Last updated: March 24, 2026
SignalBridge ("we," "us," or "our") operates the SignalBridge platform (the "Service"), an AI-powered startup scoring and analysis tool. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our Service.
Data Controller: SignalBridge is the data controller responsible for your personal data. You can contact us at privacy@signalbridge.app for any data protection matters.
When you sign in via Google or GitHub OAuth, we receive and store your name, email address, and profile picture as provided by the OAuth provider. We do not receive or store your Google or GitHub password.
We collect information about how you use the Service, including:
We automatically collect IP addresses, browser type, device information, and request timestamps for rate limiting, security, and abuse prevention. Server logs are retained for up to 90 days.
Payment processing is handled entirely by Stripe. We do not receive or store your credit card number, bank account details, or other payment credentials. We store only your Stripe customer ID, subscription ID, tier, and subscription status to manage your account.
If you create API keys, we store a SHA-256 cryptographic hash of each key. The full key is displayed only once at creation and is not stored or recoverable by us.
When you request a score, we collect the company name and any related information you provide. We then gather publicly available data about that company from third-party sources (see Section 3) to generate a score. The company data processed is about organizations, not individuals, though it may incidentally reference publicly available information about founders or executives.
We store historical snapshots of enrichment data gathered from third-party sources for each scored company. These snapshots include the source, data retrieved, fetch timestamp, and confidence metadata. Snapshots are used for trend analysis, score comparison, and benchmarking. They contain company data (not personal user data) and are retained in our database with configurable expiration periods.
If you register webhooks for programmatic notifications, we store your webhook URL and an HMAC secret used to sign payloads. Webhook URLs may point to your own servers or third-party services. We do not log the content of webhook deliveries.
We use your information for the following purposes:
We do not use your personal data for advertising, behavioral profiling, or sale to third parties.
We share data with third-party service providers solely as necessary to operate the Service. These providers act as data processors on our behalf:
To generate scores, we query publicly available data from the following sources. Company names and identifiers (not your personal data) are sent to these services:
We do not sell, rent, or trade your personal information to any third party.
SignalBridge uses Anthropic's Claude API to generate company scores and analysis. When a score is requested:
Important: AI-generated scores may contain inaccuracies, reflect outdated information, or omit relevant factors. Scores are not verified by human analysts and do not constitute investment advice, financial guidance, or professional recommendations of any kind. You should not rely solely on AI-generated scores for business, investment, or hiring decisions.
No automated decisions are made about you personally based on AI scoring. Scores evaluate companies, not individuals.
We may use anonymized, aggregated scoring data to improve our scoring methodology and generate market insights. When data is used for this purpose, it is stripped of user identifiers and cannot be traced back to individual users. Training examples derived from scoring data are flagged with an anonymization status and quality level.
The Service uses internal autonomous agents ("Colony") that analyze aggregate scoring trends and evolve their analytical capabilities over time. These agents operate at the system level and do not access, store, or process individual user data. Agent knowledge is derived from anonymized, aggregate patterns only.
We retain different categories of data for different periods:
When you delete your account, we purge your personal data within 30 days. Scores you generated may be retained in de-identified form (with your user ID removed) for public leaderboard and aggregate analytics purposes. Because scores contain company names and publicly available business data, this de-identified data is not fully anonymous and is treated with appropriate safeguards.
We use the following cookies and browser storage:
We do not use third-party advertising cookies, tracking pixels, or behavioral analytics cookies. Sentry's error monitoring SDK may set performance-related cookies when configured; these are non-essential cookies and are only set with your consent.
You can manage your cookie preferences at any time by clearing your browser cookies or adjusting your browser settings. You may also opt out of non-essential cookies via the cookie consent banner displayed on your first visit. You can manage email notification preferences (including digest emails) in your account settings, or unsubscribe via the link in any email we send.
We implement industry-standard security measures to protect your data, including:
While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
GET /api/account/export endpointDELETE /api/account endpoint. This action is irreversible.Our legal bases for processing your personal data are: (a) performance of our contract with you (account management, service delivery), (b) legitimate interests (security, abuse prevention, service improvement), and (c) your consent (where applicable, such as cookie consent).
In addition to the rights above, you have the right to:
Data may be transferred to the United States where our infrastructure providers operate. We rely on Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework where applicable to ensure adequate protection for international data transfers.
Under the California Consumer Privacy Act and California Privacy Rights Act:
Categories of personal information we collect:
Sources: Directly from you, from OAuth providers (Google, GitHub), and automatically via server logs.
Business purposes: Service delivery, billing, security, service improvement.
Third parties receiving data: Sub-processors listed in Section 3 (infrastructure, payments, AI processing, enrichment, communications).
Sensitive personal information: We may collect account login credentials (via OAuth tokens) and precise geolocation (IP-derived, city-level only for rate limiting). We do not use sensitive personal information for purposes beyond those authorized under CPRA. You have the right to limit our use of sensitive personal information to what is necessary to provide the Service.
Your rights:
Opt-out preference signals: We honor Global Privacy Control (GPC) and similar browser-based opt-out preference signals as valid opt-out requests under applicable law.
To exercise these rights, contact us at privacy@signalbridge.app or use the self-service tools in your account settings. You may also designate an authorized agent to submit requests on your behalf by providing written authorization to privacy@signalbridge.app. We will verify your identity before processing any request by confirming your email address associated with your account. We will respond to verifiable requests within 45 days.
If you reside in Colorado, Connecticut, Virginia, Oregon, Texas, Montana, or other states with comprehensive privacy laws, you may have additional rights including:
We honor universal opt-out preference signals (such as Global Privacy Control) as valid opt-out requests in all applicable jurisdictions. To exercise any rights or appeal a denied request, contact us at privacy@signalbridge.app. We will respond within the timeframe required by your state's law (typically 45 days).
If you reside in Canada (PIPEDA), Brazil (LGPD), or another jurisdiction with applicable data protection laws, you may have similar rights. Contact us at privacy@signalbridge.app to exercise them.
The Service is not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete it.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify relevant supervisory authorities as required by applicable law (including within 72 hours under GDPR). Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals without undue delay via email and/or a prominent notice on the Service.
We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users via email at least 30 days before the changes take effect, except where changes are required by law, court order, or to address an urgent security concern, in which case changes may take effect immediately. The "Last updated" date at the top of this page indicates when this policy was last revised. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
For privacy-related questions, data requests, or concerns, contact us at:
We will respond to privacy inquiries within the timeframe required by applicable law (30 days under GDPR, 45 days under CCPA/CPRA, or as otherwise required).