Everything you need to know about Signal shoot
How Signal shoot protects your data and your users' data.
Transport Encryption
All traffic uses HTTPS/TLS. There is no way to send or receive data over an unencrypted connection.
API Key Security
API keys are hashed before storage and never stored in plain text. If a key is compromised, regenerate it from Settings — the old key is invalidated immediately.
Authentication
Dashboard access requires OAuth authentication. There are no passwords to leak or brute-force — authentication is handled entirely by your OAuth provider.
Data Isolation
Signal shoot does not provide an operator-facing interface for browsing feedback content or associated end-user data across customer accounts. Dashboard queries scope to the authenticated developer's app ID. Developer A cannot access Developer B's feedback, even by guessing feedback IDs. Internal access is limited to restricted operational needs described in the Privacy Policy.
Your Responsibilities
You are responsible for: obtaining appropriate consent to collect feedback from your end users (especially if it may contain personal information), keeping your API keys secure and regenerating them if compromised, using opaque user identifiers (e.g. UUIDs) rather than sequential IDs, and the content of feedback submitted through your app (Signal shoot stores it as-is without content filtering).