SignalFin

Legal

Privacy Policy

How SignalFin collects, uses, and protects your information.

Last updated: November 2024

Pre-launch notice. SignalFin is currently in pre-launch. These terms govern your use of the waitlist and pre-launch materials. Updated terms will apply when the full product launches.

This Privacy Policy explains how SignalFin (“SignalFin,” “we,” “us,” or “our”) collects, uses, discloses, and protects personal information when you visit signalfin.app, join our waitlist, or use any SignalFin product or service (collectively, the “Service”). By using the Service, you agree to the practices described here.

1. Information we collect

1.1 Information you provide

  • Waitlist submissions. Your email address, optional name, and any referral source you supply when joining the waitlist.
  • Account information (at product launch). Email, password hash, display name, and optional profile details managed via Supabase Auth.
  • Brokerage connection metadata (at product launch). When you connect a brokerage account through SnapTrade, we receive only the metadata and read-only data SnapTrade provides — for example, account type, masked account number, positions, cost basis, and balances. We never receive, store, or have access to your brokerage login credentials.
  • Support communications. Messages you send us through the contact form, email, or support channels.

1.2 Information collected automatically

  • Usage and device information. IP address (hashed for abuse prevention), user-agent string, pages viewed, and timestamps.
  • Cookies and similar technologies. Strictly necessary cookies for session management and analytics cookies where permitted. See Section 7.

2. How we use information

  • Operate, maintain, and secure the Service.
  • Fulfill your waitlist entry and notify you when early access or launch becomes available.
  • Display your portfolio, positions, and derived analytics within the Service, and deliver research, alerts, and AI-generated insights.
  • Respond to your questions and support requests.
  • Detect, investigate, and prevent fraudulent, abusive, or unauthorized activity.
  • Comply with applicable laws, regulations, and lawful requests from public authorities.

We do not sell your personal information, and we do not share it with third parties for their own marketing purposes.

3. Brokerage data — read-only posture

SignalFin receives read-only brokerage data through SnapTrade. This means:

  • We can view positions, balances, cost basis, and transaction history that SnapTrade has been authorized to share.
  • We cannot place, modify, or cancel trades, move funds, or take any other action on your brokerage account. SignalFin is not technically authorized to execute any transaction on your behalf.
  • You may disconnect your brokerage at any time from within the SignalFin application or directly through SnapTrade. Upon disconnection, we stop receiving new data from that account.

4. How we share information

We share information only with the following categories of recipients, and only as needed to operate the Service:

  • Service providers (subprocessors). See our Data Sources page for the current list, which includes Supabase (database and auth), SnapTrade (read-only brokerage connections), Vercel (hosting), and may include providers such as Stripe (billing), Sentry (error monitoring), and Klaviyo (transactional email).
  • Legal and safety. When required to comply with a valid legal process, protect our rights, or investigate abuse.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

5. How we protect information

  • Encryption in transit. All traffic between your browser and SignalFin uses TLS 1.2+.
  • Encryption at rest. Data stored in our managed database is encrypted at rest by our provider.
  • Row-level security (RLS). Our database enforces per-user row-level isolation so that one user’s data cannot be accessed by another user.
  • Bearer-token authentication. API access is gated by short-lived bearer tokens tied to authenticated sessions.
  • Operational controls. We run with a SOC 2-ready operational posture, apply rate limits and security headers (Helmet), and restrict production access to authorized personnel.

No method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.

6. Data retention

We retain personal information for as long as your account is active or as needed to provide the Service. If you request deletion, we will delete or anonymize your personal information within a reasonable period, except where we are required to retain it to comply with legal, tax, or accounting obligations, or to resolve disputes and enforce our agreements.

7. Cookies

We use strictly necessary cookies to maintain your session and remember preferences. We may use first-party analytics cookies to understand how the Service is used and to improve it. You can control cookies through your browser settings; disabling certain cookies may degrade Service functionality.

8. Your rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate information.
  • Deletion. Ask us to delete your personal information, subject to legal retention requirements.
  • Portability. Receive a machine-readable copy of certain information you provided.
  • Opt-out. Opt out of marketing emails at any time using the unsubscribe link or by contacting us.
  • Non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise these rights, email us at support@signalfin.app. We may need to verify your identity before acting on your request.

9. International users

SignalFin is operated from the United States. If you access the Service from outside the U.S., your information will be transferred to and processed in the United States. By using the Service, you consent to that transfer and processing.

10. Children

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, contact us at support@signalfin.app.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last updated” date above and, where appropriate, by email or in-app notice.

12. Contact

Questions about this Privacy Policy or our privacy practices? Contact us at support@signalfin.app.