What we collect, and what we never see.

In self-hosted deployments, agent activity, audit logs, model traffic, and signing keys never leave your environment. We do not receive your operational data. Siglify software runs in your cloud, on-premises, or air-gapped, and you hold the keys.

In Siglify Cloud, we process the data required to run governed agents on your behalf: agent definitions, policy bundles, and audit records. Signing keys are held in a managed KMS, outside the application. We do not sell data and we do not use your operational data to train models.

When you reach out or join the GA waitlist, we collect the work email and details you provide. We use them to contact you about Siglify. No newsletters, no resale — one email when we open up.

Audit logs are append-only and hash-chained by design. In hosted mode they replicate to immutable storage and can export to your SIEM. Because they are tamper-evident, entries are retained for the integrity of the chain rather than deleted on request; talk to us about retention windows for your deployment.

For access, correction, or deletion requests relating to account and contact data, email privacy@siglify.ai. Siglify is early and this policy will evolve as the product reaches GA.