Privacy Policy

The Social Signals ("we", "us") operates an information service for retail investors. This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and what choices you have. By using the Service you consent to the practices described here.

We collect a minimal set of personal information:

• Account information. Email address, display name (if provided), authentication credentials.
• Payment information. Last 4 digits of your card, billing zip code, billing address. Full card details are entered directly with our payment processor (Stripe) and are never stored on our servers.
• Usage data. Pages viewed, features used, IP address, browser user-agent, timestamps, referrer. Used for product improvement and abuse prevention.
• Communications. Email sent to support or marketing channels, including the content and timestamps of messages.
• Cookies and similar technologies. See Section 6.

We do not collect financial brokerage account details. We do not collect government-issued identification. We do not process biometric or health data.

We use personal information to: (a) provide, maintain, and improve the Service; (b) authenticate your account; (c) process subscription payments; (d) send transactional email (account verification, billing receipts, security notices, terms updates); (e) respond to support requests; (f) detect and prevent fraud, abuse, and violations of the Terms of Service; (g) comply with legal obligations.

We send marketing email only to subscribers who have opted in, and you can unsubscribe at any time via the link in any marketing message.

We share personal information with the following categories of third parties, only to the extent necessary to operate the Service:

• Stripe — payment processing. Stripe receives payment-card details directly via their secure form; we never see or store the full card number.
• Vercel — application hosting and edge delivery. Receives request logs, IP addresses, and user-agent strings as part of normal request routing.
• Supabase — managed database and authentication. Stores account records, subscription metadata, and usage logs.
• Email providers — transactional and marketing email delivery. Receive your email address and the message content.
• Analytics providers — aggregate usage metrics (no individual-user profiling for targeted advertising).

We do not sell your personal information. We do not share it with data brokers. We do not allow any of the above providers to use your information for their own marketing purposes.

We may disclose information if required by valid legal process (subpoena, court order, government request that meets the relevant legal standard) or to protect the Company's or users' rights, property, or safety.

We retain account and subscription data for as long as your account is active and for a reasonable period thereafter to comply with legal obligations (typically up to 7 years for billing records). Usage logs are retained for up to 12 months. You may request deletion of your account at any time (see Section 7).

We use a small number of essential cookies for: (a) keeping you signed in; (b) preventing CSRF attacks; (c) remembering UI preferences such as the active tab or sort order. We do not use third-party advertising cookies. We do not use cross-site tracking pixels.

Depending on where you live, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated personal information.
• Export your information in a portable format.
• Object to certain processing.
• Lodge a complaint with a data-protection authority in your jurisdiction.

To exercise any of these rights, email contact@thesocialsignals.co. We respond within 30 days.

We use industry-standard security practices including TLS for all traffic in transit, encryption at rest for the database, hashed and salted passwords, and access controls limiting employee access to user data. No system is perfectly secure; in the event of a breach affecting your personal information, we will notify affected users and applicable regulators in accordance with applicable law.

The Service is intended for users 18 years of age or older. We do not knowingly collect personal information from children under 18. If we learn we have collected such information, we will delete it.

We operate from the United States. If you access the Service from outside the United States, you consent to the transfer and processing of your personal information in the United States, which may have data-protection laws that differ from those in your country.

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Effective" date. For material changes (e.g., new categories of data collected or new third-party recipients), we will notify active subscribers by email at least 30 days before the change takes effect.

Questions about your privacy? Email contact@thesocialsignals.co.