Privacy Policy

1. Information We Collect

We collect the following types of information:

• Account data: your name, email address, and password (stored as a bcrypt hash)
• Contact data: names, companies, roles, notes, tags, and other details you provide about your contacts
• Interaction logs: dates, types, and notes about interactions with your contacts
• AI-generated content: message drafts and signals (insights) generated by AI about your contacts
• Usage data: credit consumption and feature usage tracking
• Preferences: language preference (stored as a cookie) and theme preference

2. How We Use Your Information

We use your information to:

• Provide and maintain the Signal Recall service
• Generate AI-powered drafts, signals, and insights using third-party AI providers
• Track and manage your credit usage
• Authenticate your identity and secure your account
• Communicate with you about your account and service updates
• Improve and develop new features for the service

3. AI Data Processing

When you use AI features (data import, signal extraction, or draft generation), relevant data is sent to third-party AI providers for processing. Our primary provider is Anthropic (Claude API) and our secondary provider is OpenAI. Data is sent to these providers only when you actively trigger an AI feature. Each provider processes data according to their own privacy policies and data handling practices. We do not use your data to train AI models.

4. Data Storage and Security

Your data is hosted on DigitalOcean App Platform with the database hosted on Neon PostgreSQL in the Singapore region. We protect your data using HTTPS encryption for all data in transit, bcrypt hashing for passwords, JWT-based authentication tokens, and access controls to limit data exposure. While we implement reasonable security measures, no method of transmission or storage is 100% secure.

5. Data Sharing

We do not sell your personal data. We share data with third parties only in the following circumstances: with AI providers (Anthropic and OpenAI) when you use AI features, with infrastructure providers (DigitalOcean and Neon) for hosting and database services, and when required by law or to protect our legal rights.

6. Data Retention

We retain your data for as long as your account is active. You may request deletion of your account and associated data by contacting [email protected]. Account deletion requests are processed within 30 days. Database backups may retain data for up to 90 days after deletion.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you
• Correction: request that we correct inaccurate or incomplete data
• Deletion: request that we delete your personal data
• Export: request a portable copy of your data
• Withdrawal: withdraw your consent to data processing at any time

8. International Data Transfers

Your data is stored on servers in Singapore (Neon PostgreSQL). When you use AI features, data may be processed in the United States by Anthropic and OpenAI. Infrastructure services are provided by DigitalOcean, which may process data in various locations. By using our service, you consent to these international data transfers.

9. Children's Privacy

Signal Recall is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a child under 18, we will take steps to delete that information promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date. We encourage you to review this policy periodically.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at [email protected].