Privacy Policy
Effective date: [EFFECTIVE_DATE]
This Privacy Policy explains how [LEGAL_ENTITY_NAME] ("Signul", "we", "us") collects, uses, and discloses information through the Signul service (the "Service").
1. Who we are
Signul is operated by [LEGAL_ENTITY_NAME], [BUSINESS_ADDRESS]. For the purposes of GDPR, we act as the data controller for your account information, and as described in Section 5, in a limited role with respect to third-party business signal data.
2. Information we collect from you
- Account information: your email address, a hashed password (managed by our authentication provider), company name, and terms-acceptance timestamp.
- Watchlist configuration: industries, geographies, ideal-customer-profile description, selected/custom signal definitions, recipient email addresses, and run cadence you configure.
- Billing information: if you subscribe, our payment processor (Stripe) collects your payment details directly; we store only your Stripe customer ID, subscription ID, plan, and subscription status. We never see or store your full card number.
- Usage information: free-run counters, run history, and detection results generated for your account.
3. Information about third parties surfaced by the Service
The Service searches the public web and may return publicly available information about named individuals at other companies (for example, a news article reporting an executive hire). This information:
- Is drawn only from sources already public on the web at the time of search;
- Is not purchased or licensed from a data broker or contact-enrichment vendor;
- Is not independently verified or supplemented by us beyond what the public source states.
We do not have a direct relationship with these individuals and do not provide them a mechanism to access or delete data through us directly (the underlying public source remains outside our control). If you are an individual who believes information about you was surfaced by the Service and wish to raise a concern, contact us at [CONTACT_EMAIL] and we will investigate and remove the specific detection from our systems where appropriate.
Customers of Signul are independently responsible, as a data controller in their own right, for how they use this information, including compliance with CASL, GDPR, PIPEDA, and Québec Law 25 for any outreach they conduct.
4. How we use information
We use account and watchlist information to: operate and provide the Service; run scheduled and manual detection jobs; send you digest emails; process billing; provide customer support; and improve the Service. We do not sell your personal information.
5. Service providers (subprocessors)
We use the following subprocessors to operate the Service. Each processes data only as necessary to provide their respective function:
| Provider | Purpose |
|---|---|
| Supabase | Database, authentication, hosting of application data |
| Vercel | Application hosting |
| Anthropic (Claude) | AI-based extraction/analysis of search results to identify signals |
| Tavily | Web search and content retrieval |
| Resend | Transactional/digest email delivery |
| Stripe | Payment processing and subscription billing |
We do not control these providers' own data practices beyond our instructions to them; each maintains its own privacy policy and security program.
6. Data retention
We retain account and watchlist data for as long as your account is active. Detection history is retained to support deduplication (avoiding re-reporting the same signal within a lookback window) and your own historical review. You may request deletion of your account and associated data at any time by contacting [CONTACT_EMAIL]; we will delete it within a reasonable period except where retention is required by law (e.g. billing records).
7. Cookies
We use strictly necessary cookies to maintain your authenticated session (via Supabase). We do not use advertising or cross-site tracking cookies.
8. Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal information, and to object to or restrict certain processing. To exercise these rights, contact [CONTACT_EMAIL]. Québec and EU residents may also have the right to lodge a complaint with their applicable data protection authority.
9. International data transfers
Our subprocessors may store or process data outside your country of residence, including in the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for such transfers.
10. Children's privacy
The Service is not directed to individuals under 18, and we do not knowingly collect information from them.
11. Security
We use commercially reasonable technical and organizational measures to protect your information, including row-level security on our database and encrypted transport. No method of transmission or storage is 100% secure.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice.
13. Contact
Questions about this Privacy Policy or your data: [CONTACT_EMAIL]