HillSignal

Privacy Policy

Last Updated: March 15, 2026

1. Introduction

HillSignal ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website hillsignal.com and use our services (collectively, the "Service").

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service. By using the Service, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

This Privacy Policy applies to information we collect through our Service and in email, text, and other electronic communications sent through or in connection with the Service.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you voluntarily provide, including:

  • Account Information: Email address and password when you create an account
  • Profile Information: Your sector preferences and email notification settings
  • Payment Information: Billing details processed through Stripe (we do not store full credit card numbers)
  • Communications: Information you provide when contacting us for support

2.2 Information Collected Automatically

When you access our Service, we automatically collect:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on the Service
  • Log Data: IP address, access times, referring URLs
  • Cookies and Similar Technologies: Information collected through cookies, pixels, and local storage

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to your account, including authentication providers and payment processors like Stripe.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Deliver Congressional signals, alerts, and market intelligence based on your preferences
  • Process Payments: Complete transactions and send related information
  • Send Communications: Email alerts, newsletters, and service updates based on your notification preferences
  • Personalize Experience: Customize content based on your sector preferences
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Ensure Security: Detect and prevent fraud, abuse, and unauthorized access
  • Legal Compliance: Comply with legal obligations and enforce our Terms of Service
  • Customer Support: Respond to your inquiries and provide assistance

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: To provide the Service you have requested
  • Legitimate Interests: To improve and secure our Service, and for marketing (where permitted)
  • Consent: Where you have explicitly consented to specific processing
  • Legal Obligation: To comply with applicable laws and regulations

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information about your interactions with our Service.

5.1 Types of Cookies We Use

TypePurpose
EssentialRequired for authentication and security
FunctionalRemember your preferences and settings
AnalyticsUnderstand how you use our Service

5.2 Managing Cookies

Most web browsers allow you to control cookies through their settings. However, disabling cookies may limit your ability to use certain features of our Service. You can manage your cookie preferences in your browser settings.

6. Third-Party Services

We use trusted third-party service providers to operate our Service:

Stripe (Payment Processing)

We use Stripe to process payments securely. Stripe collects payment information directly and is PCI-DSS compliant. We do not store your full credit card number.

Stripe Privacy Policy →

Supabase (Authentication & Database)

We use Supabase for user authentication and secure data storage. Your account information and preferences are stored in Supabase's secure infrastructure.

Supabase Privacy Policy →

Vercel (Hosting)

Our website is hosted on Vercel, which may collect access logs and performance metrics.

Vercel Privacy Policy →

7. How We Share Your Information

We may share your information in the following circumstances:

  • Service Providers: With third parties who help us operate our Service (as described above)
  • Legal Requirements: When required by law, court order, or governmental authority
  • Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given us explicit permission

We do not sell your personal information to third parties.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including to satisfy any legal, accounting, or reporting requirements.

  • Account Data: Retained while your account is active and for 30 days after deletion
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Usage Logs: Retained for up to 12 months
  • Email Preferences: Retained until you update them or delete your account

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication with password hashing
  • Regular security audits and monitoring
  • Access controls limiting data access to authorized personnel
  • Row Level Security (RLS) in our database

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

10.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing communications
  • Update Preferences: Modify your email and sector preferences at any time

10.2 GDPR Rights (EEA, UK, Switzerland)

  • Right to Portability: Receive your data in a structured, machine-readable format
  • Right to Restriction: Request restriction of processing in certain circumstances
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

10.3 CCPA Rights (California Residents)

  • Right to Know: Request disclosure of personal information collected, used, and disclosed
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to Non-Discrimination: Equal service regardless of exercising your privacy rights

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Categories of Information We Collect

  • Identifiers (email address)
  • Commercial information (purchase history)
  • Internet activity (browsing history on our site)
  • Inferences (sector preferences)

To exercise your CCPA rights, please contact us at legal@hillsignal.com. We will respond to your request within 45 days.

12. International Data Transfers

HillSignal is based in the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located and our central database is operated.

If you are located in the EEA, UK, or Switzerland, we will take appropriate measures to ensure that your personal data receives an adequate level of protection in the jurisdictions in which we process it, including through Standard Contractual Clauses approved by the European Commission.

13. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete such information as soon as possible. If you believe we have collected information from a child under 18, please contact us immediately.

14. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Currently, there is no uniform standard for interpreting DNT signals. At this time, our Service does not respond to DNT browser signals. However, you can use the range of other tools we provide to control data collection and use.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top.

For significant changes, we will provide additional notice (such as adding a statement to our homepage or sending you an email notification). We encourage you to review this Privacy Policy periodically for any changes. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of such changes.

16. Contact Us

If you have any questions about this Privacy Policy, your personal data, or would like to exercise your rights, please contact us:

HillSignal

Email: legal@hillsignal.com

Privacy Inquiries: privacy@hillsignal.com

Website: https://hillsignal.com

For GDPR-related inquiries, you may also contact your local data protection authority.