Privacy Policy

We process personal data on the following legal bases under GDPR Article 6(1):

• Consent (Art. 6(1)(a)): Statistics and marketing cookies are only activated after you give explicit consent.
• Contract performance (Art. 6(1)(b)): Processing payment data and delivering licenses for Pro plugin purchases.
• Legitimate interest (Art. 6(1)(f)): Contact form processing, technical server logs, security, and 404 error tracking to improve the site.

We collect and process the following categories of personal data from visitors to signocore.com:

• Contact form data: Name, email address, and message content submitted via the contact form. Used solely to respond to your inquiry.
• Payment and license data: When you purchase a Pro plugin, Stripe handles the payment. We receive billing information (name, email, country) and license details (product, purchase date, license status). We never store credit card numbers.
• Analytics data: With your consent, we use Google Analytics to collect anonymized usage data such as pages visited, time spent, traffic sources, and browser type.
• Technical server logs: On each visit the server automatically records technical data such as IP address, browser type, OS, and timestamp. Used for security, error monitoring, and performance.
• 404 logs: When a page is not found, we log the requested URL, referrer (without query parameters), and user agent. Used to discover broken links.
• Page views: Anonymous count of views on articles and glossary entries (aggregated counter, no user identification). Bot traffic is filtered.
• Developer tools (browser-based): Our free developer tools run entirely in your browser. Data you paste or upload (JSON, code, images, etc.) is processed client-side and never sent to our servers unless explicitly noted (e.g., the server-side SEO Analyzer fetches the URL you submit, but stores only a short-lived cache).

We use your data to:

• Respond to inquiries submitted via the contact form.
• Process Pro plugin purchases, deliver licenses, and handle invoicing.
• Understand how visitors use the site and improve content and tools.
• Ensure site stability, security, and performance.
• Detect and fix broken links and errors.

We use the following third-party processors. Data processing agreements (DPAs) are in place with all of them:

• Hetzner Online GmbH: Hosting of the website and database. All servers are located in the EU (Germany/Finland).
• Zoho Corporation (ZeptoMail): Transactional email delivery, including contact form replies and license emails. Data processed primarily in the EU via ZeptoMail's European infrastructure.
• Stripe, Inc.: Payment processing for Pro plugin purchases. Stripe is PCI DSS certified and processes payment data in the EU/US.
• Google LLC (Google Analytics): Anonymized traffic analysis. Activated only with your consent. Data may be transferred to the US (see section 6).

Links to third-party privacy policies: Hetzner, Zoho, Stripe, Google.

We do not sell personal data to third parties.

Hetzner and Zoho process data primarily in the EU. Stripe and Google Analytics may transfer data to the US. Both Stripe and Google LLC participate in the EU-US Data Privacy Framework, which provides an adequate level of data protection as recognized by the European Commission. As a supplementary measure, we apply IP anonymization and Consent Mode v2, removing personal identifiers from pings when consent is not granted.

We implement appropriate technical and organizational measures to protect your personal data:

• All communication with our site is encrypted with TLS (HTTPS).
• Regular security updates and patches of all systems and dependencies.
• Access control with least-privilege principle for internal systems.
• Monitoring and logging of system access to detect and respond to security incidents.
• Rate limiting and honeypot validation on the contact form to prevent abuse.

We retain personal data only as long as necessary for the purposes described:

• Contact form data: Retained up to 12 months after the conversation ends, then deleted.
• Billing data: Retained as required by accounting law (typically 5 years).
• Analytics data: 14 months (Google Analytics 4 default), then deleted automatically.
• Server log files: Up to 30 days.
• 404 logs: Up to 90 days.
• Cookie consent: Stored locally in your browser for 180 days.

We use cookies to remember your preferences and analyze traffic. Google Consent Mode v2 ensures Google Analytics collects full statistics only with your consent. Without consent, only cookieless pings are sent for statistical modeling.

Read the full description of cookie types, expiry, and providers in our cookie policy, where you can also manage your consent and view your consent history.

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with your national supervisory authority. In Denmark this is:

• Datatilsynet
• Carl Jacobsens Vej 35, 2500 Valby, Denmark
• Phone: +45 33 19 32 00
• Email: dt@datatilsynet.dk
• Website: www.datatilsynet.dk

We encourage you to contact us first so we can attempt to resolve any disagreements directly.