Privacy Policy

Last updated: 20 February 2026

SignalButler ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect, how we use it, and the choices you have regarding your information.

1. Data We Collect

We collect the following categories of personal data:

• Account information: email address, display name, and hashed password when you create an account.
• Portfolio data: holdings, trade history, and cash balances that you voluntarily enter.
• Payment information: billing details processed securely by Stripe. We do not store your full card number.
• Usage data: report history, suggestion responses, and service interaction logs.
• Technical data: IP address, browser type, and access timestamps collected automatically via server logs.

2. How We Use Your Data

We use your personal data to:

• Provide, operate, and improve the Service.
• Generate personalised AI-powered investment reports based on your portfolio.
• Send you scheduled reports, account notifications, and service-related communications.
• Process payments and manage subscriptions.
• Respond to support requests.
• Detect and prevent fraud, abuse, or security incidents.

3. How We Protect Your Data

We take the security of your data seriously. Passwords are hashed using industry-standard algorithms. All data in transit is encrypted via HTTPS/TLS. Database access is restricted to authorised services only. While no system is completely secure, we implement reasonable technical and organisational safeguards to protect your information.

4. Third-Party Services

We use trusted third-party services to operate SignalButler, including providers for AI-powered analysis, market data, email delivery, and payment processing. Portfolio data may be shared with these services solely to deliver the functionality of the Service. Each third-party service is governed by its own privacy policy. We only share the minimum data necessary to provide the Service.

5. Cookies

We use a single essential httpOnly session cookie for authentication. We do not use tracking cookies, advertising cookies, or third-party analytics. No cookie consent banner is required as our cookie use is strictly necessary for the Service to function.

6. Data Retention

Your personal data is retained for as long as your account is active and as needed to provide the Service. If you close your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Rectification: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data ("right to be forgotten").
• Portability: request your data in a structured, machine-readable format.
• Restriction: request that we limit processing of your data in certain circumstances.
• Objection: object to processing of your data for specific purposes.

To exercise any of these rights, please reach out via our contact form. We will respond within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your own, including the United States (for AI analysis and market data services). Where transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

9. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.