Privacy Policy

Effective Date: 24 July, 2025
Last Updated: 24 July, 2025

1. Introduction and Scope

This Privacy Policy describes how Signalwraith LLC ("Company," "we," "us," or "our") collects, uses, processes, and protects personal information when you use Signalwraith (the "Service"), our algorithmic market analysis platform.

We are committed to data minimization and transparency. Our business model collects only essential information needed to provide our Service while maintaining the highest standards of data protection and user privacy.

This Policy applies to all users of our website (www.signalwraith.com), Service subscribers, and visitors to our platform.

2. Information We Collect

2.1 Personal Information You Provide

Account Registration Information:

• Email address (required for account creation, authentication, and all communications)
• Account password (encrypted and hashed by Supabase)
• Account creation date and last login timestamps
• Communication and notification preferences

Subscription and Payment Information:

• Payment processor references (Stripe customer IDs, PayPal order IDs for transaction tracking)
• Transaction records including dates, amounts paid, credits purchased, and payment status
• Subscription details including plan type, billing cycle dates, and subscription status
• Discount codes used and promotional pricing applied to purchases
• Payment method types (credit card, PayPal) but not the actual payment details

Platform Usage Data:

• Credit consumption records including dates and reasons for credit usage
• Login activity and session information for security purposes
• Platform feature usage (which tools and pages you access)

Customer Support Communications:

• Support ticket messages and email correspondence with our team
• Feedback and survey responses (when voluntarily provided)
• Account-related inquiries and technical assistance requests

2.2 Information Collected Automatically (Anonymous)

Technical Usage Data (Not Linked to User Accounts):

• Aggregated website traffic and page view statistics
• Browser type, version, and operating system information (anonymized)
• Device types and screen resolution data for optimization purposes
• General geographic regions for service performance optimization
• Platform performance metrics and error logging (without user identification)

Service Analytics (Anonymous):

• Feature utilization statistics and engagement patterns (aggregated)
• A/B testing data for Service improvement (anonymized)
• API usage statistics and response times (not attributed to specific users)
• General usage patterns for platform optimization

Cookies and Tracking Technologies:

• Essential cookies: Session management, authentication, and security
• Analytics cookies: Service performance optimization (anonymous data only)
• Preference cookies: User interface customization and saved settings
• Security cookies: Fraud prevention and unauthorized access protection

2.3 Data Separation

Complete Separation of Account Data and Anonymous Analytics: Your personal account information (email, subscription details, payment history) is kept entirely separate from anonymous technical analytics. We cannot and do not correlate website usage patterns, performance metrics, or technical data with individual user accounts.

Market Analysis Data Sources: Our algorithmic market analysis uses public forum content collected from financial discussion platforms, historical market data from licensed financial data providers, statistical correlation models built from public market information, and economic indicators and market timing data for analysis.

3. How We Use Your Information

3.1 Account and Subscription Management

Core Service Operations:

• Creating and maintaining your Signalwraith account
• Processing authentication and secure access to the platform
• Managing subscription plans, billing cycles, and payment processing
• Tracking credit balances and usage for account access
• Providing customer support and technical assistance
• Delivering platform updates and security notifications

Payment and Billing:

• Processing subscription payments through Stripe and PayPal
• Managing credit purchases and account balance tracking
• Generating transaction records and billing history
• Processing refunds and payment-related inquiries
• Coordinating with payment processors for subscription management

3.2 Platform Access and Communications

Enabling access to market analysis tools and features, personalizing user dashboard and interface preferences, and tracking feature usage for account management purposes.

Required Communications: Account confirmations, password resets, billing notifications, service updates, security alerts, customer support responses, and legal notices.

Optional Communications: Educational content about market analysis (with consent), platform feature announcements, and user surveys (voluntary participation).

3.3 Legal Compliance and Protection

Regulatory Compliance:

• Complying with applicable financial regulations and anti-fraud requirements
• Maintaining records for tax reporting and business compliance purposes
• Responding to valid legal process, court orders, and regulatory requests
• Protecting our intellectual property rights and trade secrets

Business Protection:

• Enforcing our Terms of Service and preventing unauthorized use
• Investigating potential violations of our policies or applicable laws
• Protecting the security and integrity of our Service and algorithms
• Resolving disputes and defending against legal claims

4. Information Sharing and Disclosure

4.1 We Do Not Sell Personal Information

We do not sell, rent, lease, or trade your personal information to third parties for marketing or commercial purposes.

4.2 Authorized Service Providers

Technical Infrastructure Partners:

• Vercel (Web Hosting): Website hosting, content delivery, and application deployment
• Database Providers: Secure data storage and backup services with encryption at rest
• Analytics Platforms: Service performance monitoring and user experience optimization (data anonymized)

Payment and Financial Services:

• Stripe/PayPal: Payment processing, subscription management, and fraud prevention
• Billing Platforms: Invoice generation, dunning management, and payment reconciliation
• Tax Services: Sales tax calculation and compliance reporting where required

Customer Support Tools:

• Email Services: Transactional and marketing email delivery with privacy protections

All service providers are bound by strict data processing agreements that require processing data only for specified purposes, implementing appropriate security measures, prohibiting use of your data for their own purposes, and deleting or returning data upon contract termination.

4.3 Legal Requirements and Protection

We may disclose personal information when required by law or necessary to comply with valid legal process, respond to government requests, protect our legal rights including intellectual property protection, prevent fraud or illegal activity, protect user safety and service security, and defend against legal claims or investigate potential violations.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction. We will provide advance notice of any ownership change affecting privacy practices, the acquiring entity will be bound by the privacy commitments made in this Policy, and users will have the option to delete their accounts before any transfer.

5. Data Security and Protection

5.1 Technical Safeguards

Data Encryption:

• Data in transit: All communications use TLS 1.3 encryption or higher
• Data at rest: Database encryption using industry-standard AES-256 encryption
• Payment data: PCI DSS compliant processing with tokenization and encryption
• Password security: Bcrypt hashing with salt for all user credentials

Access Controls:

• Role-based access controls limiting employee access to necessary data only
• Regular access reviews and automated session management
• API security with rate limiting and authentication token management

Infrastructure Security:

• Secure hosting environment with regular security updates and patches
• Network security including firewalls and intrusion detection systems
• Backup and recovery procedures with encrypted, geographically distributed backups
• Incident response plan for security breaches or unauthorized access

5.2 Operational Safeguards

Employee Training and Access:

• Privacy and security training for all employees with access to user data
• Background checks for employees in security-sensitive positions
• Confidentiality agreements requiring protection of user information
• Principle of least privilege limiting data access to job requirements only

Data Handling Procedures:

• Data minimization practices collecting only necessary information
• Regular data audits and cleanup of outdated or unnecessary information
• Secure development practices including code reviews and security testing
• Vendor due diligence ensuring service providers meet our security standards

5.3 Security Incident Response

While we implement comprehensive security measures, no system is 100% secure. In the event of a data breach affecting personal information, we will promptly investigate the scope and cause of the incident, notify affected users within 72 hours when feasible and legally required, provide detailed information about what information was involved and our response actions, and offer appropriate remediation including credit monitoring when warranted.

6. Your Privacy Rights and Choices

6.1 Account Management Rights

Access and Portability:

• View and download your account information and usage history
• Export your data in common, machine-readable formats (CSV, JSON)
• Access billing history and transaction records
• Review communication preferences and privacy settings

Correction and Updates:

• Update account information including email address and preferences
• Correct inaccurate data through your account settings or by contacting support
• Modify subscription plans and billing information as needed
• Change communication preferences for marketing and optional notifications

Account Deletion:

• Delete your account and associated personal information through account settings
• Request expedited deletion by contacting our privacy team
• Understand retention requirements for legal and business compliance
• Receive confirmation when deletion is completed

6.2 Communication Preferences

Marketing Communications:

• Opt-out of marketing emails using unsubscribe links in any promotional message
• Manage email preferences through your account settings
• Choose specific types of communications you want to receive
• Update frequency preferences for newsletters and educational content

Required Communications:

• Transactional emails (billing, security, account status) cannot be opted out while maintaining an active account
• Legal notices and Terms of Service updates must be delivered to comply with legal requirements
• Security alerts are mandatory for account protection purposes

6.3 Privacy Rights by Jurisdiction

For California Residents (CCPA/CPRA Rights):

• Right to know what personal information we collect, use, and share
• Right to delete personal information (subject to legal exceptions)
• Right to correct inaccurate personal information
• Right to opt-out of sale (we don't sell information)
• Right to non-discrimination for exercising your privacy rights
• Right to limit sensitive personal information use

For European Residents (GDPR Rights):

• Right of access to your personal data and processing information
• Right to rectification of inaccurate or incomplete data
• Right to erasure ("right to be forgotten") with legal exceptions
• Right to restrict processing in specific circumstances
• Right to data portability in structured, commonly-used formats
• Right to object to processing based on legitimate interests
• Right to withdraw consent where processing is based on consent

7. Data Retention and Deletion

7.1 Retention Periods by Data Type

Account and Profile Information:

• Active accounts: Retained while account remains active
• Cancelled accounts: Deleted within 30 days unless legal retention required
• Contact information: Retained for 2 years after account closure for customer service purposes

Subscription and Payment Data:

• Billing records: Retained for 7 years for tax compliance and dispute resolution
• Payment method information: Tokenized data deleted within 90 days of subscription cancellation
• Transaction history: Retained for 7 years for financial and legal compliance

Usage and Analytics Data:

• Individual usage patterns: Anonymized after 2 years and retained for service improvement
• Platform performance data: Retained for 3 years for optimization and security purposes
• Support communications: Retained for 3 years for customer service quality and training
• Anonymous technical analytics: Retained indefinitely for platform optimization (not linked to user accounts)

Forum and Market Analysis Data:

• Processed forum content: Anonymized data retained for continuous algorithm improvement
• Market correlation databases: Retained indefinitely as core business intellectual property
• Algorithmic performance metrics: Retained indefinitely for service enhancement and accuracy

7.2 Automated Inactive Account Cleanup

Inactive Account Identification:

• Accounts with no login activity for 90+ consecutive days and no active subscription are automatically flagged for deletion
• Active subscribers are exempt from inactivity-based deletion regardless of login frequency
• Admin accounts are protected from automated deletion processes
• Recent account activity of any type resets the inactivity counter

Deletion Notice and Grace Period:

• Email notification sent immediately when an account is scheduled for deletion
• Minimum 30-day advance notice before any account deletion occurs
• Deletion scheduled for the first day of the following month to provide predictable timing
• Login during grace period automatically cancels scheduled deletion

Account Recovery Options:

• Grace period login immediately restores account and cancels deletion
• Email response to deletion notice can request account preservation
• Customer support contact available for deletion-related questions
• No data recovery available once deletion is completed

Data Archival Before Deletion:

• Complete account snapshot created before deletion for legal compliance
• Transaction history preserved for tax and regulatory requirements (7 years)
• Usage analytics anonymized and retained for service improvement
• Personal identifiers permanently deleted from all active systems

Secure Data Disposal:

• Multi-stage deletion process ensuring complete data removal
• Cryptographic key destruction rendering encrypted data unrecoverable
• Audit trail maintenance for deletion events and compliance verification
• Third-party data processor coordination for complete removal from all systems

8. International Data Transfers and Localization

8.1 Primary Data Processing Location

United States Processing:

• Primary servers located in the United States with appropriate security measures
• Cloud infrastructure primarily based in US data centers with global backup capabilities
• Data processing conducted under U.S. privacy and security frameworks

8.2 Cross-Border Transfer Safeguards

For International Users:

• Standard Contractual Clauses approved by relevant data protection authorities
• Adequacy decisions where available for specific jurisdictions
• Additional safeguards including encryption and access controls for cross-border transfers
• Binding Corporate Rules for any subsidiary or affiliate data sharing

EU-US Data Transfers:

• Compliance with EU data transfer requirements including GDPR Article 46 safeguards
• Data Processing Agreements with all service providers handling EU personal data
• Privacy Shield successor framework compliance where applicable and available
• User consent where required for specific processing activities

8.3 Local Data Protection Compliance

We respect local data protection requirements including GDPR for European Economic Area residents, CCPA/CPRA for California residents, other state privacy laws as they become applicable, and sectoral regulations affecting financial data processing.

9. Children's Privacy Protection

9.1 Age Restrictions

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from minors, and our Terms of Service require users to be at least 18 years old.

9.2 Parental Controls

If we become aware that a user under 18 has provided personal information, we will promptly delete all associated account information and data, terminate the account immediately, notify parents/guardians if contact information is available, and implement additional safeguards to prevent future underage registrations.

10. Third-Party Services and External Links

10.1 Payment Processor Privacy

Payment data is processed directly by Stripe and PayPal and subject to their privacy policies. We do not store full credit card numbers or sensitive payment information. Tokenization is used for subscription management and PCI DSS compliance is maintained through these certified payment processors.

10.2 External Website Links

Our Service may contain links to educational resources, regulatory information, and third-party tools. We are not responsible for the privacy practices or content of external websites.

10.3 Integration Partnerships

Future integrations with brokerage platforms or financial data providers will require explicit user consent before any data sharing, maintain strict data use limitations, provide clear opt-out mechanisms, and undergo thorough privacy and security reviews before implementation.

11. Changes to This Privacy Policy

11.1 Policy Updates

We may update this Privacy Policy to reflect changes in our data processing practices, new legal requirements, enhanced privacy protections, or user feedback.

11.2 Notice of Changes

For significant changes affecting user rights or data processing, we provide 30 days advance notice via email and prominent website notification, with option to review changes before they take effect and account deletion option if you disagree. For minor changes (clarifications, contact updates), we post updated effective dates and continued use constitutes acceptance.

11.3 Version History

We maintain a record of policy changes including previous versions available upon request, summary of changes highlighting key modifications, and effective dates for each version.

12. Privacy Rights and Contact Information

12.1 Manual Privacy Request Processing

We process privacy requests manually rather than through automated systems to ensure maximum security for your financial information. This protects against identity theft, unauthorized access to transaction history, and data breaches, though it may take longer than automated systems.

12.2 Privacy Rights Requests

Email privacy@signalwraith.com with "Privacy Rights Request - [Request Type]" in the subject line. Include your account email, specific request type (access, export, correct, delete), and be prepared for identity verification through email confirmation and account-specific details like recent transactions or subscription information.

12.3 What We Can Provide

Account summary (email, registration date, login activity, subscription status, credits remaining), transaction history (dates, amounts, payment processor references), subscription details (plan types, billing cycles, status changes), usage data (credit consumption, login activity), and platform activity (account settings, communication preferences, feature usage).

12.4 Response Times and Contact

Privacy Officer
Signalwraith LLC
Email: privacy@signalwraith.com
Address: 955 E Main St Ste E #667, Lexington, SC 29072
Phone: 1(872)588-2308

Response Times: General questions (2-3 days), account access requests (5-7 days after verification), complete data exports (30-45 days), account deletion (processed within 30 days with advance notice).

Data Protection Authorities: EU residents may lodge complaints with local supervisory authorities. US residents may contact state attorney general offices. We encourage direct communication first as most privacy concerns can be resolved quickly.

This Privacy Policy is designed to provide transparency about our data practices while protecting your personal information. By using our Service, you acknowledge that you have read and understood this Policy and consent to our data processing practices as described.