# The Compliance Engine Navigating the labyrinth of global privacy laws is one of the most significant burdens for modern developers. The General Data Protection Regulation in Europe, the California Consumer Privacy Act in the United States, and the PECR in the UK have transformed analytics from a marketing task into a legal hazard. Signet transforms this hazard into a solved problem. #### Exemption via Architecture The primary trigger for GDPR and CCPA regulation is the processing of personal data. Because Signet does not collect IP addresses, device identifiers, or tracking cookies, the data we process falls outside the scope of PII. This allows Signet to operate under the legal basis of Legitimate Interest rather than User Consent. Consequently, websites using Signet are not required to display intrusive cookie consent banners or complex opt-out modals. This is not a legal loophole; it is the intended reward for building privacy-preserving technology. By treating your users with respect, you are exempted from the regulations designed to punish those who do not. #### GDPR and Schrems II For our European customers, data sovereignty is critical. The invalidation of the Privacy Shield framework by the Schrems II ruling made it legally risky to transfer European user data to US servers. Signet addresses this by ensuring that our data collection methodology renders the data anonymous before it ever hits a disk. Since anonymous data is not personal data, it does not require the same complex transfer mechanisms as legacy tracking data. Furthermore, we offer EU-domiciled data storage options for enterprise clients who require strict data residency guarantees. #### CCPA and VCDPA Alignment In the United States, the focus is often on the sale of data. The CCPA gives consumers the right to opt out of having their personal information sold. Signet automates compliance here by simply never selling data. We are a software provider, not a data broker. Your analytics data belongs to you alone. We do not aggregate it across customers to build shadow profiles, nor do we feed it into advertising exchanges. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.signtoken.vip/5.-security-and-compliance/the-compliance-engine.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.