Privacy Policy
Last Updated: February 2, 2026
1. Overview
This Privacy Policy explains how SignalBridge ("we", "us") collects, uses, stores, and protects personal and technical information when you browse the Site, purchase a license, download the installer, activate devices, submit support requests, or interact with integrated features (TradingView webhooks, Telegram bot, MetaTrader connectors).
Data Controller: SignalBridge. For privacy inquiries, contact us through our contact page.
This Privacy Policy applies to all users of the Service, regardless of location, though specific rights may vary by jurisdiction.
2. Data We Collect
- Account & Licensing: Email address, name, generated license key, license type (14-Day Trial, 30-Day Monthly, 365-Day Yearly, or Lifetime), maximum devices allowed, active devices count, payment amount, license status, license expiry date.
- Device Activation Data: Device ID (supplied by companion desktop app), optional device name, activation status, activation timestamp.
- Download Telemetry: IP address, user agent, file name/version, bytes expected & sent, HTTP status, range/partial indicators, error codes, referrer, timestamps.
- Transaction Metadata: Payment ID (from Whop, or crypto session), order ID, license type, amount, payment date (we do NOT store raw card numbers, CVV codes, or crypto wallet private keys).
- Support Communications: Priority flags, category, subject, message body, optional system info (anything you manually input), license key for verification.
- Security/Integrity: IP-based rate limiting (stored in transient cache), hashed user-agent fragments for throttling fairness.
- Session Data: Secure browser sessions storing verification state (license, email, license type) for authenticated customer support pages. Sessions expire when you close your browser.
- Transients/Temporary Storage: Payment session data (email, license type, amount) and crypto transaction lookups for reconciliation until completion or expiry.
3. Data Sources
- Direct user input (checkout, support forms, email queries).
- Automated device heartbeat & activation calls from the desktop app.
- Payment gateway callbacks (Whop webhooks, NOWPayments webhook).
- Server environment variables (IP, user agent, referrer).
4. Purposes of Processing
- License Fulfillment: Generate & manage license entitlements, device allocation, and access duration (14 days, 30 days, 365 days, or lifetime).
- Billing & Reconciliation: Match payment confirmations to license issuance or renewal.
- Support: Respond to requests and verify customer license type & status.
- Compliance & Recordkeeping: Audit trails for disputes, refunds, or regulatory queries.
- Product Improvement: Aggregate download success/failure metrics to improve reliability.
- License Management: Track license expiry, renewal eligibility, and upgrade paths.
5. Legal Bases (Where Applicable)
- Contract Performance: Licensing, activation, delivery of updates during license validity period.
- Legitimate Interests: Security, fraud prevention, service optimization, license abuse prevention.
- Legal Obligation: Transactional records for tax/audit (where required).
- Consent: Not currently required for core license operations.
6. Data Retention
- Active License Records: Retained for the license duration (14 days, 30 days, 365 days, or lifetime) + up to 24 months for support & compliance, then purged.
- Expired Licenses:
- 14-Day Trial: Retained 12 months post-expiry
- 30-Day Monthly: Retained 24 months post-expiry
- 365-Day Yearly: Retained 24 months post-expiry
- Lifetime: Data is retained for the duration of the license (which is permanent) plus an additional 24 months after license revocation or termination (if applicable) for compliance and support purposes. Core license records may be retained longer if required by law or for dispute resolution.
- Revoked Licenses: Retained up to 24 months unless legal or dispute needs extend this.
- Rate Limit Transients: Minutes to hours (short-lived caches only).
- Payment Session Transients: Up to 60 minutes or until processed.
- Support Emails / Logs: Up to 24 months unless earlier deletion requested (subject to legal holds).
- Suspicious Activity Logs: Up to 60 days unless part of an investigation.
- Sessions: Cleared on browser close or inactivity; session IDs rotated at start.
7. Third-Party Disclosures
We share only necessary data with:
- Whop: Payment processing for license purchases (email, transaction amount, checkout ID).
- NOWPayments: Crypto payment processing for Yearly and Lifetime licenses (amount, order reference).
- Email Provider: License key delivery, support replies.
- Hosting Providers: Necessary to host application logic & database.
Data Processing Agreements (DPAs): We have data processing agreements in place with all processors that handle personal data, ensuring they process data only as instructed and maintain appropriate security measures.
We share only the minimum data necessary for each processor to perform their function. No sale of personal data; no ad network sharing; no behavioral advertising trackers integrated.
8. International Data Transfers
The Service may process and store data in jurisdictions outside your country of residence, including but not limited to the United States, European Union, and other applicable jurisdictions.
Safeguards: We rely on appropriate safeguards to protect your data when transferred internationally, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (for EU data)
- Adequacy decisions by relevant authorities
- Processor compliance with applicable data protection laws
- Technical and organizational measures to protect data
By using the Service, you consent to the transfer of your data to these jurisdictions. If you do not consent, you should not use the Service.
For EU users: If you are located in the European Economic Area (EEA), transfers to countries outside the EEA are protected by Standard Contractual Clauses or other approved mechanisms.
9. Security Measures
- Encrypted connections (HTTPS/TLS) for all site and API interactions.
- Secure session management with automatic expiration and protection against unauthorized access.
- Content security policies to prevent malicious scripts and unauthorized code execution.
- Rate limiting and abuse prevention measures to protect against unauthorized access attempts.
- Download integrity verification and device activation validation.
- Encrypted storage and secure transmission of license keys.
No guarantee of absolute security; you must secure your local endpoints, license key, and environment credentials (MT5 accounts, Telegram bot tokens, etc.).
Data Breach Notification: In the event of a data breach that may affect your personal data, we will notify you and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach (where required).
10. Financial Risk Disclaimer
SignalBridge is a technical automation service that processes user-provided trading signals and commands. This Privacy Policy governs data collection and privacy practices only. It does not create any financial obligations or liability on the part of SignalBridge.
NO FINANCIAL LIABILITY: SignalBridge is NOT liable for any financial outcomes, profits, losses, or damages resulting from the use of this service. The service relies solely on user input and configuration. All trading decisions, risk management, and financial outcomes are the sole responsibility of the user. SignalBridge does not provide financial advice, trading recommendations, or assume any responsibility for trading results, misconfigurations, or user errors.
For complete terms regarding financial disclaimers and limitations of liability, please review our Terms of Service.
11. Your Rights (Where Applicable)
- Access: Request a copy of stored personal data (primarily email/licensing records).
- Rectification: Correct inaccurate account or license contact data.
- Deletion: Request deletion after license expiry (subject to legal/financial recordkeeping). Lifetime licenses may have extended retention.
- Restriction/Objection: Limit processing in certain disputed cases.
- Portability: Export structured license data (email, name, license type, duration, timestamps) upon request.
- Complaint: File with a supervisory authority if located in an applicable jurisdiction.
How to Exercise Rights: To exercise any of these rights, contact us through our contact page with your request. We will respond within 30 days (or as required by applicable law). We may require verification of your identity before processing requests.
Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.
For EU users: You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.
12. Automated Processing
Automated logic is limited to: license activation validation, expiry detection, device limit enforcement, rate limiting, and payment session reconciliation. No profiling for marketing or credit decisions.
14. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us for removal.
15. Policy Updates
Updates will be posted here with a revised date. Material changes may be communicated via notice banners or email to active license holders. Continued use after posting constitutes acceptance.
16. Contact
For privacy inquiries or data requests, please contact us through our contact page.
For EU users: You also have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been violated.