LEGAL
Privacy Policy
Effective: March 2026 · Last updated: March 2026
Signals is built on a simple belief: your data should work for you, never against you. We collect only what we need to find your signals. We never sell it, never share it with advertisers, and never use it to train AI models. This policy explains exactly what we do with your information, written in plain language.
Who we are
Signals is operated by Aurum X Capital LTD, a company registered in England and Wales.
- Registered address: 20 Wenlock Road, London, N1 7GU, United Kingdom
- Privacy inquiries: confidential@aurum-x-capital.com
What data we collect
When you create a Signals account and set up your profile, we collect:
Account information
- Email address — used for authentication and to send you signal notifications
- Full name — used to search unclaimed property databases on your behalf
- Country — determines which databases and legal frameworks apply to you
Profile data
- Profile text — a free-text description of your situation that helps our AI agents understand your context
- Tier answers — specific answers to questions about your finances, visa status, housing, employment, and skills that help each signal tier scan more accurately
What we do not collect
We do not collect bank account numbers, passwords to other services, exact home addresses, social security or national ID numbers, payment card details (payments are handled entirely by Stripe), or any biometric data. We do not use tracking cookies, analytics scripts, or advertising pixels.
How we use your data
Your data is used for one purpose: finding signals that matter to you.
- Scanning — your profile and tier answers are sent to our AI agents, which use them to search public databases, government registries, job platforms, and legal resources for information relevant to your situation
- Display — signals found by our agents are stored and displayed on your personal dashboard
- Notifications — if you opt in, we send email summaries of new signals
- Authentication — your email is used to verify your identity via magic link login
We do not use your data for advertising, profiling for third parties, or any purpose beyond operating the Signals service for you.
How we store and protect your data
Your data is stored in a Supabase-hosted PostgreSQL database with the following protections:
- AES-256 encryption at rest — all data is encrypted in the database. Even with direct database access, raw field values cannot be read
- Row-level security (RLS) — database policies ensure that each user can only access their own data. No user can ever see another user's profile, answers, or signals
- TLS encryption in transit — all data transmitted between your browser, our servers, and our database is encrypted using TLS 1.2+
- Secure authentication — we use Supabase Auth with email magic links. We never store passwords
AI processing
Signals uses the Anthropic Claude API to power its scanning agents. Here is exactly what happens when a scan runs:
- Your profile text and relevant tier answers are sent to Anthropic's API as part of a structured prompt
- Claude processes the request, performs web searches against public databases, and returns structured results
- The results are stored in your Signals dashboard
- Anthropic operates with zero data retention — your data is processed and immediately discarded by the API. It is never stored on Anthropic's servers and is never used to train their AI models
We use Anthropic specifically because of their industry-leading data privacy commitments. No other AI provider has access to your data.
We never sell your data
Your data is never sold, rented, licensed, or shared with advertisers, data brokers, or any third party for their own purposes. Period. This is not a negotiable part of our business. If we can't build a sustainable business without selling user data, we'll shut down rather than compromise on this.
Your rights
You have full control over your data at all times:
- Access — you can view all data we hold about you directly in the app (your profile, tier answers, and signals are all visible on your dashboard and settings)
- Export — you can request a complete export of all your data at any time by emailing us
- Delete — you can delete your account and all associated data at any time. Deletion is permanent — we do not retain backups of deleted accounts
- Rectification — you can edit your profile and tier answers at any time through the app
- Portability — you can request your data in a standard machine-readable format
To exercise any of these rights, email confidential@aurum-x-capital.com. We respond to all requests within 30 days.
GDPR compliance
As a company registered in the United Kingdom, we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Legal basis for processing
- Consent — you provide explicit consent when you create your profile and submit tier answers
- Legitimate interest — we process your data to provide the core Signals service (scanning and alerting), which is the service you signed up for
- Contractual necessity — processing is necessary to deliver the service you've requested
You can withdraw consent at any time by deleting your account. If you believe we have processed your data unlawfully, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
Data retention
- Profile data (name, email, country, profile text, tier answers) — retained until you delete your account
- Signals — retained for 90 days unless dismissed earlier. Dismissed signals are removed immediately
- Deleted accounts — when you delete your account, all associated data is permanently removed from our database within 30 days. No backups are retained
Cookies
We use minimal cookies, strictly for authentication:
- Authentication cookies — used to keep you logged in between sessions. These are essential for the service to function
- No tracking cookies — we do not use Google Analytics, Facebook Pixel, Hotjar, or any other tracking or analytics tools
- No advertising cookies — we do not serve ads and have no advertising cookies
Third-party processors
We use a small number of trusted third-party services to operate Signals. Each receives only the minimum data necessary for their function:
SupabaseAWS (US East)
Database hosting & authentication
Data shared: All user data (encrypted at rest)
AnthropicUS (zero retention)
AI processing (Claude API)
Data shared: Profile text and tier answers during scans only
VercelGlobal edge network
Web application hosting
Data shared: No user data stored — serves the application only
No data is shared with any party beyond what is strictly necessary for operating the service. We do not use any data enrichment, marketing automation, or audience targeting services.
Changes to this policy
We may update this privacy policy from time to time to reflect changes in our service or legal requirements. When we make material changes, we will notify you by email before the changes take effect. The “last updated” date at the top of this page reflects the most recent revision.
Contact us
If you have any questions about this privacy policy, your data, or how Signals handles your information, contact us at:
Aurum X Capital LTD
20 Wenlock Road, London, N1 7GU, United Kingdom
confidential@aurum-x-capital.com
This policy is effective as of March 2026.