applicable law.
(A) Cookies. These are first-party cookies set to operate and secure the Service:
| Cookie | Set by | Purpose | Duration |
|---|---|---|---|
__session | Clerk (our authentication provider) | Maintains your signed-in session | Session |
__client_uat | Clerk | Signals your authentication state to the application | Short-lived |
__clerk_db_jwt, __refresh | Clerk | Securely refreshes your session so You are not signed out unnecessarily (where enabled) | Persistent |
__cf_bm / Cloudflare challenge cookies | Cloudflare, via Clerk’s bot protection on the sign-in/sign-up pages | Distinguishes humans from automated abuse to protect the authentication forms | ~30 minutes |
All of the above are strictly necessary: blocking them will prevent sign-in and core functionality.
(B) Local storage (similar technologies). We store the following in your browser’s local storage to remember your preferences and interface state. These are functional, contain no sensitive data, and are not transmitted to advertisers:
| Key | Purpose | Duration |
|---|---|---|
maritime-theme | Remembers your light/dark theme | Persistent |
signal-email:date-format | Remembers your preferred date format (also saved to your account) | Persistent |
pane-width:* | Remembers panel/column widths You resize | Persistent |
sidebar:mailbox:*:expanded | Remembers which sidebar folders are expanded | Persistent |
inbox:lastThread | Restores the message You were last viewing | Session |
signal_terms_acceptance | Temporarily records your acceptance of the Terms and this Policy at sign-up, until it is saved to your account | Temporary (cleared after first sign-in) |
(C) Managing these technologies. You can block or delete cookies and clear local storage through your browser settings. Note that blocking the strictly necessary cookies above will stop You signing in and using the Service. If we introduce any non-essential (for example analytics) cookies in future, we will update this section and obtain your consent where required before setting them.
16. Changes to this Policy
We may revise this Policy from time to time. We will post the updated version at https://emailapp.signalocean.com/legal/privacy and, for material changes, notify You by email and/or in-product notice. Continued use after the effective date constitutes acceptance.
17. Complaints
If You have concerns about our use of Personal Information, please contact privacy@thesignalgroup.com. You may also complain to a supervisory authority — in the UK, the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; helpline 0303 123 1113; https://ico.org.uk — or, in the EU, your local supervisory authority (e.g. the Hellenic Data Protection Authority).
18. Contact
Privacy and rights requests: privacy@thesignalgroup.com.
Annex A — API scopes and the features they enable
(Reviewers check that each requested scope maps to a real, prominent feature and follows least privilege. Complete this table to match your actual implementation.)
| Provider | Scope | Feature it enables | Why least privilege |
|---|---|---|---|
https://www.googleapis.com/auth/gmail.readonly | Reading and syncing messages and threads into the client | Read-only access for inbound sync | |
https://www.googleapis.com/auth/gmail.modify | Marking read/unread, archiving, labelling, and organising messages | Reflects in-client organising actions back to Gmail; does not grant delete/settings access | |
https://www.googleapis.com/auth/gmail.send | Composing and sending email from the client | Send-only; does not grant broader account access | |
https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile | Identifying the connected account (email address, display name) | Basic profile only, to label the connection | |
| Microsoft Graph | Mail.Read | Reading and syncing messages into the client | Read access for inbound sync |
| Microsoft Graph | Mail.Send | Composing and sending email from the client | Send-only |
| Microsoft Graph | User.Read | Basic profile of the connected user | Identifies the connection only |
| Microsoft Graph | offline_access | Maintaining the connection for background sync without re-prompting | Enables refresh tokens; no additional data access |
Shared mailboxes (Microsoft). For organisation shared mailboxes connected via application (client-credentials) access, the Service uses the
.defaultscope, which resolves to the application permissions granted to the Service in your Azure AD app registration (e.g.Mail.Read,Mail.Send). Administrators control these permissions at consent time.