LLM Signal
Log inGet Started for Free
Legal

LLM Signal Data Processing Agreement (DPA)

Last updated: January 31, 2026

This Data Processing Agreement ("DPA") is between LLM Signal and you, the customer. It forms part of the Terms of Service and governs how we handle personal data on your behalf.

1. Key Terms (Plain English)

  • Controller — That's you. You decide what data to collect and why.
  • Processor — That's us, LLM Signal. We process data only to deliver analytics and related services.
  • Subprocessor — Vendors we use to help process data (such as hosting providers).

2. Scope of Processing

When you add the LLM Signal script to your website, we may collect visitor information such as IP address, browser type, device info, user agent, country, unique identifiers, and page activity to provide analytics and verification features.

LLM Signal does not use cookies for analytics. You are responsible for ensuring your website complies with GDPR and ePrivacy rules, including showing any required notices to visitors.

We process data only to provide analytics, reporting, and related features. We never use your data for our own marketing or profiling. We never sell or share your data to third parties.

3. Data Retention

Customer account data is kept until you delete your account.

Visitor data retention varies based on your plan and usage: short-term trial data is deleted within weeks, while long-term customers retain data longer to provide historical analytics. You can request deletion at any time.

4. Subprocessors

We may use trusted vendors to process data (such as hosting, analytics infrastructure, and AI providers). A current list of subprocessors can be provided on request, and we will update this page when we make material changes.

5. International Data Transfers

Our infrastructure may be located outside the EU, including in the United States. This means personal data of EU/EEA residents may be transferred internationally. We rely on our subprocessors' compliance with applicable laws (including GDPR Standard Contractual Clauses where relevant) to safeguard these transfers.

6. Security Measures

  • Encryption in transit via HTTPS.
  • Access controls to restrict data to authorized personnel.
  • Backups to prevent accidental loss of important data.
  • Secure hosting with reputable vendors.

7. Roles and Responsibilities

Your responsibilities:

  • Ensure you have a lawful basis to collect and process personal data.
  • Implement required notices or consent mechanisms.
  • Manage deletion requests from your users.

Our responsibilities:

  • Process data only on your instructions.
  • Keep data secure and confidential.
  • Assist you in meeting data protection obligations within reason.

8. Governing Law

This DPA is governed by the laws of the United States.

Questions

Questions about this DPA? Contact us.