What we collect
- Account data: email address, hashed password, plan tier
- Profile data: verticals, keywords, stack preferences (from onboarding)
- Usage data: saved clusters, watchlist items, alert preferences
- Auth logs: hashed IP address, user agent, timestamps (for security)
- Payment data: processed by Stripe; we store only Stripe customer/subscription
IDs, never card numbers
How we use it
- Generate personalized monthly reports based on your scan profile
- Compute fit scores to rank opportunities relevant to you
- Send email digests and alert notifications you've opted into
- Enforce rate limits and detect abuse (via hashed IPs, never raw)
- Process subscription billing via Stripe
What we don't do
- We never sell your data to third parties
- We never store raw IP addresses
- We never share your scan profile or watchlist with other users
- We never use your data to train AI models
Third-party services
- Stripe: payment processing (privacy policy)
- Resend: transactional email delivery
- Sentry: error monitoring (anonymized)
- Slack: optional integration, only if you connect it
Your rights (GDPR)
If you are in the EU/EEA, you have the right to:
- Access: export all your data via Settings or GET /api/v1/me/export
- Rectification: update your profile and account settings at any time
- Erasure: delete your account via Settings or DELETE /api/v1/me
- Portability: CSV export of your cluster and watchlist data
- Object: unsubscribe from emails via the link in every email
Data retention
Account data is retained while your account is active. Upon deletion, all personal data
is removed within 30 days. Aggregated, anonymized analytics may be retained
indefinitely.
Cookies
We use a single session cookie for authentication. No tracking cookies, no analytics
cookies, no third-party cookies.
Contact
Data protection inquiries: privacy@sigatlas.dev