Privacy Policy

Introduction

SignalPost ("we", "our", "us") provides a LinkedIn content analysis platform. We access your LinkedIn data through LinkedIn's official API (via OAuth 2.0 authentication). This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

By signing in with LinkedIn or using any SignalPost service, you agree to the practices described in this policy. Please read this policy carefully before connecting your LinkedIn account.

Consent & LinkedIn Authorization

Before we access any of your LinkedIn data, we obtain your explicit consent through LinkedIn's OAuth 2.0 authorization flow. By clicking "Sign in with LinkedIn," you agree to let SignalPost access and store your LinkedIn profile data. Specifically, you consent to:

• What data is collected — your LinkedIn profile information (name, headline, profile URL, follower count) and your recent post content (text, engagement metrics, posting dates).
• How your data is used — exclusively to provide content analysis, voice profiling, strategy recommendations, and draft polishing within the SignalPost platform, as described in the "How We Use Your Data" section below.
• When data is collected — your profile and post data is retrieved when you first connect your account. Data is refreshed only when you are actively using SignalPost (e.g., when you open your dashboard or request a new analysis) — we do not sync your data on an automated schedule or when you are not using the service.
• How to withdraw consent — you may disconnect your LinkedIn account at any time from your SignalPost settings, or revoke access directly from your LinkedIn account's Permitted Services page.
• How to request data deletion — you may request deletion of all your LinkedIn data at any time by contacting us at support@signalpost.ai or through your account settings. We will delete your LinkedIn data immediately upon request.

Your consent is freely given and can be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal. If your LinkedIn authorization token expires, we will ask you to re-authorize access before collecting any further data.

What Data We Collect

We collect different types of data depending on how you use SignalPost:

Account information:

• Email address — provided during signup, used for authentication and service communications.
• Payment information — processed securely by Stripe. We do not store your credit card details. We receive only your subscription status and billing history from Stripe.

LinkedIn data (via official LinkedIn API):

• Profile information — your name, headline, profile URL, and follower count, accessed through LinkedIn's official API with your explicit OAuth consent.
• Post content — the text, engagement metrics (likes, comments, reposts), and posting dates of your recent LinkedIn posts.

Data you create within SignalPost:

• Strategy data — your niche, backstory, content pillars, opinions, and stories entered in the strategy builder.
• Draft content — post drafts you write and polish using the AI content tools.
• Calendar data — your content schedule and posting preferences.

Information We Collect Automatically

When you visit or use SignalPost, we automatically collect certain technical information:

• Usage data — pages viewed, features used, actions taken, and timestamps. This helps us understand how SignalPost is used and improve the service.
• Device and browser data — your IP address, browser type and version, operating system, and device type. This helps us maintain security and troubleshoot issues.
• Referral data — how you arrived at SignalPost (e.g., search engine, direct link).

We do not collect precise geolocation data or use this information to build advertising profiles.

Cookies & Tracking

We use cookies strictly for essential functionality:

• Session cookies — to keep you signed in and maintain your session state.
• Security cookies — to prevent cross-site request forgery and protect your account.

We do not use advertising cookies, third-party tracking pixels, or retargeting technologies. You can manage cookies through your browser settings. Disabling cookies may affect your ability to use SignalPost.

How We Use Your Data

Your data is used exclusively to provide the SignalPost service:

• Content analysis — we analyze your posts to identify performance patterns, optimal posting times, and content themes across a topic-by-style content matrix.
• Voice profiling — we extract your writing voice (tone, vocabulary patterns, sentence style) from your posts to help you polish your drafted posts and make them sound exactly like you.
• Strategy recommendations — we use your performance data and content gaps to suggest content strategies, topic opportunities, and posting schedules.
• AI draft polishing — we use your voice profile, strategy, and content insights to polish post drafts. Your data is sent to OpenRouter (an AI routing service) which forwards requests to Anthropic's Claude models for processing. Neither OpenRouter nor Anthropic retains your data beyond the duration of the request.
• Payment processing — we use Stripe to handle subscription billing. Stripe's privacy policy governs how they handle your payment data.

We do not use your LinkedIn data for any purpose other than providing the SignalPost service to you. We do not use your data to train AI models, build advertising profiles, or for any purpose unrelated to your content strategy.

Data Storage & Security

Your data is stored securely on SignalPost's servers. We use industry-standard encryption for data in transit (TLS) and follow security best practices for data at rest. LinkedIn data is stored separately and can be identified, segregated, and selectively deleted independently of your other account data.

We store your LinkedIn data only for the duration necessary to provide the SignalPost service. If you disconnect your LinkedIn account or request deletion, your LinkedIn data is deleted immediately from our servers.

Third-Party Services & Sub-Processors

We use a limited number of third-party services (sub-processors) to operate SignalPost. These partners only process your data on our behalf and are contractually obligated to protect it:

• LinkedIn — we access your data through LinkedIn's official API under their API Terms of Use. Our use of LinkedIn data is governed by LinkedIn's platform policies and the LinkedIn Data Processing Agreement.
• Late (Nymblr Inc.) — provides LinkedIn OAuth authentication and account connection services. Late accesses your LinkedIn data on our behalf under their agreement with LinkedIn.
• OpenRouter (OpenRouter Inc.) — an AI routing service that forwards our requests to the appropriate AI model provider. OpenRouter does not retain your data beyond the duration of each request.
• Anthropic — provides the AI models (Claude) that power content analysis, voice profiling, and draft polishing. Your data is sent for processing only and is not retained by Anthropic beyond the request.
• Stripe — to process subscription payments. We never see or store your full credit card number.
• Hosting provider (Hetzner) — to host the SignalPost application and store your data securely on servers located in Germany (EU).

We do not sell, rent, or share your personal data — including your LinkedIn data — with any third parties for their own purposes. Your LinkedIn data is used solely within the SignalPost platform to provide you with content insights and recommendations.

Business Transfers & Disclosure

We may share your personal information in the following limited situations:

• Business transfers — if SignalPost is involved in a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
• Legal compliance — we may disclose your information if required by law, regulation, legal process, or governmental request.
• Protection of rights — we may disclose information to protect the rights, property, or safety of SignalPost, our users, or the public.

Data Retention

We retain your data for as long as your account is active and your LinkedIn account is connected. Specifically:

• LinkedIn data — retained while your LinkedIn account is connected. Immediately deleted upon disconnection, upon your request, or when you close your account.
• Account and strategy data — retained while your account is active. Permanently deleted within 30 days of account closure.
• Billing and invoice records — retained for up to 5 years after account closure as required by tax and accounting law.
• Backups — overwritten within 30 days of data deletion from primary systems.

If SignalPost ceases operations or our access to the LinkedIn API is terminated, all LinkedIn member data will be promptly deleted from our servers.

Anonymized, aggregated analytics (e.g., total users, average engagement trends) may be retained after account deletion. "Anonymized" means the data has been processed so it no longer relates to an identified or identifiable person and cannot reasonably be re-identified by us or any third party.

Your Rights

You have the right to:

• Access your data — view all data we have collected through your SignalPost dashboard.
• Export your data — request a copy of all data we hold about you.
• Delete your data — request complete deletion of your account and all associated data by contacting us. LinkedIn data is deleted immediately; all other data within 30 days.
• Withdraw consent — disconnect your LinkedIn account at any time from your SignalPost settings or from LinkedIn's Permitted Services page.
• Restrict processing — request that we limit how your data is used while we address any concerns.

To exercise any of these rights, contact us at support@signalpost.ai. We will respond to all requests within 30 days.

Legal Bases for Processing

We process your personal information only when we have a valid legal reason. Depending on how you interact with SignalPost, we rely on the following bases:

• Consent (GDPR Art. 6(1)(a)) — when you authorize access to your LinkedIn data via OAuth, or when you sign up for an account. You can withdraw consent at any time.
• Contract performance (GDPR Art. 6(1)(b)) — to provide and maintain the SignalPost service you subscribed to, including content analysis, strategy tools, and draft polishing.
• Legitimate interests (GDPR Art. 6(1)(f)) — to maintain service security, prevent fraud, troubleshoot issues, and improve SignalPost. We balance these interests against your privacy rights.
• Legal obligations (GDPR Art. 6(1)(c)) — to comply with applicable laws, regulations, or valid legal processes.

If you are located in Canada, we process your information based on your express or implied consent as required under PIPEDA. You may withdraw consent at any time by contacting us.

International Data Transfers & GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

• Data transfers — your data may be transferred to and processed in the United States or other countries outside the EEA. Where our service providers are certified under the EU-US Data Privacy Framework (DPF), we rely on that certification for lawful transfers. For all other transfers, we use EU Standard Contractual Clauses (SCCs) with supplementary safeguards as needed.
• Right to lodge a complaint — you have the right to lodge a complaint with your local data protection authority.
• Right to object — you may object to the processing of your personal information in certain circumstances.
• Data portability — you may request a copy of your data in a structured, commonly used, machine-readable format.

Breach Notification

In the event of a data breach that impacts or may impact your personal information, we will promptly notify affected users and relevant authorities as required by applicable law. We will notify LinkedIn at security@linkedin.com within 24 hours of any breach that impacts or may impact LinkedIn member data. We will not make public statements about security incidents involving LinkedIn data without first coordinating with LinkedIn.

Children

SignalPost is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from someone under 18, we will promptly delete their account and all associated data. If you believe a minor has provided us with personal information, please contact us at support@signalpost.ai.

Do-Not-Track Signals

Some browsers include a Do-Not-Track (DNT) feature that signals your preference not to be tracked online. No uniform technology standard for recognizing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals. If a standard is adopted in the future, we will update this policy accordingly.

United States Privacy Rights

If you are a resident of California, Colorado, Connecticut, Virginia, Utah, or another US state with a consumer privacy law, you may have additional rights regarding your personal information:

• Right to know — what personal information we collect, use, and disclose.
• Right to access — request a copy of your personal information.
• Right to delete — request deletion of your personal information.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale — we do not sell your personal information to third parties, so this right is already satisfied.
• Right to non-discrimination — we will not discriminate against you for exercising your privacy rights.

We have not sold or shared personal information with third parties for business or commercial purposes in the preceding twelve months. We will not sell or share personal information in the future.

To exercise these rights, contact us at support@signalpost.ai or through your account settings. We will verify your identity before processing your request and respond within the timeframe required by applicable law (typically 45 days). If you wish to appeal a denied request, you may contact us using the same methods.

Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through a prominent notice on SignalPost before the changes take effect. Your continued use of SignalPost after such changes constitutes your acceptance of the updated policy.

Dispute Resolution

If you have concerns about how we handle your personal data, please contact us first at support@signalpost.ai — we will do our best to resolve the issue. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Contact Us

If you have questions about this privacy policy or your data, contact us at support@signalpost.ai.