Your privacy matters. This Privacy Policy explains what data Tasty Signals collects, how we use it, who we share it with, and your rights. We collect only what is necessary to deliver the Service. We do not sell your personal data.
Contents
1. Overview
Tasty Signals ("we," "us," or "our") operates the tastysignals.com website and platform (the "Service"). This Privacy Policy describes how we collect, use, store, and share information about you when you access or use our Service.
By using the Service, you agree to the collection and use of information as described in this Policy. If you disagree with any part of this Policy, please discontinue use of the Service.
This Policy is incorporated into our Terms of Service and should be read alongside it.
2. Data We Collect
Information You Provide
- Account data: email address, password (hashed and managed by Clerk, our auth provider), display name, and profile information you choose to add
- Payment data: billing name, billing address, and payment card details — collected and stored securely by Stripe. We never see or store full card numbers.
- Watchlist and portfolio data: stock symbols, watchlist names, and scanner configurations you create within the Service
- Communications: messages you send to our support or legal team, and feedback you submit
- Analyst content: if you are an approved analyst, trade tips and commentary you publish through the Service
Information We Collect Automatically
- Usage data: pages visited, features used, buttons clicked, signal scans run, and time spent on the platform
- Log data: IP address, browser type and version, operating system, referring URLs, and timestamps of requests
- Device data: device type, screen resolution, and language preferences
- Session data: authentication tokens and session identifiers managed by Clerk
Data We Do Not Collect
- We do not collect your brokerage account credentials, portfolio holdings, or actual trade execution data
- We do not collect government-issued identification numbers unless required by law
- We do not purchase or import third-party data lists to augment your profile
3. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: to authenticate you, process your subscription, run signal scans and analysis on your watchlists, and provide all platform features
- AI-powered features: to generate signal explanations, market briefings, and AI chat responses by passing relevant context (stock symbols, technical indicators, market data — not personally identifying information) to our agentic AI engine
- Billing and payments: to process subscription charges, send receipts, handle failed payments, and manage your subscription through Stripe
- Customer support: to respond to your inquiries, resolve issues, and communicate important account information
- Platform improvement: to understand how features are used, debug errors, measure performance, and prioritize product development
- Security and fraud prevention: to detect suspicious activity, enforce rate limits, and protect the integrity of the platform
- Legal compliance: to comply with applicable laws and regulations, respond to lawful requests, and enforce our Terms of Service
- Communications: to send transactional emails (receipts, trial expiry notices, subscription updates). We will not send marketing emails unless you explicitly opt in.
We process your data on the following legal bases (where applicable): performance of a contract (delivering the Service you subscribe to), legitimate interests (improving the Service, security), legal obligation (compliance), and consent (where you have given it).
4. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share data only as follows:
- Service providers: we share data with trusted vendors who help us operate the Service (Clerk, Stripe, AI processing services, cloud infrastructure providers, analytics tools). These vendors process data on our behalf under confidentiality obligations and are not permitted to use your data for their own purposes.
- Analyst tip visibility: if you are a subscriber, your follow/unfollow actions and subscribed analyst list are not publicly visible. If you are an analyst, your published tips and public profile are visible to your subscribers.
- Legal requirements: we may disclose data if required by law, court order, subpoena, or a valid request from law enforcement or government authorities.
- Business transfers: if Tasty Signals is acquired, merged, or transfers substantially all of its assets, your data may be transferred to the acquiring entity as part of that transaction. We will notify you via email and/or prominent notice on the Service before your data is transferred and becomes subject to a different privacy policy.
- Protection of rights: we may disclose data when we believe disclosure is necessary to protect the rights, property, or safety of Tasty Signals, our users, or the public.
- With your consent: for any other purpose, with your explicit prior consent.
5. Third-Party Services
We integrate the following key third-party services. Each has its own privacy practices:
- Clerk — manages user authentication, sessions, and account data. Clerk Privacy Policy
- Stripe — processes subscription payments and manages billing. Stripe Privacy Policy
- AI processing services — our agentic AI engine processes market data and technical analysis context to generate signal explanations and market briefings. See Section 6 for details on what is and is not sent.
- Market data providers — supply real-time and historical price, volume, and economic data. These providers receive no personal data from us; we send only stock symbols and data request parameters.
- Cloud infrastructure — our platform is hosted on cloud infrastructure providers who process operational data (server logs, etc.) under data processing agreements.
6. AI Processing
Tasty Signals uses an agentic AI engine to generate signal explanations, market briefings, and chat responses. Here is what you need to know:
What We Send to the AI Engine
- Stock symbols and technical indicator values (EMA readings, volume data, price data)
- Market regime and sector context (e.g., "SPY trend is bullish," "XLK is outperforming")
- Free-form questions you type into the AI chat feature
- General market briefing context (macro data, sector performance)
What We Do NOT Send
- Your name, email address, or account identifiers
- Your payment information
- Your brokerage credentials or actual portfolio positions
- Sensitive personal information of any kind
AI chat inputs are processed in real time and are not stored as part of your permanent profile beyond a short in-session memory window used to maintain conversational context. Signal explanations are cached for up to 6 hours to reduce processing costs.
You should not submit personally identifying information, medical information, or any sensitive personal data through the AI chat feature.
7. Cookies & Tracking
Cookies We Use
We use a limited number of cookies and similar technologies:
- Authentication cookies: set by Clerk to maintain your logged-in session. These are strictly necessary for the Service to function.
- Preference cookies: to remember settings like your preferred billing period (monthly/yearly) or last-used watchlist.
We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking technologies. We do not share your browsing behavior with ad networks.
Analytics
We may use privacy-focused analytics tools to understand aggregate usage patterns. Where used, we configure these tools to anonymize IP addresses and not share data with third parties for advertising.
Managing Cookies
You can control cookies through your browser settings. Disabling authentication cookies will prevent you from logging in. Disabling preference cookies will not affect your ability to use the Service but may reset your preferences.
8. Data Retention
We retain your personal data for as long as your account is active, and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements.
- Account data: retained for the duration of your account plus 30 days after deletion to allow for recovery, then purged.
- Billing records: retained for 7 years as required for tax and financial compliance.
- Usage logs: retained for up to 90 days for security and debugging purposes.
- Support communications: retained for up to 3 years unless deletion is requested.
- Published analyst tips: retained as part of the platform record; deletion of your account does not automatically remove published content visible to subscribers. Contact us to request removal.
You may request deletion of your account and personal data at any time. See Section 11 (Your Rights) for instructions.
9. Security
We take the security of your data seriously and implement reasonable technical and organizational measures to protect it, including:
- TLS/HTTPS encryption for all data in transit
- Encryption at rest for sensitive data stores
- Password hashing — we never store plaintext passwords (handled by Clerk)
- Payment card data is never stored on our servers — fully delegated to Stripe's PCI-compliant infrastructure
- Access controls: internal access to production data is limited to personnel who need it
- Regular security reviews of infrastructure and dependencies
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.
If you discover a security vulnerability, please report it responsibly to security@tastysignals.com.
10. Children's Privacy
The Service is not directed to children under the age of 18. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from a person under 18, please contact us immediately at legal@tastysignals.com and we will take steps to delete that information promptly.
11. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal data:
- Access: request a copy of the personal data we hold about you
- Correction: request correction of inaccurate or incomplete data
- Deletion: request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
- Portability: request a machine-readable export of data you have provided to us
- Restriction: request that we restrict processing of your data in certain circumstances
- Objection: object to processing based on legitimate interests
- Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
To exercise any of these rights, contact us at privacy@tastysignals.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing certain requests.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.
12. California Privacy Rights (CCPA)
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
- Right to Know: to know what categories of personal information we collect, the purposes for which we collect it, and the categories of third parties with whom we share it
- Right to Delete: to request deletion of personal information we have collected, subject to certain exceptions
- Right to Correct: to request correction of inaccurate personal information
- Right to Opt-Out of Sale/Sharing: we do not sell or share personal information for cross-context behavioral advertising
- Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights
To submit a California privacy request, contact us at privacy@tastysignals.com with "California Privacy Request" in the subject line. We will respond within 45 days as required by law.
California's "Shine the Light" law (Civil Code Section 1798.83) allows California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information for third-party direct marketing.
13. International Users
Tasty Signals is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that any transfer of personal data to the United States is subject to appropriate safeguards in compliance with applicable data protection law, including Standard Contractual Clauses where required.
By using the Service, you consent to the transfer of your information to the United States as described in this Policy.
If you have questions about international data transfers, contact us at privacy@tastysignals.com.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by displaying a prominent notice within the Service at least 14 days before the changes take effect.
Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Policy. We encourage you to review this Policy periodically. The "Last updated" date at the top of this page indicates when the Policy was last revised.
15. Contact Us
For questions, concerns, or requests related to this Privacy Policy or your personal data:
- Privacy inquiries: privacy@tastysignals.com
- Legal notices: legal@tastysignals.com
- Security disclosures: security@tastysignals.com
We aim to respond to all privacy-related inquiries within 30 days.