Privacy Policy
Last updated: July 4, 2026
1. Who we are. Vantar Labs Pte. Ltd. (UEN 202630069Z), Singapore, operates signalis.watch. Contact for privacy matters: admin@signalis.watch.
2. What we collect. Account data (email address, hashed authentication credentials); billing data (subscription tier, billing status — full payment card details are processed by Stripe and never touch our servers); usage data (API key usage, request counts, timestamps, IP addresses in server logs); and support communications you send us.
3. What we don't do. We do not sell personal data. We do not use your data for advertising. The threat intelligence content we serve is derived from public reporting and contains no personal data about you.
4. How we use data. To provide and secure the service (authentication, rate limiting, abuse prevention), process subscriptions, communicate service notices, and improve reliability. Legal bases: contract performance and legitimate interests in service security.
5. Processors. We use: Supabase (authentication), Stripe (payments), Resend (transactional email), and infrastructure hosting in the EU (Germany). Each processes data only as needed to provide their function.
6. Retention. Account data is retained while your account is active and deleted within 30 days of account deletion, except records we must keep for tax or legal compliance. Server logs rotate within 90 days.
7. Your rights. You may access, correct, or delete your personal data, or withdraw consent, by contacting admin@signalis.watch. Singapore users have rights under the PDPA; EU users under the GDPR. Our Data Protection Officer contact is admin@signalis.watch.
8. Security. Data in transit is encrypted (TLS). Credentials are hashed. API keys are stored as salted hashes. Access to production systems is restricted and key-authenticated.
9. Changes. Material changes will be notified by email or in-product notice.