Privacy Policy
Effective: April 27, 2026 · Version: 2.0
Q Signals ("Q Signals", "we", "us") — currently operated as a sole proprietorship based in Massachusetts, USA — runs the website at q-signals.com, the QSignals War Room mobile application, and related APIs (collectively, the "Service"). This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, and the choices you have. It applies to the Service in all jurisdictions and supplements the Terms of Use.
1. Information we collect
We collect three categories of information:
(a) Information you provide
- Account information. When you create an account: email address (used for sign-in via magic link or one-time password), and any optional profile information you choose to add.
- Payment information. When you subscribe via the website, payment is processed by Stripe; we receive only the last 4 digits of your card, card brand, billing country, and a Stripe customer/subscription ID. We do not receive or store your full card number, CVV, or bank details. When you subscribe via the Android app, payment is processed by Google Play Billing and we receive a Google purchase token only.
- Wallet information. If you opt to link a Solana wallet for the Q-holder discount, we store the public wallet address you provide and a periodic snapshot of its on-chain Q-token balance. We never request, receive, or store private keys, seed phrases, or signing material.
- Communications. Messages you send to us via email, support form, or in-app feedback.
- Chat prompts. Text you type into Council Chat or other AI features, which is sent to our LLM providers (xAI / OpenAI) to generate responses.
(b) Information collected automatically
- Usage data. Pages viewed, features used, scans run, tickers queried, timestamps, and the tier of your account at the time of each request.
- Device and connection data. IP address, approximate location (city/region) inferred from IP, device type, operating system, browser type and version, mobile device identifier (Android Advertising ID where available), and referrer.
- Logs. Server, application, and security logs used for uptime monitoring, troubleshooting, abuse detection, and rate limiting.
- Cookies and similar technologies. Session cookies for authentication, analytics cookies (Google Analytics), and advertising cookies (Google AdSense) where applicable. You can control cookies through your browser settings or, for advertising, via Google's ad-personalization controls.
(c) Information from third parties
- Solana RPC providers (Helius, QuickNode, or similar) when we read on-chain Q-token balances for verified wallets.
- Stripe / Google Play for subscription status, billing events, and refund/chargeback notifications.
- Market-data and news vendors for the public market data displayed in the Service.
2. How we use information
We use personal information to:
- Provide, secure, and operate the Service (authentication, quota enforcement, fraud and abuse prevention);
- Process subscriptions, apply Q-holder discounts, and handle refunds;
- Generate AI chat responses and signal analyses;
- Communicate with you about your account, billing, security, and policy changes;
- Measure feature usage and reliability, fix bugs, and improve the product;
- Comply with legal obligations and enforce our Terms.
We do not sell or rent personal information. We do not use the Service to provide personalized investment advice and we do not target ads based on your individual trading activity.
3. Legal bases (EEA / UK users)
If you are in the European Economic Area or the United Kingdom, we rely on the following GDPR legal bases: contract (to deliver the Service to account holders and subscribers), legitimate interests (security, analytics, abuse prevention — balanced against your rights), consent (for advertising cookies and certain marketing), and legal obligation (to comply with tax, AML, and other laws).
4. Service providers we share information with
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, user database, entitlement records | Email, account ID, entitlement and usage records |
| Stripe | Web subscription billing | Email, billing country, payment metadata |
| Google Play Billing | Android in-app subscription billing | Google purchase token, subscription state |
| RevenueCat | Mobile billing state management | Account ID, subscription state |
| Render | API hosting | Request logs, IP address |
| Solana RPC providers | Read on-chain Q-token balances | Public wallet address only |
| xAI / OpenAI | LLM inference for Council Chat and AI features | Prompt text you submit (no PII unless you provide it) |
| Google Analytics & AdSense | Traffic analytics and (where applicable) advertising | Anonymized usage events, device, IP-derived location |
| Email service (SendGrid / SMTP) | Transactional email (magic links, receipts, alerts) | Email address, message content |
Each provider is contractually limited to using your information only to deliver the contracted service and is required to maintain security controls. We may also disclose information when required by law, valid legal process, or to protect the rights, security, or property of Q Signals, our users, or the public.
5. Data retention
We keep account information for as long as your account is active and for a reasonable period afterward to comply with tax, accounting, and legal obligations (typically up to 7 years for billing records). Usage logs and analytics are retained for up to 24 months unless aggregated/anonymized. You can request earlier deletion as described in Section 7.
6. Security
We use industry-standard technical and organizational measures to protect personal information, including encryption in transit (TLS), encryption at rest for sensitive fields, role-based access controls, and security logging. No system is perfectly secure; we cannot guarantee absolute security. Please use a strong, unique password and notify us promptly of any suspected unauthorized access.
7. Your rights and choices
Depending on your jurisdiction, you may have the right to: access the personal information we hold about you; correct inaccurate data; delete your data; restrict or object to certain processing; obtain a portable copy; and withdraw consent (where consent is the basis). To exercise these rights, email qsignals2026@gmail.com with subject line "Privacy Request." We will verify your identity and respond within the timeframe required by law (typically 30–45 days).
California residents (CCPA/CPRA). You have the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell personal information. To exercise CCPA rights, use the contact above with subject "CCPA Request."
Cookies and tracking. Most browsers allow you to refuse cookies or alert you when cookies are sent. Doing so may impair certain features. You can opt out of Google Analytics via the Google opt-out browser add-on.
8. Children's privacy
The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a child under 18, we will delete it. If you believe a child has provided us information, contact us at the email below.
9. International data transfers
We are based in the United States and our service providers may process information in the United States and other countries. If you access the Service from outside the U.S., you consent to the transfer of your information to the U.S. and other jurisdictions, which may have different data-protection laws than your country of residence. Where required, transfers from the EEA / UK rely on Standard Contractual Clauses or other lawful mechanisms.
10. Changes to this policy
We may update this Privacy Policy from time to time. The "Version" and "Effective" date above will reflect the latest revision. Material changes will be announced via email to account holders and via in-app notice. Continued use after the effective date constitutes acceptance.
11. Contact us
Q Signals (sole proprietorship)
Massachusetts, USA
Email: qsignals2026@gmail.com (subject: "Privacy")
This Privacy Policy is draft template language and has not been reviewed by counsel. Consult a qualified attorney before relying on it in production, particularly for CCPA/CPRA, GDPR, and Google Play Data Safety disclosures.