Privacy Policy

Last updated: March 2026

Short version: We collect the minimum data needed to operate Threshold Cloud. We do not use analytics, advertising trackers, or profiling. We do not sell your data. When you leave, we delete your data in line with this policy.

Who we are

Threshold Signalworks Ltd is a company registered in Ireland. We operate Threshold Cloud and the thresholdsignalworks.com website.

Contact: info@thresholdsignalworks.com

What this policy covers

This policy explains how we handle personal data relating to:

visitors to thresholdsignalworks.com
account holders and users of Threshold Cloud
people whose personal data may appear incidentally in customer policies, WAL events, or related records

Our role under GDPR

Our role depends on the type of data involved.

For customer workspace data stored through Threshold Cloud, we act as a data processor on behalf of our customers. Our customers are the data controllers for that data.

For account, billing, support, security, and service administration data relating to our own operations, we act as a data controller.

Website visitors

We do not use analytics, advertising trackers, marketing cookies, or third-party tracking scripts on this site.

Like most websites, basic network, hosting, and security logs may be processed as necessary to deliver, secure, and maintain the site.

Threshold Cloud users: what we collect

If you create or use a Threshold Cloud account, we may collect:

your email address
your API key hash
billing and subscription records
support communications you send us
the data you send through the service, including policies, WAL events, and quarantine records

This data exists to operate, secure, support, and bill for the service.

What we do not collect

We do not collect advertising identifiers, behavioural profiles, telemetry from the local Keel skill unless you configure Cloud use, or unnecessary personal data.

We do not sell personal data. We do not use personal data for advertising. We do not profile users for marketing purposes.

How we use personal data

We use personal data to:

create and manage accounts
authenticate API access
provide Threshold Cloud storage, synchronisation, retrieval, backup, and deletion
send essential service communications
process subscriptions and maintain billing records
secure, maintain, troubleshoot, and support the service
comply with legal obligations

Legal bases

Where we act as controller, our legal bases are:

Contract: processing necessary to create and manage accounts, provide the service, authenticate access, and send essential service communications.
Legal obligation: processing necessary to comply with tax, accounting, regulatory, and legal requirements.
Legitimate interests: processing necessary to secure, maintain, support, and improve the reliability of the service, provided those interests are not overridden by your rights.

Where we process customer workspace data on behalf of customers, we act as processor. The customer is responsible for the legal basis for that processing.

Where your data lives

Our service infrastructure is hosted in the European Union.

We do not intend to transfer customer workspace data outside the EEA. If that changes, we will update this policy and ensure appropriate safeguards are in place.

Recipients and sub-processors

We may share data only where necessary with service providers that help us operate the service, such as:

hosting infrastructure providers
payment processors
email providers for essential service communications
professional advisers where necessary
authorities where required by law

Current sub-processors:

Hosting provider: Scaleway (EU-based)
Payment processing: Stripe

We will update this list if sub-processors change and notify active customers where required.

Data retention

Account and customer workspace data is retained for the duration of your subscription.

WAL events are retained according to your plan tier:

Starter: 90 days
Team: 1 year
Other plans: as stated in your plan terms or contract

When you cancel your account, we delete associated customer workspace data and account data within up to 30 days, unless we need to retain some records for legal, tax, accounting, security, or fraud-prevention reasons.

Backup copies are deleted in the ordinary backup lifecycle.

Your rights

Where GDPR applies, you may have the right to:

access your personal data
rectify inaccurate data
erase personal data
restrict processing
receive a portable copy of data
object to certain processing
withdraw consent, where processing is based on consent
lodge a complaint with a supervisory authority

If you are in Ireland, you can lodge a complaint with the Data Protection Commission.

To exercise your rights, contact: info@thresholdsignalworks.com

If we are processing data only as a processor for one of our customers, we may need to direct your request to that customer.

Data breaches

If we discover a personal data breach affecting personal data for which notification is required, we will notify affected customers without undue delay and provide relevant information about the incident and our response.

Children

Threshold Cloud is not intended for children, and we do not knowingly collect personal data from children through the service.

Changes

If we change this policy, we will update the date at the top and notify active Cloud users where required.

Contact

Threshold Signalworks Ltd
Registered in Ireland
Email: info@thresholdsignalworks.com