Q: Is there any vulnerability with the JavaScript snippet or API? 

A: No, the only network requests we make are to track page views and sessions for analytics. We don’t send any Personally identifiable information (PII) or any other data over the network.

Q: Does Signal Intent capture PII?

A: No, we do not capture or store any PII. The only data we record is anonymous
session and page view data (mentioned above).

Q: Is Signal Intent’s hosting secure?

A: Yes, the embed code comes from a single file hosted on a Heroku server with transport security via TLS/SSL and Automated Certificate Management, located in the United States region.

Q: Do you have TLS 1.0 or TLS 1.1 enabled?

A: No TLS 1.1 and TLS 1.1 are not enabled. We only have TLS 1.2 enabled, per PCI compliance best practices. If you curl our embed code server, you’ll see all of the
security and encryption details in the TLS handshake:

curl -vl https://embed.signalintent.com