SignalDesk

Security & Trust

SignalDesk is built with security-first principles. Here's how we protect your data.

Infrastructure & Encryption

Encryption in Transit

All data transmitted to and from SignalDesk is encrypted using TLS 1.3. This includes CSV uploads, API communications, and authentication flows.

Secure Data Storage

Your support ticket data is stored in encrypted PostgreSQL databases hosted on Neon. Database credentials are rotated regularly and never exposed in logs.

Authentication Security

Passwords are hashed using bcrypt with salt rounds. Sessions are managed with secure, httpOnly cookies and 14-day expiration. OAuth tokens for Linear are encrypted at rest.

Infrastructure

SignalDesk runs on Replit's infrastructure with automatic scaling, DDoS protection, and isolated execution environments. No customer data is shared between tenants.

AI Transparency

SignalDesk uses AI to analyze support tickets and generate product documentation. Here's exactly how.

AI Model Usage

  • We use OpenAI's gpt-4o-mini for text generation (PRDs, tickets, cluster summaries)
  • We use OpenAI's text-embedding-3-small for semantic similarity analysis
  • Your data is not used to train OpenAI models (per OpenAI's enterprise data policy)

Data Processing

  • Ticket text is sent to OpenAI only during active processing (clustering, PRD generation)
  • We recommend anonymizing customer data before upload
  • Processing results are stored in your account and not shared with other users

Explainability

  • Impact scores show calculation reasoning (ticket count, recency, priority, customer plan)
  • Readiness scores display coverage checklists with missing item suggestions
  • Related theme detection includes similarity scores and overlapping keyword explanations

Data Handling

  • CSV data is stored per upload in your account
  • You can delete uploads and all associated data at any time
  • We do not sell or share your data with third parties
  • Data is backed up with point-in-time recovery
  • Linear OAuth tokens are scoped to minimal required permissions

Security Questions?

Have questions about our security practices? We're happy to provide additional details.

Contact Security Team