SIGNAL Alliance was built from the ground up to never require personally identifiable information. Our one-way hashing architecture makes privacy protection a technical guarantee, not a promise.
Our anonymization model is based on a simple principle — if we never have the data, we can never leak it. Before any transaction data leaves a transmitter's environment, it is irreversibly hashed using SHA-256.
The original card number, customer name, or any PII cannot be reconstructed from the hash. This is a mathematical guarantee, not a policy commitment.
No personal data processed — hashed tokens are not personal data under GDPR Article 4. SIGNAL Alliance does not require a data processing agreement for token transmission.
Hashed tokens do not constitute "personal information" under the CCPA. Reviewed by privacy counsel across all 50 US states. No consumer disclosure requirements triggered.
No card data transmitted — transmitters maintain their own PCI scope. SIGNAL Alliance participation does not expand your PCI environment. Verify with your QSA.
Whether you're a retailer or a biller, SIGNAL Alliance has a path for you.
Contact Us