Privacy Policy

1. Overview

This Privacy Policy explains how SignalBridge ("we", "us") collects, uses, stores, and protects personal and technical information when you browse the Site, purchase a license, download the installer, activate devices, submit support requests, or interact with integrated features (TradingView webhooks, Telegram bot, MetaTrader connectors).

2. Data We Collect

• Account & Licensing: Email address, generated license key, plan type, max devices count, active devices count, payment amount, license status, license expiry date.
• Device Activation Data: Device ID (supplied by companion desktop app), optional device name, activation status.
• Download Telemetry: IP address, user agent, file name/version, bytes expected & sent, HTTP status, range/partial indicators, error codes, referrer, timestamps.
• Transaction Metadata: Payment ID (from PayPal or crypto session), order ID, plan, amount (we do NOT store raw card or crypto wallet private keys).
• Support Communications: Priority flags, category, subject, message body, optional system info (anything you manually input), license key for verification.
• Security/Integrity: IP-based rate limiting (stored in transient cache), hashed user-agent fragments for throttling fairness.
• Session Data: PHP session (secured with Secure, HttpOnly, SameSite=Strict) storing verification state (license, email, plan) for authenticated customer support pages.
• Transients/Temporary Storage: Payment session data (email, plan, amount) and crypto transaction lookups for reconciliation until completion or expiry.

3. Data Sources

• Direct user input (checkout, support forms, email queries).
• Automated device heartbeat & activation calls from the desktop app.
• Payment gateway callbacks (PayPal IPN, NOWPayments webhook or static link metadata).
• Server environment variables (IP, user agent, referrer).

4. Purposes of Processing

• License Fulfillment: Generate & manage license entitlements, device allocation.
• Billing & Reconciliation: Match payment confirmations to license issuance or extension.
• Support: Respond to requests and verify customer plan & status.
• Compliance & Recordkeeping: Audit trails for disputes, refunds, or regulatory queries.
• Product Improvement: Aggregate download success/failure metrics to improve reliability.

5. Legal Bases (Where Applicable)

• Contract Performance: Licensing, activation, delivery of updates.
• Legitimate Interests: Security, fraud prevention, service optimization.
• Legal Obligation: Transactional records for tax/audit (where required).
• Consent: Currently not active.

6. Data Retention

• Active License Records: Retained for the license term + up to 24 months for support & compliance, then purged.
• Expired / Revoked Licenses: Typically retained up to 24 months unless legal or dispute needs extend this.
• Rate Limit Transients: Minutes to hours (short-lived caches only).
• Payment Session Transients: Up 60 minutes or until processed.
• Support Emails / Logs: Up to 24 months unless earlier deletion requested (subject to legal holds).
• Suspicious Activity Logs: Up to 60 days unless part of an investigation.
• Sessions: Cleared on browser close or inactivity; session IDs rotated at start.

7. Third-Party Disclosures

We share only necessary data with:

• PayPal: Payment processing (email, transaction amount, invoice ID).
• NOWPayments: Crypto payment processing (amount, order reference).
• Email Provider: License delivery, support replies.
• Hosting Providers: Necessary to host application logic & database.

No sale of personal data; no ad network sharing; no behavioral advertising trackers integrated in the provided code.

8. International Data Transfers

Depending on your location and hosting/payment infrastructure, data may transit or be stored in jurisdictions outside your own. We rely on gateway-standard safeguards (e.g. PayPal's compliance frameworks).

9. Security Measures

• HTTPS/TLS transport for site & API interactions.
• Strict session flags: Secure, HttpOnly, SameSite=Strict, regeneration on first use.
• Content Security Policy restricting script sources (including PayPal & Tailwind CDN allowances).
• Rate limiting & IP / UA hashing to prevent abuse.
• Download integrity metadata (file size, sha256 header, partial range handling).

No guarantee of absolute security; you must secure your local endpoints, license key, and environment credentials (MT4/MT5 accounts, Telegram bot tokens, etc.).

10. Your Rights (Where Applicable)

• Access: Request a copy of stored personal data (primarily email/licensing records).
• Rectification: Correct inaccurate account or license contact data.
• Deletion: Request deletion after license expiry (subject to legal/financial recordkeeping).
• Restriction/Objection: Limit processing in certain disputed cases.
• Portability: Export structured license data (email, plan, timestamps) upon request.
• Complaint: File with a supervisory authority if located in an applicable jurisdiction.

Contact to exercise rights. We may require verification (e.g., responding from the license email).

11. Automated Processing

Automated logic is limited to: license activation validation, expiry detection, rate limiting, and payment session reconciliation. No profiling for marketing or credit decisions.

12. Cookies & Local Storage

We rely on minimal session cookies for authenticated customer access. No third-party advertising cookies are set. If analytics tools are introduced in future, this policy will be updated.

13. Children’s Privacy

The Service is not directed to individuals under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us for removal.

14. Policy Updates

Updates will be posted here with a revised date. Material changes may be communicated via notice banners. Continued use after posting constitutes acceptance.

15. Contact

For privacy inquiries or data requests: contact.