Privacy Policy

Effective Date: 24 July, 2025
Last Updated: 31 July, 2025

1. Introduction and Scope

This Privacy Policy describes how SignalWraith LLC ("Company," "we," "us," or "our") collects, uses, processes, and protects personal information when you use Signalwraith (the "Service"), our statistical sentiment analysis service.

We are committed to data minimization and transparency. Our business model collects only essential information needed to provide our Service while maintaining the highest standards of data protection and user privacy.

This Policy applies to all users of our website (www.signalwraith.com), Service subscribers, and visitors to our platform.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration Information:

Email address (required for account creation, authentication, and all communications)
Account password (encrypted and hashed by Supabase)
Account creation date and last login timestamps
Communication and notification preferences

Subscription and Payment Information:

Payment processor references (Stripe customer IDs, PayPal order IDs for transaction tracking)
Transaction records including dates, amounts paid, credits purchased, and payment status
Subscription details including plan type, billing cycle dates, and subscription status
Discount codes used and promotional pricing applied to purchases
Payment method types (credit card, PayPal) but not the actual payment details

Platform Usage Data:

Credit consumption records including dates and reasons for credit usage
Login activity and session information for security purposes
Platform feature usage (which tools and pages you access)

Customer Support Communications:

Support ticket messages and email correspondence with our team
Feedback and survey responses (when voluntarily provided)
Account-related inquiries and technical assistance requests

2.2 Technical Information (Essential Functions Only)

Essential Technical Data:

Session management and authentication cookies (required for login)
Security tokens and CSRF protection (required for platform security)
User interface preferences and saved chart configurations
Error logging for technical support (no personal identification)

External Data Processing:

We do NOT collect user behavioral analytics, website usage statistics, or tracking data. Our platform processes external financial data only:

Yahoo Finance API: Real-time and historical market data for analysis
Public forum content: Processed externally for sentiment analysis (not linked to user accounts)
Financial indicators: External market data for trading signal generation

2.3 Data Sources and Processing

External Financial Data Processing:

Your personal account information is completely separate from the financial data we process. We analyze external market data to provide trading signals:

Yahoo Finance: Public market data, prices, and historical performance
Public forum content: Processed through third-party sentiment analysis (not collected by us)
Statistical models: Applied to external market data, not user behavior
Trading signals: Generated from external data correlation, not user tracking

No User Behavioral Tracking:

We do NOT collect, store, or analyze:

Website usage patterns or user behavior analytics
Tracking cookies or behavioral data
User activity correlation or profiling data
Third-party analytics or advertising pixels

3. Legal Basis for Processing Your Information

Under the General Data Protection Regulation (GDPR), we must have a legal basis for processing your personal information. Below are the legal bases we rely on:

3.1 Contract (Article 6(1)(b) GDPR)

We process the following information to fulfill our contract with you:

Account Registration Information: Required to create and maintain your account
Authentication Data: Necessary to provide secure access to our services
Subscription Management: Processing payments and managing your service access
Platform Usage Tracking: Monitoring your credit usage and subscription status
Service Delivery: Providing the statistical sentiment analysis features you've subscribed to

3.2 Legitimate Interest (Article 6(1)(f) GDPR)

We rely on legitimate interest for:

Essential Cookies: Session management, security, and basic functionality
Security Monitoring: Detecting and preventing unauthorized access and fraud
External Data Processing: Analyzing public financial data to provide trading signals
Business Operations: Maintaining records for tax, legal, and accounting purposes
Customer Support: Providing technical assistance and resolving service issues

Our legitimate interests are balanced against your rights and freedoms, and you can object to this processing.

3.3 Consent (Article 6(1)(a) GDPR)

We ask for your explicit consent for:

Marketing Communications: Sending promotional emails and newsletters (optional)

You can withdraw your consent at any time through your account settings. We do not use tracking cookies or behavioral analytics that would require consent.

3.4 Legal Obligation (Article 6(1)(c) GDPR)

We process information to comply with legal requirements:

Tax Records: Maintaining transaction records for tax reporting
Regulatory Compliance: Meeting financial services and data protection obligations
Law Enforcement: Responding to valid legal requests from authorities
Audit Requirements: Keeping records as required by business regulations

3.5 Consent Management

Consent is only required for optional marketing communications:

Marketing Emails: Choose whether to receive promotional emails and newsletters
Easy Withdrawal: Unsubscribe at any time through email links or account settings
No Impact: Withdrawing marketing consent does not affect your ability to use our services
No Tracking: We do not use behavioral tracking that would require additional consent

4. How We Use Your Information

4.1 Account and Subscription Management

Core Service Operations:

Creating and maintaining your Signalwraith account
Processing authentication and secure access to the platform
Managing subscription plans, billing cycles, and payment processing
Tracking credit balances and usage for account access
Providing customer support and technical assistance
Delivering platform updates and security notifications
Daily Session Management: Terminating user sessions at end of each day for enhanced security

Payment and Billing:

Processing subscription payments through Stripe and PayPal
Managing credit purchases and account balance tracking
Generating transaction records and billing history
Processing refunds and payment-related inquiries
Coordinating with payment processors for subscription management

4.2 Platform Access and Communications

Current Platform Features:

Signal Research Tools (/signals/): Interactive exploration of statistical patterns across our dataset
Weekly Pattern Analysis (/signals/weekly-plan): Automated generation of top-performing statistical configurations
Convergence Analysis (/signals/convergence): Symbol-specific multi-timeframe pattern detection
Visualization Platform (/visualize): Comprehensive correlation analysis and chart comparison tools
Session Management: Chart favorites, saved configurations, and research session continuity
Account Dashboard: Credit management, subscription options, and privacy controls

Platform Access Management:

User Capacity Controls: Platform maintains optimal performance through concurrent user limits
Subscriber Priority: Active subscribers receive priority access during high-demand periods
Daily Session Security: Automatic session termination for enhanced account protection
Essential Functionality: All core features accessible without consent requirements (no analytics blocking)

Required Communications:

Account confirmations
Password resets
Billing notifications
Service updates
Security alerts
Customer support responses
Legal notices

Optional Communications:

Educational content about market analysis (with consent)
Platform feature announcements
User surveys (voluntary participation)

4.3 Legal Compliance and Protection

Regulatory Compliance:

Complying with applicable financial regulations and anti-fraud requirements
Maintaining records for tax reporting and business compliance purposes
Responding to valid legal process, court orders, and regulatory requests
Protecting our intellectual property rights and trade secrets

Business Protection:

Enforcing our Terms of Service and preventing unauthorized use
Investigating potential violations of our policies or applicable laws
Protecting the security and integrity of our Service and algorithms
Resolving disputes and defending against legal claims

5. Information Sharing and Disclosure

5.1 We Do Not Sell Personal Information

We do not sell, rent, lease, or trade your personal information to third parties for marketing or commercial purposes.

5.2 Authorized Service Providers

Technical Infrastructure Partners:

Vercel (Web Hosting): Website hosting, content delivery, and application deployment
Database Providers: Secure data storage and backup services with encryption at rest
Analytics Platforms: Service performance monitoring and user experience optimization (data anonymized)

Payment and Financial Services:

Stripe/PayPal: Payment processing, subscription management, and fraud prevention
Billing Platforms: Invoice generation, dunning management, and payment reconciliation
Tax Services: Sales tax calculation and compliance reporting where required

Customer Support Tools:

Email Services: Transactional and marketing email delivery with privacy protections

All service providers are bound by strict data processing agreements that require:

Processing data only for specified purposes
Implementing appropriate security measures
Prohibiting use of your data for their own purposes
Deleting or returning data upon contract termination

5.3 Legal Requirements and Protection

We may disclose personal information when required by law or necessary to:

Comply with valid legal process
Respond to government requests
Protect our legal rights including intellectual property protection
Prevent fraud or illegal activity
Protect user safety and service security
Defend against legal claims or investigate potential violations

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction. We will:

Provide advance notice of any ownership change affecting privacy practices
Ensure the acquiring entity will be bound by the privacy commitments made in this Policy
Provide users with the option to delete their accounts before any transfer

6. Data Security and Protection

5.1 Technical Safeguards

Data Encryption:

Data in transit: All communications use TLS 1.3 encryption or higher
Data at rest: Database encryption using industry-standard AES-256 encryption
Payment data: PCI DSS compliant processing with tokenization and encryption
Password security: Bcrypt hashing with salt for all user credentials

Access Controls:

Role-based access controls limiting employee access to necessary data only
Regular access reviews and automated session management
API security with rate limiting and authentication token management
Daily Session Expiry: Enhanced security through automatic session termination each day

Infrastructure Security:

Next.js 15 Application Framework: Modern web application with optimized security features
Supabase Backend: PostgreSQL database with real-time capabilities and Row Level Security (RLS)
Redis Caching: High-performance data caching with secure access controls
Blob Storage: Versioned data storage with encryption and access logging
Secure hosting environment with regular security updates and patches
Network security including firewalls and intrusion detection systems
Backup and recovery procedures with encrypted, geographically distributed backups
Incident response plan for security breaches or unauthorized access

5.2 Operational Safeguards

Employee Training and Access:

Privacy and security training for all employees with access to user data
Background checks for employees in security-sensitive positions
Confidentiality agreements requiring protection of user information
Principle of least privilege limiting data access to job requirements only

Data Handling Procedures:

Data minimization practices collecting only necessary information
Regular data audits and cleanup of outdated or unnecessary information
Secure development practices including code reviews and security testing
Vendor due diligence ensuring service providers meet our security standards

5.3 Security Incident Response

While we implement comprehensive security measures, no system is 100% secure. In the event of a data breach affecting personal information, we will:

Promptly investigate the scope and cause of the incident
Notify affected users within 72 hours when feasible and legally required
Provide detailed information about what information was involved and our response actions
Offer appropriate remediation including credit monitoring when warranted

7. Your Privacy Rights and Choices

7.1 Account Management Rights

Access and Portability:

View and download your account information and usage history
Export your data in common, machine-readable formats (CSV, JSON)
Access billing history and transaction records
Review communication preferences and privacy settings

Correction and Updates:

Update account information including email address and preferences
Correct inaccurate data through your account settings or by contacting support
Modify subscription plans and billing information as needed
Change communication preferences for marketing and optional notifications

Account Deletion:

Delete your account and associated personal information through account settings
Request expedited deletion by contacting our privacy team
Understand retention requirements for legal and business compliance
Receive confirmation when deletion is completed

7.2 Communication Preferences

Marketing Communications:

Opt-out of marketing emails using unsubscribe links in any promotional message
Manage email preferences through your account settings
Choose specific types of communications you want to receive
Update frequency preferences for newsletters and educational content

Required Communications:

Transactional emails (billing, security, account status) cannot be opted out while maintaining an active account
Legal notices and Terms of Service updates must be delivered to comply with legal requirements
Security alerts are mandatory for account protection purposes

7.3 Privacy Rights by Jurisdiction

For California Residents (CCPA/CPRA Rights):

Right to know what personal information we collect, use, and share
Right to delete personal information (subject to legal exceptions)
Right to correct inaccurate personal information
Right to opt-out of sale (we don't sell information)
Right to non-discrimination for exercising your privacy rights
Right to limit sensitive personal information use

For European Residents (GDPR Rights):

Right of access to your personal data and processing information
Right to rectification of inaccurate or incomplete data
Right to erasure ("right to be forgotten") with legal exceptions
Right to restrict processing in specific circumstances
Right to data portability in structured, commonly-used formats
Right to object to processing based on legitimate interests
Right to withdraw consent where processing is based on consent

8. Data Retention and Deletion

8.1 Retention Periods by Data Type

Account and Profile Information:

Active accounts: Retained while account remains active
Cancelled accounts: Deleted within 30 days unless legal retention required
Contact information: Retained for 2 years after account closure for customer service purposes

Subscription and Payment Data:

Billing records: Retained for 7 years for tax compliance and dispute resolution
Payment method information: Tokenized data deleted within 90 days of subscription cancellation
Transaction history: Retained for 7 years for financial and legal compliance

Usage and Analytics Data:

Individual usage patterns: Anonymized after 2 years and retained for service improvement
Platform performance data: Retained for 3 years for optimization and security purposes
Support communications: Retained for 3 years for customer service quality and training
Anonymous technical analytics: Retained indefinitely for platform optimization (not linked to user accounts)

Forum and Statistical Analysis Data:

Processed forum content: Anonymized data retained for continuous algorithm improvement
Statistical correlation databases: Retained indefinitely as core business intellectual property
Algorithmic performance metrics: Retained indefinitely for service enhancement and accuracy
User analysis sessions: Chart configurations and favorites retained while account active

8.2 Automated Inactive Account Cleanup

Inactive Account Identification:

Accounts with no login activity for 90+ consecutive days and no active subscription are automatically flagged for deletion
Active subscribers are exempt from inactivity-based deletion regardless of login frequency
Admin accounts are protected from automated deletion processes
Recent account activity of any type resets the inactivity counter

Deletion Notice and Grace Period:

Email notification sent immediately when an account is scheduled for deletion
Minimum 30-day advance notice before any account deletion occurs
Deletion scheduled for the first day of the following month to provide predictable timing
Login during grace period automatically cancels scheduled deletion

Account Recovery Options:

Grace period login immediately restores account and cancels deletion
Email response to deletion notice can request account preservation
Customer support contact available for deletion-related questions
No data recovery available once deletion is completed

Data Archival Before Deletion:

Complete account snapshot created before deletion for legal compliance
Transaction history preserved for tax and regulatory requirements (7 years)
Usage analytics anonymized and retained for service improvement
Personal identifiers permanently deleted from all active systems

Secure Data Disposal:

Multi-stage deletion process ensuring complete data removal
Cryptographic key destruction rendering encrypted data unrecoverable
Audit trail maintenance for deletion events and compliance verification
Third-party data processor coordination for complete removal from all systems

9. International Data Transfers and Localization

9.1 Primary Data Processing Location

United States Processing:

Primary servers located in the United States with appropriate security measures
Cloud infrastructure primarily based in US data centers with global backup capabilities
Data processing conducted under U.S. privacy and security frameworks

9.2 Cross-Border Transfer Safeguards

For International Users:

Standard Contractual Clauses approved by relevant data protection authorities
Adequacy decisions where available for specific jurisdictions
Additional safeguards including encryption and access controls for cross-border transfers
Binding Corporate Rules for any subsidiary or affiliate data sharing

EU-US Data Transfers:

Compliance with EU data transfer requirements including GDPR Article 46 safeguards
Data Processing Agreements with all service providers handling EU personal data
Privacy Shield successor framework compliance where applicable and available
User consent where required for specific processing activities

9.3 Local Data Protection Compliance

We respect local data protection requirements including:

GDPR for European Economic Area residents
CCPA/CPRA for California residents
Other state privacy laws as they become applicable
Sectoral regulations affecting financial data processing

10. Children's Privacy Protection

9.1 Age Restrictions

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors, and our Terms of Service require users to be at least 18 years old.

9.2 Parental Controls

If we become aware that a user under 18 has provided personal information, we will:

Promptly delete all associated account information and data
Terminate the account immediately
Notify parents/guardians if contact information is available
Implement additional safeguards to prevent future underage registrations

11. Third-Party Services and External Links

10.1 Payment Processor Privacy

Payment data is processed directly by Stripe and PayPal and subject to their privacy policies
We do not store full credit card numbers or sensitive payment information
Tokenization is used for subscription management
PCI DSS compliance is maintained through these certified payment processors

10.2 External Website Links

Our Service may contain links to educational resources, regulatory information, and third-party tools. We are not responsible for the privacy practices or content of external websites.

10.3 Integration Partnerships

Future integrations with brokerage platforms or financial data providers will:

Require explicit user consent before any data sharing
Maintain strict data use limitations
Provide clear opt-out mechanisms
Undergo thorough privacy and security reviews before implementation

12. Changes to This Privacy Policy

11.1 Policy Updates

We may update this Privacy Policy to reflect:

Changes in our data processing practices
New legal requirements
Enhanced privacy protections
User feedback

11.2 Notice of Changes

For significant changes affecting user rights or data processing:

30 days advance notice via email and prominent website notification
Option to review changes before they take effect
Account deletion option if you disagree

For minor changes (clarifications, contact updates):

Updated effective dates posted
Continued use constitutes acceptance

11.3 Version History

We maintain a record of policy changes including:

Previous versions available upon request
Summary of changes highlighting key modifications
Effective dates for each version

13. Privacy Rights and Contact Information

12.1 Manual Privacy Request Processing

We process privacy requests manually rather than through automated systems to ensure maximum security for your financial information. This protects against:

Identity theft
Unauthorized access to transaction history
Data breaches

Though it may take longer than automated systems, this approach prioritizes your security.

12.2 Privacy Rights Requests

Email: privacy@signalwraith.com with "Privacy Rights Request - [Request Type]" in the subject line.

Include:

Your account email
Specific request type (access, export, correct, delete)
Be prepared for identity verification through email confirmation and account-specific details like recent transactions or subscription information

12.3 What We Can Provide

Account summary: Email, registration date, login activity, subscription status, credits remaining
Transaction history: Dates, amounts, payment processor references
Subscription details: Plan types, billing cycles, status changes
Usage data: Credit consumption, login activity
Platform activity: Account settings, communication preferences, feature usage

12.4 Response Times and Contact

Privacy Officer
SignalWraith LLC
Email: privacy@signalwraith.com
Address: 1155 E Twain Ave, Ste 108 -5177, Las Vegas, NV 89169
Phone: 1(872)588-2308

Response Times:

General questions: 2-3 days
Account access requests: 5-7 days after verification
Complete data exports: 30-45 days
Account deletion: Processed within 30 days with advance notice

Data Protection Authorities:

EU residents may lodge complaints with local supervisory authorities
US residents may contact state attorney general offices
We encourage direct communication first as most privacy concerns can be resolved quickly

This Privacy Policy is designed to provide transparency about our data practices while protecting your personal information. By using our Service, you acknowledge that you have read and understood this Policy and consent to our data processing practices as described.