Signum
Try free

Last updated · May 24, 2026

Privacy Policy

Signum is operated by Axiom Tech Lab ("Signum", "we", "us"). This policy explains what data we collect, how we use it, and the choices you and your recipients have. It applies to signum.email, the Signum dashboard at app.signum.email, our browser extension, and our Gmail add-on.

1. What we collect from senders

When you sign in with Google, we receive your name, email address, and Google account ID. We use Google sign-in to authenticate you and to send emails on your behalf when you ask us to.

When you send a tracked email through Signum, we store the subject line, recipient address, the time it was sent, and any tracking events that come back from the recipient's email client. Sensitive fields are encrypted with a key unique to your workspace.

2. What we collect from recipients

When a tracking signal fires (a pixel, a CSS beacon, a link click, etc.) we receive:

  • The IP address of the device that fired it
  • The User-Agent string
  • The time the signal fired
  • Which signal fired (pixel, CSS, font, DNS, click, API)

We use this to score engagement, filter automated traffic (proxies, scanners, bots), and show the sender what happened. We do not share this with third parties.

3. Recipient opt-out

Every Signum-tracked email contains a visible "tracked by Signum — opt out" link in the footer. Recipients can opt out per-sender or globally with one click. Their choice is honored across every Signum user — once opted out, no tracking signals from any Signum sender will be recorded for that recipient's email address again.

4. Encryption and security

Subject lines, recipient emails, IP addresses, and other sensitive fields are encrypted at the application layer using per-workspace keys derived from a master pepper held in our secret management system. Our database does not store any keys, so even a database compromise would not expose readable data.

All traffic between your browser, our APIs, and our edge workers is over TLS. Internal service-to-service traffic is authenticated.

5. Data retention

Tracking events are retained for 13 months by default. You can delete any tracked email, recipient, or event from your dashboard at any time. From Settings → Data → Export, you can download everything we hold for your workspace as a JSON archive. From Settings → Data → Delete, you can permanently delete the entire workspace after a 24-hour grace period.

6. Subprocessors

Signum uses a small set of trusted infrastructure providers. The current list:

  • Google Cloud Run — application hosting
  • Neon (Postgres) — primary database, US-East
  • Cloudflare — edge workers and CDN
  • Anthropic — AI follow-up drafts (only when the user invokes the AI feature)

7. Compliance

We align with the GDPR's data subject rights — access, rectification, erasure, portability, and objection — for every recipient and every sender. A signed Data Processing Agreement is available on request to teams on paid plans.

8. Contact

Privacy questions, data requests, or anything else: write to [email protected].