Signal GuardGet started

Privacy Policy

Last updated: May 2025

1. Who We Are

Signal Guard is a service operated by Umut Çakmak ("we", "us", or "our"), based in Turkey. You can reach us at data@umutcakmak.com.

2. What Data We Collect

  • Account information: Your name and email address, collected when you sign in via Google or magic link.
  • Google OAuth token: A refresh token that allows Signal Guard to query your Google BigQuery datasets on your behalf. This token is encrypted at rest using AES-256-GCM.
  • Guard configuration: The GCP project IDs, BigQuery dataset IDs, event names, and notification preferences you enter when creating guards.
  • Run results: Anomaly detection results (event counts, drop percentages) generated by your guards. No raw GA4 event data is stored — only aggregated counts.

3. How We Use Your Data

  • To authenticate you and maintain your session.
  • To query your BigQuery datasets and detect anomalies in your GA4 data.
  • To send email or Slack alerts when anomalies are detected.
  • To display your guard history and run results in the dashboard.

We do not sell your data to third parties. We do not use your data for advertising.

4. Google API Scopes

Signal Guard requests the following Google OAuth scopes:

  • https://www.googleapis.com/auth/bigquery.readonly — read-only access to your BigQuery datasets to query GA4 event tables.
  • openid, email, profile — basic identity for authentication.

We do not request write access to your Google account or BigQuery projects. You can revoke access at any time from your Google account permissions.

5. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on Supabase (EU region). Google OAuth refresh tokens are encrypted at rest using AES-256-GCM before storage. We use HTTPS for all data in transit.

6. Data Retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data at any time by emailing data@umutcakmak.com.

7. Third-Party Services

  • Vercel — application hosting (USA/EU)
  • Supabase — database hosting (EU)
  • Resend — transactional email delivery
  • Google Cloud — authentication and BigQuery access

8. Your Rights

Under applicable laws (including GDPR and KVKK), you have the right to access, correct, or delete your personal data. To exercise these rights, contact us at data@umutcakmak.com.

9. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice in the dashboard.

10. Contact

Questions about this policy? Email us at data@umutcakmak.com.