Legal
Privacy Policy
Last updated: June 18, 2026
Demand Signals (“we,” “us,” or “our”) operates the website demandsignals.co and provides AI-powered demand generation, website development, and digital marketing services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or engage our services.
1. Information We Collect
1.1 Information You Provide Directly
- Contact forms: Name, email address, phone number, business name, website URL, and any message content you submit through our contact, quote request, or report request forms.
- Newsletter sign-ups: Email address and, optionally, your name and business name.
- Booking/scheduling: When you book a call through our Google Calendar integration, your name, email, and selected time slot are processed by Google. We receive the appointment details.
- Client engagements: Business information, access credentials, analytics data, and other materials you provide as part of a service engagement, governed by your service agreement.
1.2 Information Collected Automatically
- Server logs: IP address, browser type, operating system, referring URL, pages visited, and timestamps. These are standard web server logs retained for security and operational purposes.
- Analytics: Depending on your cookie-stoplight choice (see Section 3), we may collect pageview events via PostHog and a first-party pageview beacon. We do not run advertising pixels or cross-site tracking technologies on this site.
- Cookies: We store your cookie-stoplight preference under the key
dsig_cookie_consent(essential / balanced / all) so we remember your choice. Additional cookies and recording features apply only on Yellow or Green — see Section 3.
1.3 Information We Do Not Collect
- We do not collect payment information directly — all payments are processed through third-party payment processors (e.g., Stripe, PayPal) with their own privacy policies.
- We do not collect biometric data, geolocation data, or data from social media profiles unless you explicitly provide it.
- We do not purchase consumer data from data brokers or third parties.
2. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To respond to inquiries, deliver intelligence reports, fulfill service engagements, and communicate project updates.
- Marketing communications: To send occasional emails about our services, blog posts, or industry insights. You can opt out at any time using the unsubscribe link in any email.
- Site improvement: To analyze aggregate usage patterns, identify technical issues, and improve site performance and content.
- Security: To detect and prevent fraud, abuse, and unauthorized access to our systems.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
3. Analytics, Cookie Tiers, and Your Choices
We use a three-tier cookie preference widget (the “stoplight”) at the bottom-left of every page. Your choice controls what we collect. You can change your choice at any time by clicking the cookie icon. Until you choose, we treat your visit as Essential only— the most restrictive tier — and run no analytics at all.
3.1 What each tier does
- Red — Essential only: Site-function cookies only (authentication, session, security). No analytics. No session recording. No marketing. No first-party traffic beacon. We learn nothing about your visit beyond what is in standard web-server logs.
- Yellow — Balanced: Adds first-party pageview counts (our own server, no cookies) plus PostHog pageview events with UTM campaign attribution. PostHog is a third-party analytics platform hosted in the United States. At this tier, PostHog does not record sessions, does not capture clicks or form submissions, does not build heatmaps, does not record network timing, and does not detect dead/rage clicks. The only signals it receives are which page you viewed and the campaign parameters in the URL.
- Green — All cookies: Everything in Yellow plus PostHog session replay (mouse movements, clicks, scrolls), heatmaps, autocapture (every click target and form-submit event), dead-click detection, request/response header recording in the replay timeline, and network timing data. Form inputs and any element marked with the
data-ph-maskattribute are masked automatically so they are not visible in replays. This tier is also reserved for future third-party marketing pixels (e.g. social ad pixels); none are currently enabled.
3.2 PostHog details (Yellow and Green only)
PostHog is hosted on PostHog Cloud (US region). We use PostHog only to improve our website's usability and content. We do not use PostHog for cross-site tracking, do not sell or share PostHog data with third parties, and do not use PostHog for advertising decisions. Replay recordings are stored by PostHog for the retention period set in our PostHog account and are accessible only to authorized DSIG staff.
For more information about PostHog's own practices, see the PostHog Privacy Policy.
3.3 First-party pageview beacon
On Yellow and Green, we also send a lightweight beacon to our own server (/api/analytics/collect) on each navigation containing the page path, referring URL, screen dimensions, and UTM campaign parameters. This beacon is first-party, sets no cookies, is not shared with any third party, and is used to measure traffic volume and campaign attribution. On Red it does not fire at all.
3.4 California — CIPA disclosure
California Penal Code §§ 631 and 638.51 require that visitors consent to interception or recording of online communications by third parties. Choosing Yellow or Green on the cookie stoplight constitutes your prior consent for PostHog (a third party) to receive the data described in § 3.1 above. Choosing Red, or leaving the choice unmade, withholds that consent and disables all third-party data flow.
3.5 Global Privacy Control (GPC)
We honor the Global Privacy Control browser signal. If your browser sends GPC (Brave, Firefox with the setting enabled, DuckDuckGo, or any browser with a GPC extension), we automatically treat your visit as Red — Essential onlyregardless of any prior cookie choice you made on this site. The stoplight panel will not appear; a brief notification confirms the override. To temporarily allow analytics, you would need to disable GPC in your browser and reload — we will not nag you for consent while GPC is active.
3.6 “Your Privacy Choices” link
The Your Privacy Choiceslink in our site footer (marked with the official California blue toggle icon) is the statutorily-required opt-out mechanism under California Civil Code § 1798.135. Clicking it opens the cookie stoplight panel from any page on the site so you can change your tier or opt out at any time.
4. AI Systems and Data Processing
Demand Signals uses AI systems (including language models, content generation tools, and automation agents) as part of our service delivery. When we process your business data through AI systems:
- Client data is used solely for delivering the contracted services — never for training AI models.
- We use enterprise-grade AI APIs (e.g., Anthropic Claude API, OpenAI API) that do not retain or train on customer data per their data processing agreements.
- AI-generated content is reviewed by our team before publication unless otherwise agreed in your service terms.
- We do not use AI to make automated decisions that produce legal or similarly significant effects on individuals.
5. Information Sharing and Disclosure
We do not sell, rent, or trade your personal information. We may share information in these limited circumstances:
- Service providers: We work with trusted third-party providers for email delivery (e.g., Gmail/Google Workspace), hosting (Vercel), analytics, and domain services. These providers are contractually obligated to protect your data and use it only for the services they provide to us.
- Client-authorized sharing: When delivering services, we may interact with your platforms (Google Business Profile, social media accounts, hosting providers) using credentials you provide. We access only what is necessary for the agreed scope of work.
- Legal requirements: We may disclose information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
6. Data Retention
- Contact form submissions: Retained for up to 2 years after the last communication, then deleted.
- Newsletter subscribers: Retained until you unsubscribe, then deleted within 30 days.
- Client project data: Retained for the duration of the engagement plus 1 year for reference, unless a longer period is specified in your service agreement.
- Server logs: Retained for up to 90 days for security and operational purposes.
- Analytics data: Aggregated analytics data (which cannot identify individuals) may be retained indefinitely.
You may request deletion of your personal data at any time (see Section 8).
7. Data Security
We implement reasonable technical and organizational safeguards to protect your information, including:
- HTTPS/TLS encryption on all web traffic
- Encrypted storage for sensitive credentials and API keys
- Access controls limiting data access to authorized personnel
- Regular security reviews of our infrastructure and third-party integrations
- Secure hosting on Vercel's SOC 2 Type II certified infrastructure
No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. If we become aware of a data breach that affects your personal information, we will notify you in accordance with applicable law.
8. Your Rights (California Residents — CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: You may request a copy of the personal information we have collected about you in the preceding 12 months, including the categories of information, sources, purposes, and third parties with whom it was shared.
- Right to Delete: You may request that we delete your personal information, subject to certain legal exceptions.
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. The Your Privacy Choices link in the site footer additionally lets you opt out of third-party analytics (PostHog) at any time, and we honor your browser's Global Privacy Control signal as a continuing opt-out. See § 3.5 and § 3.6.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
To exercise any of these rights, contact us at [email protected] or call (916) 542-2423. We will respond to verified requests within 45 days.
9. Other State Privacy Rights
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with consumer privacy laws may have similar rights to access, delete, and correct their data, and to opt out of targeted advertising. Since we do not sell data or engage in targeted advertising, most opt-out rights are already satisfied. For data access or deletion requests, contact us using the information in Section 13.
10. Children's Privacy
Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.
11. Third-Party Links
Our website may contain links to third-party websites (e.g., Google Calendar for booking, social media profiles). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
13. Contact Us
Demand Signals
Northern California, United States
Email: [email protected]
Phone: (916) 542-2423
Hours: Monday–Friday, 10 AM – 8 PM Pacific Time
Demand Signals · Northern California · United States