Privacy Policy

Last updated: March 2026

This Privacy Policy explains what data Vigil Signals ("we", "us") collects, how we use it, and your rights regarding that data. We keep things simple: we collect the minimum needed to run the service.

1. What We Collect

When you use Vigil Signals, we may collect the following:

• Email address -- used for account creation and login
• Subscription tier -- Free, Pro, or API plan status
• Telegram chat ID (optional) -- if you enable Telegram push notifications
• Usage data -- pages visited, signal views, feature usage, and basic analytics

2. What We Do Not Collect

We want to be explicit about what we never collect or store:

• Exchange API keys -- we never request or store your exchange credentials
• Trading history -- we have no access to your exchange account or trades
• Financial data -- we do not collect bank details, wallet addresses, or portfolio information (billing is handled entirely by Stripe)

3. How We Use Your Data

• Account management -- authentication, subscription status, settings
• Signal delivery -- sending signals via the dashboard and Telegram notifications
• Service improvement -- aggregated, anonymized analytics to understand usage patterns and improve the product
• Communication -- service updates, billing notifications, and support responses

4. Third-Party Services

We use the following third-party services to operate Vigil Signals:

• Supabase -- authentication and database hosting. Your email and account data are stored on Supabase infrastructure
• Stripe -- payment processing. Stripe handles all billing data directly; we do not store your card details
• Telegram -- optional push notifications. If you provide your Telegram chat ID, we send signal alerts via the Telegram Bot API

Each of these services has its own privacy policy governing how they handle your data.

5. Data Storage

Your data is hosted on:

• Supabase (cloud-hosted PostgreSQL) -- account data, settings, subscription status
• Heroku -- application hosting (no persistent user data stored on Heroku dynos)

All data is transmitted over HTTPS. Sensitive fields (such as Telegram bot tokens) are encrypted at rest using AES-256.

6. Data Retention

• Account data is retained while your account is active
• If you cancel your subscription, your account data remains accessible in case you return
• You may request full deletion of your account and data at any time (see section 7)
• Anonymized, aggregated analytics data may be retained indefinitely

7. Your Rights

You have the right to:

• Access your personal data -- request a copy of the data we hold about you
• Correct inaccurate data -- update your information through account settings or by contacting us
• Delete your account and data -- email us and we will remove your data within 30 days

To exercise any of these rights, contact us at support@vigilsignals.com.

8. Cookies

Vigil Signals uses minimal cookies:

• Supabase auth token -- a session cookie required for authentication. This is essential for the Service to function and is not used for tracking

We do not use advertising cookies, third-party tracking cookies, or analytics cookies that identify individual users.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a notice on the Service. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

If you have questions about this Privacy Policy or your data, contact us at support@vigilsignals.com.