Privacy Policy

Who we are (Controller)

InsiderSignals ("InsiderSignals", "we", "us") is the controller for personal data processed through our website and services (the "Service").

Scope

This Privacy Policy explains how we collect and use personal data when you use our Service, create an account, configure alerts, or contact support.

Personal data we collect

3.1 Data you provide

• Account data: email address, password (stored as a hash), account status
• Alert configuration: tickers/watchlists, score thresholds, notification frequency
• Support communications: emails you send to us and our replies

3.2 Data collected automatically (strictly necessary)

• Authentication/session data required to keep you signed in
• Security and operational data such as IP address (typically), timestamps, and error/security events required to operate and protect the Service
• Application/server logs (see Section 9)

3.3 Data we do not intend to collect

We do not request special categories of personal data (e.g., health, religion). Please do not send such data to support.

Why we use your data (purposes and lawful bases)

We process personal data only when we have a lawful basis under the GDPR.

Contract (performance of a contract):

• Create and manage your account
• Deliver alerts/digests based on your settings
• Provide core Service functionality you request

Legitimate interests:

• Secure the Service, prevent abuse/fraud, and protect accounts
• Maintain reliability, troubleshoot issues, and improve service stability
• Respond to support requests (where applicable)

We balance these interests against your rights, and you can object in certain cases (see Section 10).

Legal obligation:

• Comply with applicable laws (e.g., accounting/tax and other legal requirements)

Emails

We send service emails necessary to provide the Service (e.g., alerts/digests, account/security notices). These are not marketing.

If we ever send marketing emails, we will only do so where permitted by law and will provide a clear opt-out mechanism.

Sharing and service providers

We do not sell your personal data.

We share personal data only with service providers that process data on our instructions to operate the Service, such as:

• Hosting and content delivery providers
• Authentication and database infrastructure providers
• Email delivery providers

Our main providers currently include Vercel (hosting/delivery), Supabase (database/authentication), and Resend (email delivery).

Market data providers supply financial/market data used by the Service. We do not share your account data with market data providers for their independent use.

We may disclose information if required by law, to protect rights and security, or as part of a business transfer (e.g., merger or acquisition), subject to appropriate safeguards.

Cookies and similar technologies

We use strictly necessary cookies and similar technologies to operate authentication and keep you signed in.

We do not use advertising cookies and we do not use analytics cookies.

If you block cookies in your browser, the Service may not function properly.

International data transfers

Your personal data may be processed outside the European Economic Area depending on where our providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and supplementary measures (e.g., encryption and access controls).

You can request information about these safeguards by emailing info@insidersignals.io.

Data retention

We keep personal data for the shortest period necessary to operate the Service and meet legal requirements.

• Account data and alert configuration: retained while your account is active. If you request deletion, we delete or anonymize this data within 30 days where feasible.
• Support communications (email): retained for 12 months after the last support interaction, then deleted or anonymized where feasible.
• Application/server logs: retained for a maximum of 30 days, then deleted or anonymized unless needed to investigate an active security incident.
• Legal/accounting records (e.g., invoices): retained for the legally required period (commonly up to 7 years).

Your rights (Netherlands/EEA)

Subject to conditions and exceptions under GDPR, you have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data
• Restrict processing in certain cases
• Object to processing based on legitimate interests
• Receive a copy of certain data you provided (data portability)
• Withdraw consent at any time where processing is based on consent (if applicable)

To exercise these rights, email info@insidersignals.io from the email address associated with your account. We may request additional verification to protect your data.

Complaints: You can lodge a complaint with the Dutch supervisory authority, the Autoriteit Persoonsgegevens, or your local EU supervisory authority.

Security

We use appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls, and monitoring. No system is completely secure. Where legally required, we will notify affected users and regulators of a personal data breach.

Children

The Service is not intended for children under 16 years of age in the Netherlands/EU. We do not knowingly collect personal data from children under 16.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you via the Service and/or email and update the "Last updated" date above.

Contact

If you have any questions about this Privacy Policy or our privacy practices, please contact us at info@insidersignals.io.

For full contact details, including our address and Chamber of Commerce number, see the "Who we are (Controller)" section above.