Privacy Policy
Last Updated: March 7, 2026
SIGNUM HQ, LLC ("Service") is committed to protecting your personal information and respects your privacy. This Privacy Policy explains how we collect, use, store, and delete your personal data in compliance with applicable privacy laws.
Article 1. Purpose
This Privacy Policy describes how SIGNUM HQ, LLC ("Service") collects, uses, stores, and deletes your personal information, and is intended to comply with applicable data protection laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Article 2. Information We Collect
1. Email Registration
- Required: Email address, password (stored encrypted)
2. Google OAuth Registration
- Required: Email address, name, profile image URL
- OAuth token provided by Google (for authentication purposes)
3. Automatically Collected Information
- IP address, browser type and version, device information
- Access timestamps, service usage logs, pages visited
- Cookies and session data
Article 3. How We Use Your Information
We use collected personal information solely for the following purposes:
- Account Management: Identity verification, authentication, and account maintenance
- Service Delivery: Providing data analysis, AI reports, analytics updates, and other content
- Paid Services: Subscription management, payment processing, and billing
- Service Improvement: Usage statistics analysis, quality improvement, and new feature development
- Customer Support: Responding to inquiries, delivering notices, and resolving disputes
- Security: Fraud prevention, unauthorized access detection, and system security
Article 4. Sharing with Third Parties
We do not sell your personal information to third parties. We may share your information only in the following limited circumstances:
- With your explicit prior consent
- When required by law enforcement or regulatory authorities
- In anonymized or aggregated form for statistical or research purposes
CCPA Notice (California Residents): Under the California Consumer Privacy Act, you have the right to know what personal information we collect, request its deletion, and opt out of any sale of personal data. We do not sell personal information.
Article 5. Data Processors & International Transfers
We use the following service providers to operate the Service. Your data may be processed outside your country of residence:
| Provider | Purpose | Server Location |
|---|---|---|
| Supabase Inc. | User authentication, database management | USA (AWS) |
| Vercel Inc. | Web hosting and deployment | USA |
| Google LLC | OAuth authentication, Analytics | USA |
These providers maintain industry-standard security certifications (SOC 2, ISO 27001) and we maintain data protection agreements with each.
Article 6. Data Retention & Deletion
Principle: We delete personal data promptly when it is no longer needed. However, certain data may be retained as required by applicable law:
| Data Category | Retention Period | Legal Basis |
|---|---|---|
| Contract / subscription records | 5 years | IRS Regulations |
| Payment / billing records | 5 years | IRS Regulations |
| Consumer complaint records | 3 years | FTC Act / Internal Policy |
| Access / server logs | 3 months | Internal Security Policy |
Deletion Method: Electronic files are permanently deleted using irreversible methods. Physical documents (if any) are shredded or incinerated.
Article 7. Your Rights
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data that we process.
- Right to Rectification: Request correction of inaccurate personal data.
- Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data.
- Right to Restriction: Request restriction of processing of your personal data.
- Right to Data Portability: Receive your personal data in a structured, commonly used format.
- Right to Withdraw Consent: Withdraw consent for data collection and processing at any time.
You may exercise these rights through your account settings or by contacting us at [email protected]. We will respond without undue delay.
Article 8. Cookies & Tracking Technologies
- Purpose of Cookies: We use cookies to maintain your login session, improve your service experience, and collect usage analytics.
- Types of Cookies:
- Essential Cookies: Login authentication, session management (Supabase Auth)
- Analytics Cookies: Service usage pattern analysis (anonymized)
- Functional Cookies: Language preferences, dark mode, and user settings
- Opting Out: You may opt out of cookies through your browser settings. However, this may limit certain features such as login functionality.
Article 9. Security Measures
- Encryption: Passwords are stored using one-way encryption (bcrypt), and all data in transit is encrypted with TLS 1.2 or higher.
- Access Control: Access to personal data is restricted to the minimum necessary, with authentication required for administrative access.
- Security Monitoring: We operate security systems to prevent unauthorized access and data breaches, with immediate incident response protocols.
- Regular Audits: We conduct periodic security vulnerability assessments to ensure data protection.
Article 10. Data Protection Officer
The Company has designated a Data Protection Officer to manage personal data processing and to address privacy-related inquiries and complaints:
- Title: CEO / Data Protection Officer
- Email: [email protected]
Article 11. Changes to This Policy
- This Privacy Policy may be updated to reflect changes in laws, policies, or security technology.
- Changes will be announced at least 7 days in advance via in-service notice or email.
- For significant changes (additions to data collected, changes in third-party sharing, etc.), notice will be given 30 days in advance, and re-consent may be requested where required.
This Privacy Policy is effective as of March 7, 2026.