Legal
Privacy Policy
Last updated: 2 July 2026 · DRICOMM LTD
This Privacy Policy explains how DRICOMM LTD ("we", "us", "our"), a company registered in England and Wales, operates the SignalsHunt service at signalshunt.com and how we collect, use, and protect your personal data.
We are committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
Data Controller: DRICOMM LTD
Registered in England and Wales
Contact: info@signalshunt.com
2. What Data We Collect
Account data
- Email address (required to create an account)
- Password (stored as a bcrypt hash — we never see your plain-text password)
Profile data
- Your profession (optional, used to personalise results)
- Your website URL (used to generate your ideal client profile)
Usage data
- Search queries you submit (website URL + target niche)
- Generated leads and messages stored in your run history
- CRM status updates you make (New, Contacted, Replied, Won, Lost)
- Number of runs and last generation timestamp
Lead contact data (CRM)
When you set a CRM status on a lead, we may store the business email address associated with that lead alongside your status record. This email is discovered independently by our service from the business's own publicly accessible website — it is not sourced from Google. It is stored under your account solely to support your outreach tracking workflow and is not shared with other users or third parties. You may request deletion of this data at any time by contacting info@signalshunt.com.
Payment data
Payments are processed by Stripe. We do not store your card details. Stripe's privacy policy applies to payment data: stripe.com/privacy.
Technical data
- IP address and browser information (collected automatically by our hosting infrastructure)
- Theme preference stored in your browser's localStorage (not transmitted to our servers)
3. How We Use Your Data
- To provide the service — generating leads and personalised outreach messages
- To manage your account — authentication, plan enforcement, run history
- To process payments — via Stripe for Pro subscriptions
- To improve the service — understanding how the tool is used in aggregate
- To communicate with you — transactional emails such as password resets (no marketing without consent)
4. Legal Basis for Processing
- Contract performance — processing necessary to deliver the service you signed up for
- Legitimate interests — improving service quality, preventing abuse, and facilitating B2B outreach (see LIA below)
- Legal obligation — where required by applicable law
- Consent — for any optional communications
Legitimate Interests Assessment (LIA) — B2B Prospect Data
SignalsHunt retrieves business data (name, address, phone, website, publicly listed email) from the Google Places API to present as potential leads to our users. We rely on legitimate interests (UK GDPR Article 6(1)(f)) as the lawful basis for this processing. The assessment below explains why.
Purpose test — what is the legitimate interest?
Our users are freelancers and agencies seeking to grow their business through targeted B2B outreach. The interest is to connect service providers with businesses that may genuinely benefit from their services. This is a recognised commercial interest with clear value to both parties.
Necessity test — is processing necessary?
Yes. To identify relevant prospects we must retrieve and temporarily display business contact data. We retrieve only data that businesses have made publicly available (via Google Maps / Google Places). We do not purchase or scrape private databases. Business name, address, phone number, rating, and website are retrieved dynamically from Google and are not permanently stored. Where available, a business email address discovered on the business's own public website may be stored as part of a user's CRM record to support their outreach tracking — stored under that user's account only, not shared with other users or third parties.
Balancing test — do our interests override data subjects' rights?
We believe the balance is in our favour for the following reasons:
- All data is sourced from publicly listed business profiles — businesses have voluntarily made this information publicly available
- The processing concerns business contact data, not sensitive personal data; business owners have a reasonable expectation of being contacted about relevant services
- Outreach is targeted and relevant — matched to the user's profession and the business's apparent needs, not mass marketing
- We provide a clear and accessible opt-out mechanism at signalshunt.com/opt-out, allowing any business to exclude themselves from future results
- Users of SignalsHunt are contractually required to comply with GDPR, PECR, and CAN-SPAM when sending any outreach (see our Terms of Service)
Any individual or business who objects to the processing of their data may exercise their right to object under UK GDPR Article 21 by emailing info@signalshunt.com or using the opt-out form. We will act on valid objections promptly.
5. Third-Party Services
We share data with the following processors only to the extent necessary to operate the service:
- Supabase — database and authentication (data stored in EU region). Privacy policy
- Anthropic — AI generation of client profiles and outreach messages. Your website content and niche query are sent to Anthropic's API. Privacy policy
- Google — Google Places API to find prospect businesses. Search queries are sent to Google. We store only the place identifier (Place ID) from each result; business details (name, address, phone, rating, website) are retrieved dynamically at display time and are not permanently cached. Privacy policy
- Stripe — payment processing for Pro subscriptions. Privacy policy
We do not sell your personal data to any third party.
6. Data Retention
- Account data — retained while your account is active and for 90 days after deletion request
- Run history and leads — retained while your account is active; deleted upon account deletion
- CRM lead contact data (email addresses) — retained while your account is active; deleted upon account deletion or upon request to info@signalshunt.com
- Payment records — retained for 7 years as required by UK tax law
7. Your Rights Under UK GDPR
You have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate or incomplete data
- Erasure — request deletion of your data ("right to be forgotten")
- Restriction — limit how we process your data
- Portability — receive your data in a machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — at any time where processing is based on consent
To exercise any of these rights, email us at info@signalshunt.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk.
7a. Opt Out of Outreach (Business Data)
SignalsHunt users may search for local businesses using Google Places data. If your business appears in those results and you do not wish to be contacted by our users, you can submit an opt-out request using our self-service form:
Once submitted, your business will be added to our exclusion list and will no longer appear in lead generation results. This right applies under UK GDPR Article 17 (erasure) and Article 21 (right to object), as well as the CCPA right to opt out of sale/sharing of personal information.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, and access controls. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.
9. International Transfers
Some of our third-party processors (Anthropic, Google) may process data outside the UK/EEA. Where this occurs, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).
10. Children
SignalsHunt is not intended for users under 18 years of age. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by email or by displaying a notice within the service. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
DRICOMM LTD
Email: info@signalshunt.com