Privacy Policy
Last updated: July 3, 2026
Material Model, Inc., doing business as Signals (“Signals”, “we”, “us”, “our”), is committed to protecting privacy and securing personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when we provide customer messaging services for ecommerce brands.
Signals is a business-to-business service. We process information for our business customers and their end customers through iMessage, RCS, SMS, 10DLC SMS, WhatsApp, and related commerce, support, analytics, and messaging systems.
For how we handle messaging consent, marketing sends, opt-outs, and channel-specific compliance controls, see our Messaging Compliance page.
- Account information: name, email address, company name, phone number, role, and authentication information
- Billing and contract information: plan, subscription, payment, invoicing, and procurement details
- Brand configuration: catalog, product, policy, return, exchange, shipping, review, support, automation, and escalation settings
- Integration data: connected commerce, helpdesk, messaging, consent, analytics, fulfillment, return, and warehouse systems
- Team communications: support tickets, feedback, emails, calls, and other correspondence
We may process end customer information on behalf of a business customer, including:
- Contact information: name, phone number, email address, and messaging handle
- Order information: order IDs, order names, products, variants, delivery status, tracking, return or exchange status, shipping region, and billing region
- Conversation content: inbound and outbound messages, attachments, images, reactions, message metadata, and thread history
- Support and purchase context: customer questions, return or exchange requests, product preferences, styling questions, purchase intent, feedback, reviews, and escalation notes
- Consent and compliance data: marketing consent state, opt-in or opt-out evidence, suppression status, unsubscribe requests, outreach preferences, and message route evidence
- Usage data: features used, conversations processed, response outcomes, workflow outcomes, and automation events
- Device and log data: browser type, operating system, IP address, access time, pages viewed, and clickstream data
- Analytics data: performance metrics through tools such as Google Analytics 4, PostHog, and Datadog RUM
- Cookies and similar technologies: session management, preference storage, security, and analytics
We use information to:
- Provide, operate, secure, and improve Signals
- Send and receive customer messages across supported channels
- Respond to customer support, order, delivery, return, exchange, product, and purchase-assistance requests
- Generate AI-assisted replies, recommendations, workflow steps, summaries, classifications, and escalations
- Route conversations to humans when needed
- Process opt-outs, consent evidence, outreach preferences, and other compliance controls
- Measure conversation outcomes, support resolution, revenue impact, and product feedback
- Maintain billing, fraud prevention, audit, logging, security, and account administration
- Send service, security, administrative, and transactional notices
- Send marketing communications where permitted and with required consent
- Comply with legal obligations and enforce our Terms of Service
- Improve our products, services, technologies, and algorithms, including with aggregated or de-identified data
3. AI and Messaging Providers
Signals uses AI and infrastructure providers to process conversation content, commerce context, and workflow state. These providers may include cloud infrastructure, language model providers, messaging providers, analytics tools, and commerce or support integrations.
Where available, we use strict data protection terms and controls, including zero data retention terms for supported AI processing. AI providers are not permitted to use customer data to train their general models unless a separate agreement expressly allows it.
4. Data Sharing and Disclosure
We do not sell personal information. We may share information:
- With service providers that help operate Signals, under confidentiality and data protection obligations
- With a business customer’s connected systems, such as commerce, support, messaging, consent, warehouse, analytics, and return systems
- With human operators or authorized brand personnel when a conversation escalates or requires review
- When required by law, subpoena, court order, or other legal process
- To protect our rights, property, safety, users, customers, or the public
- With explicit consent or at the direction of the relevant business customer
- In connection with a merger, acquisition, financing, restructuring, or sale of assets
5. Messaging Compliance and Opt-Outs
Signals processes opt-outs and suppression requests. Standard STOP-style keywords are handled immediately, and ordinary-language requests to stop future text or customer messages may also block future outreach.
Signals may process marketing consent state, opt-in evidence, opt-out evidence, customer outreach preferences, message channel evidence, order geography, and related compliance metadata. For more detail, see Messaging Compliance.
6. Data Security
We implement security measures designed to protect information, including:
- TLS encryption for data in transit
- Encryption for stored data
- Private cloud infrastructure on Google Cloud Platform
- Role-based access controls and multi-factor authentication
- Audit logging and monitoring
- Vulnerability management, backups, and incident response procedures
For more detail, see our Security page.
7. Data Retention
We retain information for as long as needed to provide Signals, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes.
Typical retention categories include:
- Account data: for the account term and a reasonable period afterward
- Conversation data: based on business customer settings, operational needs, and legal requirements
- Media attachments: based on configurable retention policies where available
- Consent, suppression, and audit records: as needed to honor opt-outs, prove compliance, and maintain system integrity
- Billing and financial records: as required by law
- Aggregated or de-identified data: may be retained indefinitely
You may request deletion of identifiable data by contacting privacy@returnsignals.com. Business customers may submit end customer deletion requests on behalf of their end customers. Deletion requests do not require us to delete aggregated or de-identified data, or records we must retain for legal, security, billing, or compliance purposes.
8. Your Privacy Rights
Depending on your location, you may have rights to:
- Access: Request a copy of personal information we hold
- Correction: Update or correct inaccurate information
- Deletion: Request deletion of personal information
- Portability: Receive data in a structured, machine-readable format
- Restriction: Limit how we process information
- Objection: Object to certain processing
- Withdrawal: Revoke consent where processing is based on consent
To exercise these rights, contact privacy@returnsignals.com. We will respond as required by applicable law.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to support:
- Essential site and platform functionality
- Security and fraud prevention
- Preferences and session management
- Analytics and performance measurement
You can control cookies through your browser settings. Disabling certain cookies may limit functionality.
10. International Data Transfers
Information may be transferred to and processed in the United States and other countries where we or our providers operate. We use appropriate safeguards for international transfers where required.
11. Children’s Privacy
Signals is not intended for individuals under 18. We do not knowingly collect personal information from children. If we learn that we collected information from a child, we will take appropriate steps to delete it.
12. California Privacy Rights
California residents may have additional rights, including the right to know what personal information is collected, used, shared, or sold; the right to delete personal information; the right to opt out of sale or sharing where applicable; and the right not to be discriminated against for exercising privacy rights.
We do not sell personal information. To make a California privacy request, email privacy@returnsignals.com.
13. European Privacy Rights
Signals is currently offered to businesses located in the United States. If European privacy laws apply to particular processing, we will process information under an appropriate legal basis, such as contract performance, legitimate interests, consent, or legal obligation.
14. Third-Party Links and Services
Signals may connect to third-party websites, platforms, and services. We are not responsible for the privacy practices of those third parties. Business customers should review the privacy and compliance terms of their connected systems.
15. Changes to This Policy
We may update this Privacy Policy periodically. We will post the updated policy with a new “Last Updated” date. When required, we will provide additional notice.
Continued use of Signals after changes become effective constitutes acceptance of the updated policy.
For privacy-related questions, requests, or concerns, contact us:
Material Model, Inc. (d/b/a Signals)
2261 Market Street STE 85311, San Francisco, CA 94114
Email: privacy@returnsignals.com
Website: www.returnsignals.com
For general inquiries, contact hello@returnsignals.com.