Privacy Policy

1. Introduction

Signalry ("we," "our," or "us") operates the Signalry platform accessible at signalry.pages.dev (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By accessing or using Signalry, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Account Information

When you create an account via Google OAuth or email/password, we collect:

• Email address
• Display name
• Profile avatar URL (if provided by your authentication provider)
• Authentication provider and provider ID

2.2 LinkedIn Connection Data

When you connect your LinkedIn account, we collect:

• LinkedIn profile name and headline
• LinkedIn profile URL
• OAuth access token (encrypted, used solely for posting on your behalf)
• Token expiration data

We do not access your LinkedIn messages, network connections list, or private activity.

2.3 Content & Usage Data

• Research topics you configure
• AI-generated posts and drafts
• Publishing activity and scheduling preferences
• Agent settings and configuration

2.4 Automatically Collected Data

• Browser type and version
• IP address (not stored long-term)
• Referring URL
• Pages visited and timestamps

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Generate AI-powered content based on your topics and preferences
• Publish content to your connected social media accounts on your behalf
• Schedule and automate your content pipeline
• Send transactional notifications related to your account
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

We do not sell your personal information to third parties.

4. Third-Party Services

Signalry integrates with the following third-party services that have their own privacy policies:

• Supabase — Authentication and database hosting (Privacy Policy)
• Anthropic (Claude) — AI content generation (Privacy Policy)
• OpenAI (DALL·E) — AI image generation (Privacy Policy)
• LinkedIn — Social media publishing (Privacy Policy)
• Cloudflare — Hosting and CDN (Privacy Policy)

When you use these integrations, your data may be processed by these providers under their respective policies.

5. Data Storage & Security

Your data is stored in Supabase-hosted PostgreSQL databases with Row Level Security (RLS) enabled, ensuring that users can only access their own data. All data in transit is encrypted using TLS/HTTPS. OAuth tokens are stored securely and are never exposed to the client-side application.

AI-generated images are stored in Cloudflare R2 object storage with access controlled via signed URLs.

Despite our best efforts, no method of electronic storage is 100% secure. We cannot guarantee absolute security but implement industry-standard practices to protect your data.

6. Data Retention

We retain your data for as long as your account is active. When you delete your account:

• Your user profile and settings are permanently deleted
• LinkedIn connection tokens are revoked and deleted
• Generated content and publishing logs are deleted
• AI-generated images stored in R2 are deleted

We may retain anonymized, aggregated data for analytical purposes after account deletion.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your personal data
• Portability — Request a machine-readable copy of your data
• Restriction — Request we limit processing of your data
• Objection — Object to processing based on legitimate interests
• Withdraw Consent — Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at privacy@signalry.app.

8. Cookies & Tracking

Signalry uses essential cookies required for authentication and session management. We do not use third-party advertising or analytics cookies.

Essential cookies include:

• Authentication session — Managed by Supabase, maintains your login state
• Security tokens — CSRF protection and session validation

You can disable cookies in your browser settings, but this may prevent you from using the Service.

9. Children's Privacy

Signalry is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete that information.

10. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our hosting providers operate. We ensure appropriate safeguards are in place for cross-border data transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Email: privacy@signalry.app
Website: signalry.pages.dev