Privacy Policy

Last updated: November 21, 2025

🔒 Quick summary: We use a secure cookie-based login system to verify active subscriptions. The cookie stores an encrypted session ID to keep you signed in and confirm access to paid content. It does not include personal or payment data. We don’t sell your data or run tracking ads.

AI Signal Brief (“we,” “us,” “our”) provides subscription access to premium reports at aisignalbrief.com (the “Service”). This Privacy Policy explains what personal information we collect, how we use it, and the choices you have. If you do not agree with this Policy, please do not use the Service.

1) Who is the data controller?

The controller of your personal information is AI Signal Brief. Contact details are in Section 14.

2) Information we collect

A. You provide directly

Account & contact info: email address, and (optionally) name/username provided during sign-up or account updates.
Support & privacy requests: the contents of messages you send via email or our contact form.

B. Collected automatically

When you use the Service, we and our service providers automatically collect limited technical data such as IP address, device and browser type, pages viewed, and timestamps. This helps keep the Service secure and reliable, and lets us understand usage.

C. From service providers

Payments: We use Stripe to process payments. We do not collect or store full card numbers; Stripe processes and stores payment data on our behalf.
Hosting/Logs: Our website is hosted by Netlify which may log visits for security and performance.
Email delivery: We use Resend to deliver transactional emails (login links, receipts, service notices) and MailerLite to send marketing emails (newsletters, updates) to active subscribers. See Section 3 for details on email categories.
Analytics (optional): If enabled, we use Google Analytics to understand aggregate site usage. We do not enable Google Ads/Remarketing features.

We do not collect: government IDs, precise geolocation, biometric data, or sensitive health information. Apple Pay biometrics (Face/Touch ID) remain on the user’s device and are never shared with us.

3) How we use your information

Provide and maintain the Service (account creation, authentication, paywall access).
Process subscriptions and transactions via Stripe.
Send transactional emails via Resend (login links, receipts, service notices, policy updates, trial reminders). These are necessary to provide the Service.
Send marketing emails via MailerLite (newsletters, product updates) only to active paid subscribers. You are automatically added to our email list when you subscribe and removed when your subscription ends.
Respond to support and privacy requests.
Protect the Service, prevent fraud/abuse, and analyze service performance/usage.

Email categories:

Transactional (Resend): Login links, receipts, trial reminders, service notices. These cannot be opted out of while using the Service.
Marketing (MailerLite): Newsletters and product updates sent to active subscribers. Automatically managed based on subscription status.

4) Legal bases (EU/UK)

Performance of a contract: to provide the Service you requested and manage your subscription.
Legitimate interests: to secure and improve the Service, understand usage, and handle inquiries.
Consent: where required (e.g., optional marketing emails if you opt-in).
Legal obligations: to meet tax, accounting, and regulatory requirements.

5) Cookies & similar technologies

We use strictly necessary cookies (e.g., for sign-in and session security) and, if enabled, analytics cookies to understand aggregate usage. We do not currently use advertising/retargeting cookies. You can manage cookies in your browser settings. See our Cookie Policy for details.

6) How we share information

We do not sell or "share" personal information for cross-context behavioral advertising. We disclose information to service providers that help us operate the Service, including:

Payments: Stripe
Hosting: Netlify
Email delivery: Resend (transactional emails), MailerLite (marketing emails to active subscribers)
Analytics (optional): Google Analytics

These providers are bound by contracts to process data only on our behalf and consistent with this Policy. We may also disclose information if required by law, to protect our rights or users, or during a business transfer (e.g., merger or acquisition).

7) International transfers

If you are located in the EU/UK, your personal information may be transferred to and processed in the United States by us and our service providers. We rely on appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), to protect such transfers. Some providers may also participate in the EU-U.S. Data Privacy Framework; we are not self-certified at this time.

8) Data retention

We keep personal information for as long as your account is active and as needed to provide the Service and meet legal obligations (e.g., tax/records retention, typically up to 7 years). After account deletion, we delete or anonymize your data within 90 days, except where we must retain limited records to resolve disputes or comply with legal requirements.

9) Security

We implement reasonable technical and organizational measures designed to protect personal information, including TLS encryption in transit, secure session management via an encrypted cookie, role-based access, and provider security best practices. No system is 100% secure; if we become aware of a breach affecting you, we will notify you and/or regulators as required by law.

10) Your rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing.

EU/UK users: GDPR rights to access, rectification, erasure, restriction, portability (machine-readable format, e.g., JSON), and objection. You may also lodge a complaint with your local supervisory authority.
California (CCPA/CPRA) and other U.S. state laws: rights to know, access, correct, delete, and opt-out of certain processing. We do not sell or “share” personal information for targeted advertising. Global Privacy Control (GPC): Because we don’t sell or share personal information for advertising, GPC signals do not change our practices; you can still contact us to exercise your rights at any time.

11) Exercising your rights

You can submit a request by emailing support@aisignalbrief.com or via our form at aisignalbrief.com/contact/. We may request information to verify your identity before responding. We will reply within the timeframe required by applicable law.

12) Children’s privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us so we can delete it.

13) Third-party links

The Service may link to third-party sites or services. Their privacy practices are governed by their own policies.

14) Contact

Questions about this Policy or your data?

Email: support@aisignalbrief.com
Contact form: aisignalbrief.com/contact/

15) Changes to this Privacy Policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service and update the “Last updated” date above. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

Service providers noted above include: Stripe (payments), Netlify (hosting), Resend (transactional emails), MailerLite (marketing emails to active subscribers), and, if enabled, Google Analytics (usage analytics).