Trust
Security
Trust begins with evidence. The same standard we apply to measuring AI systems is the standard we apply to protecting the information entrusted to us. We take reasonable, practical steps, describe them plainly, and do not overstate them.
Reputable providers
We run the business on established platforms rather than systems we've built ourselves — Google Workspace for email and documents, Cloudflare for website hosting and protection, and Twilio for business telephony. We rely on their security programs alongside our own practices.
Principle of least privilege
Access to company systems and client information is limited to those who need it to do the work. Administrative accounts are separate from everyday accounts, protected by multi-factor authentication, and used only for administration.
Limited data collection
The most reliable way to protect information is not to collect it. We ask for what we need to respond to you and to deliver the work, and little else. Our measurement work concerns publicly available information about businesses and markets.
Responsible handling
Client records are kept in access-controlled systems, retained only as long as we need them, and deleted or rendered unreadable when they are no longer needed.
What we don't claim
No system, service, or organization can be guaranteed perfectly secure, and we will not tell you otherwise. If we ever become aware of an incident affecting your information, we will act promptly and communicate honestly about what we know.
Reporting a concern
If you believe you've found a security issue, please write to hello@signalforgecorp.com. We'll acknowledge you and look into it.