Trust & Boundaries at Regulatory Signals
A message from the Founder
We built Regulatory Signals to solve a painful, repetitive problem: bridging the gap between a website's technical reality (cookies, trackers, services) and the complex, ever-changing world of global compliance documentation. We are a software company, not a law firm. Our goal is to provide clarity and a strong starting point, not to replace your legal counsel. Transparency is our highest priority, and this page outlines exactly what we do and, more importantly, what we do not do.
What Regulatory Signals Is
Regulatory Signals is a technical analysis and documentation drafting tool designed for product managers, engineers, and operations teams.
- Technical Footprint Analysis: We scan your public-facing website to identify the technologies, cookies, trackers, and third-party services present.
- Informational Document Drafting: We use the technical data and your selected jurisdiction to generate draft Privacy Policies, Terms of Service, and other documents in a clean, editable format.
- Framework Alignment (Informational): We structure our document templates to align with the principles and requirements of major global frameworks (like GDPR, CCPA, and ISO-style policies; non-certifying and non-exhaustive) to give you a head start. This alignment is informational and does not guarantee compliance or certification.
What Regulatory Signals Is Not
It is critical to understand the limitations of our software. Regulatory Signals is not a substitute for qualified legal counsel.
- Not Legal Advice: We do not provide legal advice, opinions, or recommendations. Our output is informational only.
- Not a Compliance Guarantee: Using Regulatory Signals does not mean your website is compliant with any law or regulation. Compliance is a continuous, human process that rests solely with your organization.
- Not a Certification or Audit: We do not perform legal audits, nor do we certify your business against any standard (GDPR, HIPAA, ISO, etc.; does not establish compliance or readiness). We are a tool to assist your internal efforts.
- Not Regulator-Approved: No software tool can claim approval from any regulatory body.
How to Use Regulatory Signals Responsibly
To maximize the value of Regulatory Signals while managing your risk, we recommend the following process:
- Use as a Starting Point: Treat all generated documents as a first draft. They are designed to save you the initial 80% of the work.
- Consult Legal Counsel: Every document generated by Regulatory Signals MUST be reviewed, edited, and approved by a qualified attorney licensed in the relevant jurisdiction before being published or relied upon.
- Verify Technical Findings: Our scanner is highly accurate but not infallible. Always cross-reference our technical findings (especially PII collection forms and third-party trackers) with your internal knowledge.
- Understand the Indicator: Our Technical Health Indicator is a technical assessment based on best practices and documentation completeness. It is a metric for tool usage, not a legal judgment of your compliance status.
Data Handling & Privacy Posture
We are committed to the privacy principles we help you document.
- Data Minimization: We only collect the data necessary to provide our service: your email for account management, subscription details, and the technical scan results of the URLs you submit.
- Website Scanning: Our scanner performs non-invasive, public-facing analysis. We do not attempt to bypass security measures, access private user data on your site, or store the content of your website.
- Payment Security: All payment processing is handled securely by Stripe, a PCI-DSS compliant third-party (non-certifying for Regulatory Signals). We never store your credit card information.
- AI Processing: We use the Claude API (Anthropic) to assist in drafting documents. The technical scan data is sent to the AI to generate a tailored draft, but we ensure all prompts include strict instructions to maintain the informational-only boundary.
Limitations & Human Review Requirement
The legal landscape is defined by human interpretation, context, and jurisdiction. Software cannot replace this.
- Context is King: Our tool cannot know the intent behind your data collection, your internal security protocols, or the specific legal context of your business operations. These critical details must be added and verified by you and your legal team.
- Jurisdictional Nuance: While we offer templates aligned with many jurisdictions, the final legal interpretation and application of those laws are constantly evolving and require expert human review.
Who Regulatory Signals Is For / Not For
| Regulatory Signals Is For... | Regulatory Signals Is Not For... |
|---|---|
| Product Managers needing a first draft of a Privacy Policy | Anyone seeking a final, legally-binding document |
| Engineering teams wanting a technical inventory of trackers | Companies needing a full legal audit or certification |
| Small to mid-sized businesses with limited legal budgets | Replacing your in-house or external legal counsel |
| Teams that want to understand their technical data practices | Businesses looking for a "set it and forget it" compliance solution |
Regulatory Signals is a powerful tool for preparation, not a guarantee of protection. We encourage you to reach out to us with any questions about our boundaries and capabilities.