Log inStart free trial

Legal

Informational only

SigIndex compliance signals are informational only and do not constitute a Phase I Environmental Site Assessment (as defined by ASTM E1527), legal advice, or a regulatory determination. SigIndex aggregates public US EPA ECHO data and is not affiliated with the EPA.

Privacy Policy

Preliminary · last revised June 2026

This preliminary summary describes the personal data SigIndex handles while we finalize a full Privacy Policy ahead of general availability. SigIndex is a developer tool, not a consumer product — we collect what we need to run your account and bill it, and little else.

What we collect

  • Account — the email address (and name, if your identity provider supplies one) used to sign in, managed through our authentication provider.
  • API usage — per-call logs (endpoint, timestamp, response status, your API key) used for billing, rate limiting, and abuse prevention.
  • Billing — handled by Stripe. Card details go directly to Stripe; SigIndex never sees or stores full card numbers.

What we don’t do

We don’t sell your data, and we don’t use your queries or usage to build a profile for advertising. The facility records SigIndex serves are public EPA data and are not personal data about you.

Subprocessors

We rely on a small set of infrastructure providers to operate the service: Supabase (authentication and database), Stripe (payments), Vercel (frontend hosting), and Railway (API and background jobs). Each processes data only as needed to provide its part of the service.

Sessions & cookies

We use first-party cookies only to keep you signed in. We don’t use third-party advertising or cross-site tracking cookies.

Your choices

You can request access to, export of, or deletion of your account data by emailing us. Deleting your account removes your profile and API keys; anonymized aggregate usage counts may be retained for billing records.

Contact

Privacy questions or data requests: privacy@sigindex.com.