Signal Ark is designed with privacy-first principles so your team can prospect legally and confidently. The GDPR settings give you the tools to track consent, automate data lifecycle policies, and respond to individual data subject rights requests — all from within the platform.Documentation Index
Fetch the complete documentation index at: https://docs.signalark.app/llms.txt
Use this file to discover all available pages before exploring further.
What data Signal Ark stores
Signal Ark processes two categories of data relevant to GDPR: Company (firmographic) data — business name, domain, employee count, revenue, industry, location, and tech stack. This is business intelligence data about legal entities rather than individuals and is generally not classified as personal data under GDPR. Contact data — names, work email addresses, job titles, and LinkedIn profiles associated with individuals at the companies you track. This is personal data and is subject to GDPR requirements.Signal Ark collects contact data through public sources, enrichment providers (PDL), and data you import directly. You are the data controller for contact data in your workspace; Signal Ark acts as a data processor.
Consent records
You can track the legal basis for processing each contact’s data directly in Signal Ark. This creates an auditable record of why you’re allowed to store and use their information.Legal basis options
| Basis | When to use |
|---|---|
legitimate_interest | B2B prospecting where you have a genuine business reason to contact the individual |
consent | The individual has explicitly opted in to receive communications from you |
contract | Processing is necessary to fulfil a contract with the individual or their employer |
Recording consent
Open a contact record and navigate to the Privacy tab. From there you can:- Set or update the legal basis
- Specify the purpose the consent covers (for example, “Outreach” or “Event Marketing”)
- Set an expiration date for consent records that should be renewed periodically
Consent expiration alerts
When a contact’s consent record reaches its expiration date, Signal Ark flags the contact with aconsent_expired status. You can configure alerts under Settings > GDPR > Notifications to receive a daily digest of newly expired records so you can renew or remove them promptly.
Data retention policies
Signal Ark lets you create automated retention policies to keep your database clean and compliant with the GDPR storage limitation principle. To create a policy, navigate to Settings > GDPR > Retention Policies and click New Policy. Configure:- Data type — contacts, accounts, or signals
- Trigger condition — for example, “no engagement in the last 2 years” or “consent expired more than 90 days ago”
- Action —
anonymize(removes personal identifiers while keeping the record),archive(moves to a read-only archive), ordelete(permanent removal)
Data subject access requests (DSARs)
When an individual exercises their rights under GDPR — most commonly the right to access their data or the right to erasure (“right to be forgotten”) — you can manage the entire request lifecycle in Signal Ark.Logging a request
Enter the subject's details
Enter the individual’s email address and select the request type:
erasure (right to be forgotten) or portability (right to access/export).Review aggregated records
Signal Ark searches your workspace for all records associated with the email address — contact records, signal history, consent logs, and audit entries — and displays them in a summary view.
Process the request
For erasure requests: click Delete All Records to permanently remove all personal data associated with the individual from your workspace. For portability requests: click Generate Export to produce a structured JSON file containing all stored data, which you can send to the individual.
GDPR requires you to respond to data subject requests within 30 days of receipt. Signal Ark timestamps each request when it’s logged so you can track your response deadline.
Request history
All processed requests are recorded in Settings > GDPR > Data Requests > History with their status, processing date, and the acting team member. This log serves as your compliance record in the event of a regulatory inquiry.Data export for your workspace
If you need to export all data Signal Ark holds about your own workspace — for a vendor audit or to migrate to another platform — navigate to Settings > GDPR > Workspace Export and click Request Export. Signal Ark generates a full JSON export of your workspace data and sends a download link to the requesting Admin’s email within 24 hours.Frequently asked questions
Is Signal Ark GDPR compliant?
Is Signal Ark GDPR compliant?
Signal Ark is designed to support GDPR compliance for its customers. As a data processor, Signal Ark processes personal data only according to your instructions as the data controller. Signal Ark maintains a Data Processing Agreement (DPA) available on request from your account team.
Where is my data stored?
Where is my data stored?
Signal Ark stores data in secure cloud infrastructure in the EU and US regions. Your workspace is isolated from other customers’ data. Contact your account team if you have specific data residency requirements.
How long does Signal Ark retain data by default?
How long does Signal Ark retain data by default?
Without a custom retention policy, Signal Ark retains account and contact data for the lifetime of your subscription. Signal event data is retained for 24 months by default. You can override both defaults with custom retention policies.
Can I suppress a contact from all future enrichment?
Can I suppress a contact from all future enrichment?
Yes. Open the contact record, go to the Privacy tab, and toggle Suppressed. Suppressed contacts are excluded from enrichment, outreach, and signal matching. Suppression persists even if the same email is re-imported in a future ABM intake batch.