← Back to home

Privacy Policy

Last updated: April 6, 2026

1. Overview

SignalSift ("SignalSift", "we", "us", "our") is operated by Webcore (webcore.cv), a solo digital agency based in Budapest, Hungary. We are subject to the EU General Data Protection Regulation (GDPR) and also comply with the California Consumer Privacy Act (CCPA) for our US-based users.

SignalSift is a SaaS tool that monitors publicly available Reddit posts for product demand signals — posts where people express unmet needs, request alternatives, or describe frustrations. We score, classify, and display these signals in a dashboard for entrepreneurs and product builders.

This policy explains what data we collect, why we collect it, how we process it, and what rights you have over your data.

2. Data We Collect

2.1 Account Data

When you sign up via GitHub or Google OAuth, we receive and store your email address, display name, and profile picture. This is the minimum data required to create and manage your account.

2.2 Payment Data

All payment processing is handled by Stripe. We never see, store, or have access to your credit card number, CVV, or full billing address. We store only your Stripe customer ID to link your subscription to your account.

2.3 User Preferences

We store the subreddits you choose to monitor, custom keywords you configure, notification preferences, and generated reports. This data is tied to your account and is necessary to provide the service.

2.4 Publicly Available Reddit Data

We scrape publicly available Reddit posts — the same content visible to any unauthenticated visitor at reddit.com. This includes post titles, body text, author usernames, subreddit names, upvote counts, comment counts, post URLs, and timestamps.

We do not scrape private subreddits, direct messages, user profiles, or any content that requires Reddit authentication to access.

2.5 AI-Processed Data

For high-scoring demand signals, we send the Reddit post content (title, body, subreddit, engagement metrics) to Anthropic's Claude API for analysis. Anthropic processes this data under their API terms and does not use API inputs for model training. The AI generates summaries, tags, and competitor mentions, which we store alongside the original signal.

2.6 Usage Data

We collect basic, anonymized usage analytics (page views, feature usage) via Plausible Analytics. This data is aggregated and cannot be used to identify individual users.

3. How We Use Your Data

DataPurpose
Account dataAuthenticate you, manage your account, send service emails
Payment dataProcess subscriptions, manage billing, prevent fraud
User preferencesDeliver personalized monitoring and reports
Reddit dataDetect, score, and classify product demand signals
AI-processed dataGenerate summaries, tags, and competitor analysis for signals
Usage dataImprove the product, fix bugs, understand feature adoption

We do not sell your data. We do not serve ads. We do not track you across other websites.

5. Data Sharing & Processors

We share data only with the third-party processors required to operate the service:

ProcessorData SharedPurpose
Stripe (US)Email, billing infoPayment processing
Anthropic (US)Reddit post contentAI analysis of demand signals
Vercel (US)Request logs, IP addressesFrontend hosting and edge delivery
Railway / VPS providerDatabase contentsInfrastructure hosting

We do not sell, rent, or trade your personal data. We do not share data with advertisers or data brokers.

6. International Data Transfers

We are based in the EU (Hungary), but some of our processors are based in the United States (Stripe, Anthropic, Vercel). For these transfers, we rely on:

  • The EU-US Data Privacy Framework, where applicable (Stripe and Vercel are certified participants).
  • Standard Contractual Clauses (SCCs) approved by the European Commission, as a fallback transfer mechanism.

We ensure all processors provide adequate data protection safeguards before transferring any personal data outside the EEA.

7. Data Retention

Data TypeRetention Period
Account dataUntil you delete your account
User preferences & reportsDeleted within 30 days of account deletion
Scraped Reddit data12 months from scrape date, then auto-purged
Payment records7 years (Hungarian tax law requirement)
Usage analyticsAggregated, no personal data retained

8. Your Rights (GDPR)

If you are in the European Economic Area, you have the right to:

  • Access — Request a copy of all personal data we hold about you.
  • Rectification — Ask us to correct inaccurate data.
  • Erasure— Request deletion of your personal data ("right to be forgotten").
  • Data portability — Receive your data in a structured, machine-readable format (JSON).
  • Restriction — Ask us to temporarily stop processing your data.
  • Objection — Object to processing based on legitimate interest.
  • Withdraw consent — Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, email us at blancoisadev@gmail.com. We will respond within 30 days, as required by the GDPR.

You also have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or your local EU supervisory authority.

9. Your Rights (CCPA)

If you are a California resident, you have the right to:

  • Know — Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Delete — Request deletion of your personal information, subject to certain exceptions.
  • Opt-out of sale — We do not sell your personal information. There is nothing to opt out of.
  • Non-discrimination — We will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information collected: Identifiers (email, name), commercial information (subscription plan), internet activity (usage analytics), and inferences (demand signal analysis derived from public Reddit data).

To submit a request, email blancoisadev@gmail.com. We will verify your identity and respond within 45 days.

10. Cookies

We use only strictly essential cookies required for authentication and security. We do not use advertising, social media, or third-party tracking cookies. Because all our cookies are strictly essential, no cookie consent banner is required under the GDPR ePrivacy Directive.

For a full breakdown of each cookie we set, see our Cookie Policy.

11. Children's Privacy

SignalSift is not directed at anyone under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

12. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encrypted connections (TLS/HTTPS) for all data in transit.
  • Encrypted database storage at rest.
  • OAuth-based authentication (no passwords stored by us).
  • Scoped access controls — your data is only accessible by your account.
  • Regular dependency updates and security patching.

No system is 100% secure. If we discover a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours, as required by the GDPR.

13. Changes to This Policy

We may update this privacy policy to reflect changes in our data practices or legal requirements. If we make material changes (new data collection, new processors, changes to retention periods), we will notify you via email at least 30 days before the changes take effect.

Non-material clarifications or formatting changes may be made without notice. The "Last updated" date at the top of this page always reflects the most recent revision.

14. Contact

For any privacy-related questions, data subject requests, or concerns, contact us at:

Webcore (webcore.cv)

Budapest, Hungary

blancoisadev@gmail.com

As a small operation, our data protection inquiries are handled directly by the business owner. We aim to respond to all requests within 30 days.

Terms of ServiceCookie Policy