Signal Vault

Privacy Policy

Last updated: April 23, 2026

1. Information We Collect

Signal Vault (“we”, “us”, “our”) is a private market analysis platform for verified members of our community. We only collect the information needed to verify your eligibility, deliver signals from your assigned channels, and keep your account secure. The categories below match the disclosures in our Google Play Data Safety form and our Apple App Privacy labels.

Information you provide directly when you create an account or complete verification:

  • Name and email address
  • Mobile phone number (required) during verification, used for account recovery and to contact you about your account
  • Vantage Email (required, to verify you are an existing customer of the Vantage trading platform)
  • Vantage UID / Account Number (required, to verify you are an existing customer of the Vantage trading platform)
  • Telegram handle (required, to verify membership in our existing community)
  • Profile photo and display name
  • Any additional verification details you submit during account setup or support
  • Password (only if you choose email/password sign-in; stored as a salted hash by our authentication provider and never visible to us in plaintext). If you forget your password, we send a time-limited recovery link to your registered email address so you can set a new one.

Information collected automatically when you use the app:

  • Device push notification token (provided by your mobile operating system and relayed via the Expo Push Service so we can deliver notifications)
  • Platform (iOS or Android), app version, and operating-system version — recorded on each sign-in and stored on your profile for crash triage, compatibility checks, and to tell you when an update is required
  • Device model and language preference (used for compatibility and localisation)
  • Diagnostic events captured by Expo Updates to diagnose errors; these include a stack trace and device metadata but never the content of your messages
  • In-app activity logs (screen views, channel opens, signal taps) used to measure product engagement in aggregate
  • Screenshot-attempt and screen-recording events (user ID, timestamp, and the channel or screen affected — see Section 5)

Information collected through third-party sign-in providers:

  • If you sign in with Google, we receive your Google account email, unique subject identifier (sub), and name from Google OAuth
  • If you sign in with Apple, we receive a pseudonymous Apple user identifier (sub) and, on your first sign-in, the email address and name you choose to share

We do not collect or store the content of private one-to-one messages, and we do not record audio, location, contacts, or health data.

2. How We Use Your Information

We use the information we collect to:

  • Verify your identity and maintain your account
  • Deliver content from channels you subscribe to
  • Send push notifications about new content and updates
  • Deliver proprietary content to authorised members
  • Improve app performance and user experience
  • Respond to support requests

We do not sell, rent, or share your personal data with third parties for marketing purposes.

2a. Legal Basis for Processing (UK / EU users)

If you are in the United Kingdom, the European Economic Area, or Switzerland, we process your personal data on the following legal bases under the UK GDPR and the EU GDPR:

  • Performance of a contract — to create and maintain your account, deliver channel content you have subscribed to, and provide support
  • Legitimate interests — to secure the service (including fraud prevention, abuse prevention, and signal leak prevention), to diagnose crashes, and to improve the app in aggregate
  • Consent — for optional features that require explicit opt-in, such as marketing emails (we currently do not send marketing email, but if we introduce it you will be asked to opt in first)
  • Legal obligation — where we must retain records to comply with applicable law

You may withdraw consent at any time by contacting hello@trysignalvault.app.

3. Data Storage and Security

Your data is stored securely using Supabase infrastructure with encryption at rest and in transit. We implement industry-standard security measures including row-level security policies, secure authentication protocols, and encrypted database connections. Access to user data is strictly limited to authorized personnel.

4. Third-Party Services

Signal Vault relies on the following sub-processors to operate. Each receives only the minimum data necessary to perform its specific function and is bound by its own privacy policy. We do not authorise any of these providers to use your data for their own marketing or advertising.

  • Supabase (Supabase, Inc., United States) — primary database, authentication, and storage. Hosts your profile, channel subscriptions, and messages. Also sends password-reset recovery emails when you use email/password sign-in.
  • Google (Google LLC, United States) — if you choose Google Sign-In, Google is the authentication provider only. We receive your Google account email, subject identifier, and name. Google does not receive your Signal Vault activity.
  • Apple (Apple Inc., United States) — if you choose Sign in with Apple, Apple is the authentication provider only. We receive a pseudonymous identifier and, at your choice, an email and name. Apple does not receive your Signal Vault activity.
  • Expo (650 Industries, Inc., United States) — routes push notifications from our servers to your device’s operating-system push gateway. Expo receives your device push token; it does not receive the content of your messages.
  • Resend (Resend Inc., United States) — sends transactional email such as verification emails and approval notifications. Resend receives your email address and the content of the email we send you.
  • Vercel (Vercel Inc., United States) — hosts this web page and our admin panel. Vercel does not receive user data from the mobile app itself; it only serves static pages to your web browser.
  • Vantage (Vantage International Group Limited) — broker verification only. During verification, we share your vantage_email and vantage_uuid with Vantage to confirm that you are an existing Vantage customer eligible for our community. No other Signal Vault data is shared with Vantage.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.

4a. International Data Transfers

Signal Vault’s service providers are primarily located in the United States. If you access the app from outside the United States, including from the United Kingdom or the European Economic Area, your personal data will be transferred to, stored, and processed in countries whose data-protection laws may differ from those of your own jurisdiction.

Where we transfer personal data out of the UK or EEA, we rely on one of the following safeguards, as applicable:

  • The recipient is covered by the UK International Data Transfer Agreement or EU Standard Contractual Clauses (SCCs)
  • The recipient is certified under the EU–US Data Privacy Framework or the UK Extension to that framework
  • You have given your explicit consent to the transfer

You can request a copy of the specific safeguard for any transfer by contacting hello@trysignalvault.app.

5. Content Protection

Signal Vault includes content protection features to safeguard channel content. Screenshot attempts and screen recording activity may be detected and logged to protect the intellectual property of content creators. By using the app, you acknowledge that such activity may be monitored.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct any inaccurate information
  • Delete your account and all associated personal data
  • Export your data in a portable format
  • Object to, or restrict, processing based on our legitimate interests
  • Withdraw consent for any processing that is based on consent

How to delete your account. You can delete your Signal Vault account at any time. Two paths are available:

  • In-app: open the app, go to Settings → Account → Delete account, and confirm. This triggers our delete-account backend process, which permanently removes your profile, verification details, channel subscriptions, messages you have sent, reactions, and associated media within 30 days.
  • By email: if you cannot access the app, send a deletion request from the email address associated with your account to hello@trysignalvault.app with the subject line “Delete my account”. We will verify your identity and complete the deletion within 30 days.

After deletion, we may retain a small set of records where the law requires us to (for example, anti-fraud or tax records). Any retained records are limited to the minimum necessary, are access-controlled, and are deleted as soon as the legal retention period expires.

You can exercise any other right in this section by contacting hello@trysignalvault.app. We will respond within 30 days. If you are in the UK or EEA and believe we have not handled your request properly, you have the right to lodge a complaint with your local data-protection authority (in the UK: the Information Commissioner’s Office).

7. Data Retention

We retain your personal data only for as long as your account is active or as needed to provide the service.

  • Account profile, verification details, and channel subscriptions: retained while your account is active; deleted within 30 days of account deletion.
  • Messages and signals you sent or received: retained while your account is active; deleted within 30 days of account deletion. Other members’ copies of messages you sent to shared channels are anonymised rather than deleted, because deleting them would rewrite another member’s chat history.
  • Push tokens and device identifiers: deleted immediately when you sign out or delete the app.
  • Platform, app version, and OS version: retained with your profile while your account is active; overwritten on each sign-in and deleted with your profile.
  • Diagnostic events: retained for up to 90 days, then deleted.
  • Screenshot-attempt logs: retained for up to 12 months to investigate signal leaks, then deleted.
  • Records we are legally required to keep: retained for the period specified by law and then deleted.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes through the app or by email. Continued use of Signal Vault after changes are posted constitutes acceptance of the updated policy.

9. Children’s Privacy

Signal Vault is intended for adults who trade or invest on their own account. The service is not directed to children, and we do not knowingly collect personal data from anyone under 18 years of age. If you believe a child has provided us with personal data, please contact hello@trysignalvault.app and we will delete it.

If you are under 18, please do not create an account or submit any personal information to us.

10. Security Incidents

We use industry-standard technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, row-level security policies on our database, and audited administrative access. No system is completely secure, however, and we cannot guarantee the absolute security of your information.

If we become aware of a personal data breach that affects your account, we will notify you by email as soon as reasonably practicable, and no later than 72 hours after we become aware of the breach where required by applicable law. We will also notify the relevant supervisory authority where required.

11. Contact Us

If you have questions about this privacy policy or our data practices, please contact us at hello@trysignalvault.app.