Privacy Policy

This Privacy Policy explains how SignalAI (“we”, “us”, “our”) collects, uses, and protects information when you use our platform. We built SignalAI on the premise that your results are yours — this policy reflects that.

1. What we collect

When you sign in

We use GitHub and LinkedIn OAuth. When you authenticate, we receive from those providers:

• GitHub: username, email address, display name, avatar, bio, company, location, website URL, Twitter username, and account creation date.
• LinkedIn: name, email address, and profile photo.

We store only what you explicitly add to your SignalAI profile. You can review and update this at any time from your settings.

During and after an assessment

• Your answers — the options you selected or typed for each question, your response time per question, and whether each answer was correct.
• Domain scores and ratings — your estimated skill level per domain, derived from your answers using our adaptive scoring model.
• Session metadata — when the session started and ended, which device type you used (desktop / mobile), and whether any pauses were taken.

Individual question responses are never shown to employers, recruiters, or third parties. Only your aggregate domain scores and readiness verdict appear on your (opt-in) public profile.

Usage data

Standard server logs including pages visited, referrer, browser and OS type, and IP address. We use this to operate the service reliably, not to build advertising profiles.

2. How we use your data

• To run your assessment and produce your results.
• To build and display your public profile (only if you choose to publish one).
• To route course recommendations — matching your gap domains to external courses.
• To improve our question bank and scoring model using aggregated, anonymised response statistics. We never use individual-level data to train third-party AI models.
• To send transactional emails (assessment complete, profile update) and, with your consent, product updates.

3. What we share — and what we don’t

Employerswho access our platform can browse public profiles. They see only: your handle, display name, avatar, verdict, domain levels, role-fit summary, and any links you’ve added. They cannot see your question responses, session data, or private notes.

Course providersreceive no data from us. When you click a course link, you leave our platform and are subject to that provider’s privacy policy.

Service providers — we use Supabase (database and authentication), Vercel (hosting), and Anthropic (AI-powered report generation). These providers process data under data processing agreements and may not use your data for their own purposes.

We do not sell your personal data. Ever.

4. Data retention

• Active accounts: we retain your data for as long as your account is active.
• Verified scores: scores expire and are no longer shown as verified after 18 months. The underlying data is retained for your own reference unless you request deletion.
• After account deletion: we delete or anonymise your personal data within 90 days, except where we are legally required to retain records (e.g. billing records, fraud prevention logs — up to 7 years).
• Anonymised aggregate data(e.g. “median score across domain X”) may be retained indefinitely as it cannot identify you.

5. Your rights

Depending on where you live, you may have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — update inaccurate data (most profile data is directly editable in settings).
• Deletion — request that we delete your account and personal data.
• Portability — receive your assessment results in a machine-readable format.
• Opt-out of marketing — unsubscribe from non-transactional emails at any time.

To exercise any of these rights, email hello@signalaihq.com. We will respond within 30 days.

6. Cookies and local storage

We use a single session cookie to keep you signed in. We do not use third-party advertising cookies or tracking pixels. Our analytics are server-side (log-based) and do not place cookies in your browser.

7. Security

All data is encrypted in transit (TLS 1.3) and at rest. Access to production data is restricted to authorised personnel on a need-to-know basis. We use row-level security on our database so that no candidate can access another candidate’s data. We conduct periodic security reviews and will notify you promptly in the event of a breach affecting your personal data.

8. International transfers

Our infrastructure is hosted in the United States. If you access SignalAI from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. We rely on standard contractual clauses where required for transfers from the EEA or UK.

9. Children

SignalAI is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If we learn that we have inadvertently done so, we will delete it promptly.

10. Changes to this policy

We will post an updated effective date when we make material changes. For significant changes affecting how we use your data, we will also notify you by email.

11. Contact

Privacy questions or requests: hello@signalaihq.com