Privacy Policy

Effective Date: April 6, 2026

SGNLS LLC (“we,” “us,” or “our”) operates SGNLS^ and is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, with whom we share it, and your rights. By using SGNLS^, you consent to the practices described here.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: name, email address, password (stored as a hashed credential)
  • Reddit username, if you sign in with Reddit OAuth — used only for authentication
  • Display name: a name you choose for commenting within the app (separate from your real name)
  • Category interests: your selected signal categories (stocks, crypto, macro, etc.)
  • Notification preferences: preferred morning brief delivery time
  • Referral source: how you found SGNLS^ (Reddit, Invite, Organic, Direct) — optional
  • Feedback and support messages: content you submit via the feedback form or support chat
  • Comments: text you post on signal cards within the app

1.2 Information Collected Automatically

  • Subscription and billing status: plan type, trial status, renewal dates — managed via Stripe
  • Signal engagement: signals you view, like, bookmark, share, or comment on
  • Push notification token: a device token generated by Firebase Cloud Messaging when you grant push notification permission
  • Invite code usage: which invite code you used at sign-up, if any
  • Session data: authentication tokens managed by Supabase
  • App activity logs: signal delivery events, brief open events — used for service improvement

1.3 Information We Do Not Collect

  • We do not collect your full Reddit account data, post history, or private messages
  • We do not store the Reddit usernames of other Reddit users whose posts appear in signals
  • We do not use tracking pixels, third-party advertising cookies, or behavioral advertising SDKs
  • We do not collect payment card details — all payment data is handled directly by Stripe and never passes through our servers

2. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Deliver morning brief emails and push notifications personalized to your selected categories
  • Process subscription payments and billing communications via Stripe
  • Send transactional emails — receipts, trial expiration reminders, support responses — via Resend
  • Moderate comments using AI-assisted review to maintain a constructive community
  • Provide AI-powered in-app support to answer your questions about the service
  • Track acquisition sources at an aggregate level to understand which channels bring new subscribers
  • Analyze engagement patterns to improve signal quality and delivery
  • Comply with legal obligations and enforce our Terms of Service

3. Third-Party Services

We work with a limited set of trusted service providers who process your data on our behalf:

Supabase — Database and authentication. Stores your account data, subscription status, signal engagement, and comments. Supabase is GDPR-compliant and uses end-to-end encryption for data in transit and at rest.

Stripe — Payment processing. Handles all billing, subscription management, and invoices. Stripe is PCI-DSS Level 1 certified. We share your email address and name with Stripe to create your billing record. We never see or store your full card number.

Resend — Transactional email. Sends your morning brief emails, receipts, and support escalations. We share your email address and first name with Resend for delivery purposes.

Firebase Cloud Messaging (Google) — Push notifications. Your device push token is passed to Firebase to deliver morning brief push notifications. We do not share any other personal information with Firebase for push delivery.

Reddit API — Signal data. We use the Reddit API to fetch publicly posted content from investing communities. We do not share your personal information with Reddit via our pipeline.

Anthropic — AI signal synthesis and support chat. Content from Reddit posts is sent to Anthropic's Claude API for synthesis into signal briefs. Your support chat messages are also processed by Claude. We do not send your name, email, or account details to Anthropic as part of these requests.

Vercel — Hosting and serverless functions. All application code runs on Vercel's infrastructure. Vercel may process request logs that include IP addresses and user agent strings, subject to Vercel's privacy policy.

4. Cookies and Local Storage

SGNLS^ uses a minimal set of storage mechanisms:

  • Authentication cookies: managed by Supabase to maintain your logged-in session. These are strictly functional — the service does not work without them.
  • Stripe cookies: set by Stripe's payment interface on the payment screen. These are functional and used for fraud prevention.
  • Local storage: used client-side to remember dismissed tips and UI state. This data never leaves your device.

We do not use advertising cookies, cross-site tracking cookies, or analytics pixels. We do not partner with any advertising networks.

5. Data Retention

  • Account data is retained for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal, tax, or compliance obligations.
  • Billing records (invoices, transaction history) are retained for 7 years as required by applicable tax law.
  • Signal engagement data (likes, bookmarks, shares) is retained for up to 2 years in aggregated form after account deletion.
  • Support chat logs are retained for 90 days to allow follow-up on unresolved issues, then deleted.
  • Comments: if you delete a comment, it is removed from public view immediately. Copies may remain in our moderation logs for up to 90 days.

6. Your Rights and Choices

6.1 Access and Correction

You can view and update your account information, categories, and notification preferences at any time in Account Settings within the app.

6.2 Data Export

You may request a copy of your personal data by emailing privacy@sgnls.co. We will respond within 30 days.

6.3 Deletion

You may request deletion of your account and associated personal data by emailing privacy@sgnls.co or through the cancellation flow in the app. We will process deletion requests within 30 days, subject to our retention obligations described in Section 5.

6.4 Opt-Out of Marketing Communications

We do not send marketing emails outside of the morning brief, which is a core feature of the service you subscribed to. You can manage brief frequency and notification preferences in Account Settings. To unsubscribe from all emails, use the unsubscribe link in any email or contact privacy@sgnls.co.

6.5 Push Notifications

You can revoke push notification permission at any time in your device settings or in Account Settings within the app.

7. Children's Privacy

SGNLS^ is not directed at or intended for children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from a minor, please contact us at privacy@sgnls.co and we will delete it promptly.

8. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit
  • Encrypted storage of sensitive fields at rest via Supabase
  • Server-side proxy for all AI API calls — API keys are never exposed to the client
  • Role-based access controls — admin access restricted to verified accounts only
  • Stripe handling all payment data — card details never touch our servers

No method of transmission over the internet is 100% secure. While we take these measures seriously, we cannot guarantee absolute security.

9. International Users

SGNLS^ is operated from the United States. If you are accessing the service from outside the US, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer. We make reasonable efforts to ensure data transfers comply with applicable laws.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete your personal information
  • The right to opt out of the sale of your personal information

We do not sell your personal information to third parties. To exercise your rights, contact us at privacy@sgnls.co. We will respond within 45 days as required by law.

11. Florida Privacy

Florida residents may have additional rights under the Florida Digital Bill of Rights (FDBR) effective July 1, 2024. To submit a request to exercise any applicable rights, contact privacy@sgnls.co.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notification at least 14 days before changes take effect. Continued use of SGNLS^ after that date constitutes acceptance. You can review the current version at any time at sgnls.co/privacy.

13. Contact

For any privacy-related questions, requests, or concerns, contact us at: privacy@sgnls.co