Privacy Policy

1.Who’s responsible for your data

SignalCheck is operated by Abdi Bedel (trading as Abdi Bedel Lab)(“we”, “us”). For the purposes of UK GDPR and (where applicable) EU GDPR, we are the data controller for personal data you give us or we collect while you use the Service.

Questions or requests? Email abdiybedel@gmail.com.

2.What we collect

We only collect what we need to run the Service:

• Account data— your email address and a user ID from our authentication provider (Firebase Authentication). If you sign in with Google, we receive your email and a stable account identifier from Google.
• Content you submit — the ideas, text, and answers you paste or type into SignalCheck, plus the research briefs generated from them.
• Billing data— if you subscribe, Stripe processes your payment. We receive a customer ID, subscription status, and event metadata from Stripe. We do not see or store your card details.
• Usage data— basic technical logs (e.g. request timestamps, error logs, IP address, user agent) generated by our hosting provider (Vercel).
• Cookies— we use a session cookie to keep you signed in. We do not use advertising or cross-site tracking cookies.

3.Why we use it, and our legal basis

4.How AI processing works

When you submit an idea, the text is sent to our AI provider (Anthropic) and to third-party search/data APIs so we can generate your brief. We also store the idea and the generated brief in our database so you can view them in your dashboard.

We do not use your content to train our own models. Our AI provider is contracted not to use API inputs or outputs to train their models. Third-party search providers may log queries in line with their own terms.

Because AI providers receive your submitted text as part of generating the brief, please avoid pasting sensitive personal data about yourself or anyone else (health, financial, or other special-category information) unless it’s strictly necessary.

5.Who we share data with

We only share personal data with service providers who help us run SignalCheck. Each acts as a processor on our behalf and is bound by appropriate contractual terms.

• Firebase (Google) — authentication and sign-in.
• Vercel— hosting, edge network, and logging.
• Database provider — managed Postgres for storing your account, ideas, and briefs.
• Anthropic— the AI model that generates your briefs.
• Search & data APIs — used to surface competitor and demand signals.
• Stripe— payment processing and subscription management.
• Email provider — if we send transactional emails (e.g. receipts, sign-in links).

We may also disclose data if we’re legally required to (court order, regulator request), or as part of a business transfer (e.g. if the Service is acquired) — we’ll let users know if that happens.

We do not sell your personal data, and we do not share it for third-party advertising.

6.International transfers

Some of our providers (notably Anthropic, Stripe, Google, and Vercel) are based in, or process data in, the United States or other countries outside the UK/EEA. Where that happens, we rely on appropriate safeguards — typically the UK International Data Transfer Addendum, EU Standard Contractual Clauses, or an equivalent mechanism — as published by the provider.

7.How long we keep it

• Account data— for as long as your account exists.
• Ideas and generated briefs — kept in your dashboard until you delete them or close your account.
• Billing records — retained for up to 7 years to meet tax and accounting obligations.
• Logs— short retention (typically up to 90 days) for debugging and abuse prevention.

When you delete your account, we delete or anonymise your personal data within a reasonable period, except where we’re required to keep it (e.g. financial records).

8.Your rights

Under UK and EU data protection law, you have the right to:

• access a copy of the personal data we hold about you;
• ask us to correct inaccurate or incomplete data;
• ask us to delete your data (where we don’t have a legal reason to keep it);
• ask us to restrict or object to certain processing, including processing based on legitimate interests;
• receive a portable copy of data you’ve provided to us;
• withdraw consent at any time, where we rely on consent;
• complain to a supervisory authority — in the UK, the Information Commissioner’s Office (ico.org.uk).

To exercise any of these, email abdiybedel@gmail.com. We’ll respond within one month.

9.Security

We use reputable infrastructure providers, enforce HTTPS in transit, store session cookies with secure and HTTP-only flags, and restrict database access. No system is perfectly secure, so if we ever discover a breach that affects you, we’ll notify you and, where required, the relevant regulator.

10.Cookies

We keep cookies minimal:

• Session cookie — strictly necessary to keep you signed in.
• Provider cookies — Firebase, Stripe, and Vercel may set cookies needed for authentication, payment, or platform security.

We don’t currently use analytics or advertising cookies. If that changes, we’ll update this policy and (where required) ask for your consent first.

11.Children

SignalCheck is not intended for anyone under 18. We don’t knowingly collect personal data from children. If you believe a child has given us their data, email us and we’ll delete it.

12.Changes to this policy

We may update this policy as the Service evolves. We’ll update the “Last updated” date and, for material changes, notify you by email or in-app.

13.Contact

Abdi Bedel (trading as Abdi Bedel Lab)
Email: abdiybedel@gmail.com