Privacy Policy

1. Introduction

Welcome to Signodex (“we,” “us,” or “our”). We operate the Signodex mobile application and website (collectively, the “Service”), a platform for AI-powered market analysis and portfolio tracking across cryptocurrency, stocks, precious metals, and foreign exchange markets.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using Signodex, you consent to the practices described in this policy. If you do not agree, please do not access or use the Service.

We are committed to protecting your privacy and handling your data with transparency and care. We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

We collect the following categories of information:

2.1 Account & Identity Data

When you register for an account, we collect your email address, display name, and a securely hashed password. If you register via a third-party OAuth provider (e.g., Google or Apple), we receive a limited profile including your name and email address as permitted by that provider.

2.2 Usage Data

We collect information about how you interact with the Service, including features accessed, pages viewed, searches performed, AI analysis requests made, credit transactions, and the timestamps of these activities. This data helps us understand how our Service is used and how to improve it.

2.3 Device Data

We collect technical information about the device you use, including device type, operating system version, app version, unique device identifiers, IP address, and browser type. This information is used for security, analytics, and service compatibility purposes.

2.4 Financial & Portfolio Data You Provide

If you use the portfolio tracking feature, you may voluntarily enter information such as the assets you hold, quantities, and average purchase prices. We do not collect your bank account numbers, brokerage credentials, or actual trading account access. This portfolio data remains under your control and is stored securely in our database.

2.5 Payment & Subscription Data

Payment processing is handled entirely by RevenueCat and the respective app store platforms (Apple App Store, Google Play). We do not store your credit card numbers or bank details. We receive subscription status, tier information, and transaction identifiers from RevenueCat to manage your account credits and features.

3. How We Use Your Information

We use the information we collect for the following purposes:

• ·Provide, maintain, and improve the Service, including processing AI analysis requests and displaying market data.
• ·Manage your account, subscription tier, and credit balance.
• ·Personalize your experience, including saving your portfolio, preferences, and price alert configurations.
• ·Process AI-powered analysis by transmitting relevant market data and your portfolio context to our AI provider (Anthropic). See Section 6 for details.
• ·Send transactional communications such as account confirmations, password resets, and billing receipts.
• ·Send optional marketing communications if you have opted in. You may opt out at any time.
• ·Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• ·Comply with legal obligations and respond to lawful requests from regulatory authorities.
• ·Analyze aggregated, anonymized usage patterns to improve our algorithms and user experience.

4. Data Storage & Security

Your data is stored in Supabase, a secure cloud database platform. Supabase infrastructure is hosted on AWS and complies with SOC 2 Type II, ISO 27001, and GDPR requirements. All data is encrypted at rest using AES-256 encryption and encrypted in transit using TLS 1.2 or higher.

We implement row-level security (RLS) policies in our database, ensuring that users can only access their own data. API keys and secrets are stored as environment variables and never exposed to client-side code. We conduct regular security reviews and follow industry best practices for application security.

Despite our best efforts, no security system is impenetrable. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law, including GDPR Article 33 requirements (within 72 hours of becoming aware of the breach where feasible).

5. Third-Party Services

We work with the following third-party service providers, each subject to their own privacy policies:

• Anthropic: AI model provider (Claude). Market data and portfolio context may be sent to Anthropic for AI analysis. Anthropic processes this data per their usage policies and does not use API inputs to train their models.
• Supabase: Backend-as-a-service for our database, authentication, and serverless edge functions. Your account data, portfolio data, and usage logs are stored here.
• RevenueCat: Subscription and in-app purchase management. RevenueCat processes payment metadata to manage your subscription status. Actual payment processing is handled by Apple or Google.
• CoinGecko: Cryptocurrency market data API. We query CoinGecko for price data. Your personal data is not shared with CoinGecko.
• Binance WebSocket: Real-time cryptocurrency price streaming. Connection is made server-side; no personal data is shared.

6. AI & Data Processing

When you request AI analysis (such as AI Signal, AI Market Summary, AI Deep Analysis, or AI Chat), we transmit relevant information to Anthropic’s Claude AI model. This may include the asset symbol, current price data, technical indicator values, and — if you have set up portfolio tracking — your portfolio holdings relevant to the query.

We do not transmit your name, email address, or other personally identifiable information to the AI model. Anthropic’s API does not use API inputs to train their generative models. AI analysis results are cached on our servers for up to 15 minutes to improve performance and reduce redundant processing; the same request within 15 minutes serves cached results without triggering a new AI call.

All AI-generated content includes a disclaimer that it is for informational purposes only and does not constitute financial advice.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• ·Right of Access: You may request a copy of the personal data we hold about you.
• ·Right of Rectification: You may request that we correct inaccurate or incomplete data.
• ·Right of Erasure: You may request that we delete your personal data ("right to be forgotten"), subject to legal retention requirements.
• ·Right to Data Portability: You may request your data in a structured, machine-readable format.
• ·Right to Object: You may object to processing of your data for direct marketing or where we rely on legitimate interests.
• ·Right to Restrict Processing: You may request that we restrict processing of your data in certain circumstances.
• ·Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@signodex.com. We will respond within 30 days (or as required by applicable law). You also have the right to lodge a complaint with your local data protection authority.

8. Cookies

We use a minimal cookie policy. We set only strictly necessary session cookies to maintain your authenticated session and store your preferences (such as language and theme settings). We do not use tracking cookies, advertising cookies, or third-party analytics cookies that identify you personally.

Session cookies are temporary and are deleted when you close your browser. Preference cookies persist for up to 12 months. You can manage or delete cookies through your browser settings; however, disabling session cookies will prevent you from remaining logged in.

9. Children’s Privacy

The Service is not intended for, and we do not knowingly collect personal information from, individuals under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@signodex.com. We will promptly delete such information.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy team: