Purple Signals · Horizon37

Privacy notice

Pilot version · June 2026

The short version: your survey answers are anonymous and unlinkable. They are stored without your name, email, user ID, the question asked, or a timestamp. No one — your employer, Horizon37, or anyone with full database access — can connect an answer to a person. This is enforced by the data architecture, not by policy.

Things that are not possible — by design

  • We cannot retrieve your past survey responses for you — there is no link by which to find them.
  • We cannot delete your past responses on request — same reason. Once submitted, they are no longer personal data; they exist only as anonymous scores inside team averages.
  • We cannot identify a respondent from a response, and neither can your employer.
  • Aggregate scores never display for a survey cycle below the response threshold (the higher of 50% of those invited, or 3 responses). Individual question scores are never shown to anyone.

What we store about you

Account data (linked to you): name, work email, role, company, and sign-in records. Your company admin manages this; it exists so you can log in and be invited to surveys.

Participation flags (linked to you): whether you completed a given survey cycle — used for the “12 of 18 responded” counter and reminders. This says nothing about what you answered.

Survey answers (not linked to you): each answer is stored as a score against a leadership component and a cycle only. No user, no question, no time. Answers are kept as raw anonymous rows for 12 months, then collapsed into cycle-level aggregates.

Written answers (not linked to you): some surveys include optional free-text questions. These are stored exactly like scores — against a component and a cycle only, with no user, question, or time — and are reviewed solely by Purple Signals to evaluate leadership health. Your leaders and colleagues never see them. Like scores, they cannot be retrieved or deleted once submitted. Because the text itself is whatever you type, please don't include details that could identify you.

Who processes data (subprocessors)

  • Vercel — application hosting (EU region).
  • Resend — transactional email (magic-link sign-in).
  • Horizon37's own PostgreSQL database — self-hosted on an EU-located server; not a third-party cloud database.

Your rights & contact

To access, correct, or delete your account data (the identified data above), contact your company admin or email privacy@purplesignals.io. Deleting your account erases your identity and sign-in; your past anonymous answers remain inside team aggregates, where they cannot be found or attributed.

Consent: before each survey you confirm a consent line stating your answers are stored anonymously and combined into team-level scores, and that any written answers are reviewed anonymously by Purple Signals only.