LEGAL

Privacy Policy

Last updated: July 7, 2026

This Privacy Policy describes how Signal Congress ("we," "us," or "our") collects, uses, and protects information when you use the Signal Congress platform ("the Service"). We are committed to being transparent about our data practices.

1. Information We Collect

Account information: When you create an account, we collect your email address and a hashed password. If you subscribe to a paid plan, Stripe collects your payment information directly — Signal Congress does not store credit card numbers or payment details.

Product analytics: We collect anonymized data about how the Service is used (pages visited, features used, session duration) via Google Analytics to improve the product. This analytics data is not linked to your account.

Account activity records: Some records are necessarily linked to your account. If you use the developer API or MCP server, we log each request (the key used, endpoint, response status, and timing) — these records are required to enforce rate limits and daily quotas, for billing integrity, and to detect abuse. API keys are stored only as cryptographic hashes; we cannot recover a key's secret. Features that save your own selections (for example, the Signal Log) store those items linked to your account so we can show them back to you.

What we do not collect: We do not collect your name, phone number, address, or any personal information beyond your email address. We do not track you across other websites. We do not sell your data to any third party.

2. Government Disclosure Data

Signal Congress aggregates data from federal government disclosure systems. All government data displayed on the Service is sourced from public records required by law to be publicly available. This includes:

Congressional financial disclosures (STOCK Act), executive branch financial disclosures (OGE 278-T), federal lobbying disclosures (LDA), FEC campaign finance records, federal contract data (USASpending, SAM.gov), Federal Register regulatory actions, and SEC EDGAR Form 4 corporate insider trading disclosures.

Public officials: Financial disclosures filed by members of Congress, cabinet officials, and corporate executives are displayed solely in their capacity as public officials acting in their official roles. This data is public record. Signal Congress does not display private financial information about any individual beyond what is contained in official government filings.

FEC data specifically: Signal Congress uses aggregate PAC contribution data at the organizational level. We do not display individual contributor names, addresses, or personal financial details from FEC filings, and we do not retain individual-level FEC data in our systems.

3. How We Use Your Information

We use your email address to: (a) authenticate your account; (b) send transactional emails (subscription confirmation, payment receipts, cancellation confirmation); (c) communicate material changes to the Service or these Terms. We do not send marketing emails without your explicit opt-in. We use account-linked API usage records solely to enforce tier rate limits and quotas, maintain billing integrity, and prevent abuse.

4. Data Storage and Security

Account data is stored in Supabase, a SOC 2 Type II certified database provider. Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We use industry-standard encryption for data in transit (TLS) and at rest.

We retain account data for the duration of your account. If you delete your account, your email address and account data are deleted within 30 days, subject to any legal retention requirements. Aggregate API usage and billing records may be retained as required for accounting and abuse prevention.

5. Cookies and Tracking

Signal Congress uses session cookies for authentication. We use Google Analytics (GA4) for anonymized usage analytics. We do not use advertising cookies, retargeting pixels, or cross-site tracking. You may disable cookies in your browser settings, though this will prevent account authentication.

6. Third-Party Services

Signal Congress uses the following third-party services: Supabase (database and authentication), Stripe (payment processing), Vercel (hosting), Google Analytics (anonymized usage analytics), Railway (pipeline infrastructure), and WorkOS (OAuth sign-in for API and MCP connections, which may use Google as an identity provider). Each operates under their own privacy policies and security standards.

7. Your Rights

You may delete your account directly from your account settings. You may also request access to, correction of, or deletion of your personal data at any time by contacting us at privacy@signalcongress.com. We will respond within 30 days. If you are located in the European Economic Area, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to active users via email at least 14 days before taking effect.

10. Contact

Privacy questions: privacy@signalcongress.com
General legal questions: legal@signalcongress.com

Terms of Service →← Home