1. Information We Collect

We collect the following categories of information:

1.1 Account Information

• Email address, display name, and profile picture
• Authentication credentials (stored securely via Supabase Auth — passwords are hashed and never stored in plain text)
• Account creation date and last active date

1.2 Portfolio Data

• Asset names, tickers, quantities, and purchase prices you manually enter
• Brokerage account holdings imported via Plaid (read-only)
• Crypto wallet addresses and associated token balances
• Polymarket prediction market positions
• Portfolio account names and structures

1.3 Payment and Subscription Data

• Subscription plan type (free, monthly, or annual) and status
• Billing start and end dates
• Stripe Customer ID and Subscription ID (references only — actual payment card data is handled exclusively by Stripe and never stored on our servers)
• Payment history and transaction records for your subscription

1.4 Usage Data

• Features you use, alerts you create, and community activity
• AI Insight requests and interaction patterns
• App preferences and settings

1.5 Device and Technical Data

• Device type and operating system (for push notification delivery)
• Push notification tokens (via OneSignal, for users who enable notifications)
• Basic analytics on app performance and errors

2. How We Use Your Information

We use your information to:

• Provide, operate, and improve the Service
• Process your subscription payments and manage billing
• Generate AI-powered portfolio insights tailored to your holdings
• Deliver price alerts and push notifications you have opted into
• Send weekly digest emails for Pro subscribers
• Detect, investigate, and prevent fraud, abuse, and unauthorized access
• Respond to your support requests
• Comply with applicable legal obligations

We do not use your data for advertising. We do not sell your personal information to any third party for marketing purposes.

3. Payment Processing

All payment processing is handled by Stripe, Inc., a PCI-DSS compliant payment processor. When you subscribe to SIGNALS HQ Pro:

• Your payment card details are collected and stored directly by Stripe — we never see, handle, or store your full card number, CVV, or banking credentials
• We receive a Stripe Customer ID and Subscription ID which we use to manage your subscription status
• Stripe's privacy policy governs how your payment data is handled: stripe.com/privacy
• For billing disputes or payment issues, contact us at signalssupport@gmail.com

4. Data Storage and Security

Your data is stored using Supabase (hosted on AWS infrastructure) with the following protections in place:

• Row-Level Security (RLS) policies ensure only you can access your own data
• All data is encrypted in transit using TLS 1.2 or higher
• Data at rest is encrypted using AES-256
• Authentication uses industry-standard JWT tokens with secure refresh handling
• We perform regular security reviews and promptly address vulnerabilities

While we implement strong security measures, no system is 100% secure. In the unlikely event of a data breach that affects your personal information, we will notify you as required by applicable law.

5. Third-Party Services

We share data with the following third-party service providers only as necessary to operate the Service:

• Supabase — database, authentication, and file storage (Privacy Policy)
• Stripe — payment processing and subscription management (Privacy Policy)
• Anthropic — AI insight generation (your portfolio context is sent to generate insights; data is not used for AI training) (Privacy Policy)
• Plaid — read-only brokerage connection (optional) (Privacy Policy)
• OneSignal — push notification delivery (Privacy Policy)
• Resend — transactional email delivery for weekly digests
• Polygon.io / CoinGecko / DexScreener — market price data (no personal data shared)
• Vercel — application hosting and deployment

We do not share your data with any other third parties without your explicit consent, except as required by law.

6. Data Sharing and Disclosure

We will not sell, rent, or trade your personal information. We may disclose your information only in the following circumstances:

• To the third-party providers listed above as necessary to operate the Service
• If required by law, court order, or governmental authority
• To protect the rights, safety, or property of SIGNALS HQ, our users, or the public
• In connection with a merger, acquisition, or sale of assets (you will be notified)

7. Community Features

If you post in the Community section of the App, your display name, post content, and any asset data you choose to include in shared Signal Cards are visible to other users. Do not post personal financial information you wish to keep private. Community posts may be shared externally via the share feature.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request permanent deletion of your account and data
• Portability: Request your data in a portable format
• Opt-out: Opt out of non-essential communications at any time
• Restriction: Request restriction of certain data processing

To exercise any of these rights, delete your account in-app (Profile → Delete Account) or contact us at signalssupport@gmail.com. We will respond within 30 days.

9. California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete your personal information
• The right to opt out of the sale of your personal information
• The right to non-discrimination for exercising your CCPA rights

We do not sell your personal information. To submit a CCPA request, contact signalssupport@gmail.com with "CCPA Request" in the subject line.

10. European Users (GDPR)

If you are located in the European Economic Area (EEA), our legal bases for processing your personal data are:

• Contract performance: Processing necessary to provide the Service and fulfill your subscription
• Legitimate interests: Fraud prevention, security, and service improvement
• Legal obligation: Compliance with applicable laws
• Consent: For marketing communications and optional features

To exercise your GDPR rights or lodge a complaint, contact signalssupport@gmail.com.

11. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion:

• Your portfolio data, alerts, and community posts are permanently deleted immediately
• Your email address and account record are deleted within 30 days
• Subscription billing records may be retained for up to 7 years as required by financial regulations
• Anonymized usage analytics may be retained indefinitely

Note: Deleting your account does not automatically cancel an active subscription. Cancel your subscription separately to avoid future charges.

12. Children's Privacy

SIGNALS HQ is not directed at or intended for children under 18 years of age. We do not knowingly collect personal information from minors. If you believe a child under 18 has provided us with personal information, contact us immediately at signalssupport@gmail.com and we will delete it promptly.

13. Push Notifications and Email Communications

Push Notifications: If you enable push notifications, we use OneSignal to deliver alerts. You can disable push notifications at any time through your device settings.

Weekly Digest: Pro subscribers receive a weekly portfolio digest email every Sunday. You can unsubscribe at any time through Profile → Settings → Email Notifications or by clicking "Unsubscribe" in any digest email.

Transactional Emails: We may send you emails related to your account or subscription (receipts, security notices, etc.) which are necessary to provide the Service and cannot be opted out of.

14. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify you via email or in-app notification at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions, data requests, billing privacy concerns, or to exercise your rights:

signalssupport@gmail.com
Please include "Privacy Request" in the subject line. We respond within 30 days.