Privacy Policy

Effective Date: June 24, 2026

This Privacy Policy describes how Signal8 Inc. (“Signal8,” “we,” “us,” or “our”), a Wyoming corporation, collects, uses, stores, shares, and sells personal information when you use the Signal8 platform at signal8.ai and related services (collectively, the “Service”). Signal8 is currently offered free of charge. Please read this policy carefully before using the Service. By using the Service, you agree to the practices described in this Privacy Policy, including the sharing and sale of your contact information as described in Section 4.

1. Data Controller

The data controller responsible for your personal information is:

Signal8 Inc.
1309 Coffeen Ave, Suite 1200
Sheridan, WY 82801
United States
[email protected]

2. Information We Collect

2.1 Information You Provide Directly

Signal8 uses passwordless authentication — we do not use or store passwords. When you register for a standard account, we collect only:

  • Email address, and/or
  • Mobile phone number (in international format)

You may sign up with an email address, a phone number, or both. We do not require a name, mailing address, job title, or company for a standard account.

Corporate Portal users. Investor-relations and corporate users who are granted access to the Signal8 Corporate Portal additionally provide their first name, last name, and job title.

When you contact us for support, we collect the information you provide in your communication.

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • IP address — collected at registration and on login attempts; retained in login history for 90 days and then automatically purged.
  • User agent / browser type — collected on login attempts to detect anomalous access; retained in login history for 90 days.
  • Session tokens — JWT access tokens (short-lived) and refresh tokens stored in httpOnly cookies scoped to the .signal8.ai domain.
  • Approximate location (country) — derived from your IP address / network at sign-up to apply the correct jurisdiction-specific consent rules.

2.3 Activity Data

  • Watchlist and alert settings — the companies, insiders, and institutions you add to your watchlist, and your configured alert preferences.
  • Notification subscription data — push notification endpoint and keys if you enable browser push notifications; your verified phone number if you enable SMS alerts.
  • Consent records — records of the marketing, SMS, and legal consents you give or withdraw, including timestamps and the disclosure text shown, retained as a compliance record.

2.4 IR Widget Subscriber Data

External visitors who subscribe to alerts via an IR widget embedded on a company's investor relations website provide their email address. These subscribers do not have a Signal8 account. Their email addresses are stored and used solely to send SEC filing and press release alert emails on behalf of the company that deployed the widget. Each alert email contains an unsubscribe link.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service — authenticating you and delivering platform features such as watchlists, alerts, and market and SEC-filing data.
  • Transactional communications — sending email verification messages, one-time passcodes (by email or SMS), and security notifications. These communications are required for account operation and cannot be opted out of while your account is active.
  • Marketing communications — sending you news, offers, product updates, and promotional messages by email and, where permitted, by SMS. You can opt out of marketing email via the unsubscribe link in any marketing email, opt out of marketing SMS by replying STOP, or manage these preferences in your account settings.
  • Alert notifications — sending watchlist-based alerts via email, SMS, or browser push when you have configured these preferences. You may disable these at any time in account settings.
  • Lead generation and referrals — sharing and selling your contact information to our business clients, and associating your account with a client as a sales lead, as described in Section 4.
  • Security and fraud prevention — detecting and preventing unauthorized access, monitoring login history for anomalous activity, enforcing rate limits, and protecting the integrity of the Service.
  • Service improvement — analyzing aggregated, de-identified usage patterns to improve platform performance, prioritize features, and fix bugs.
  • Legal and compliance — complying with applicable law, responding to lawful requests from government authorities, enforcing our Terms of Service, and protecting our legal rights.

We share and sell your personal information. Because Signal8 is offered free of charge, we monetize in part by sharing and selling user contact information (email address and phone number) to our business clients, as described in Section 4. Depending on your jurisdiction you have the right to opt out of this sale and sharing — see Section 9.

4. How We Share and Sell Your Information

4.1 Sale and Sharing of Contact Information to Business Clients

Signal8 operates a lead-generation business. We share and sell the contact information you provide — your email address and phone number — to our business clients (including public companies and other organizations). In addition, we may associate your account with a particular client as a “lead.” A client to whom you are assigned may access and export your email address and phone number, and may contact you directly, including by sending you emails that are sent on Signal8's platform and may be branded as Signal8.

Under the California Consumer Privacy Act and similar laws, these practices constitute a “sale” and/or “sharing” of personal information. You have the right to opt out at any time — see Section 9.3 and our Do Not Sell or Share My Personal Information page. We do not knowingly sell or share the personal information of individuals located in the European Economic Area, the United Kingdom, or Switzerland without a valid legal basis.

4.2 Service Providers

We also share data with trusted third-party service providers who process it on our behalf to operate the Service:

Service CategoryPurposeData Shared
Transactional & marketing email providerEmail deliveryEmail address, email content
SMS provider (Twilio)Phone verification, SMS alerts and messagesPhone number, message content
Hosting & infrastructureOperating the ServiceAccount and usage data, as needed to host the Service

Each of these service providers is contractually required to process your data only as instructed by us and to maintain appropriate security measures.

4.3 Legal Requirements

We may disclose your information when required by applicable law, court order, subpoena, or government request, or when we believe disclosure is necessary to protect our rights, investigate fraud, or protect the safety of our users or the public.

4.4 Business Transfers

If Signal8 is involved in a merger, acquisition, financing, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you (via email or prominent notice on the Service) before your personal information is transferred and becomes subject to a different privacy policy.

4.5 Text Messaging (SMS) Data and Consent

Signal8's own text-messaging program. When you provide your mobile phone number and opt in to receive text messages from Signal8 — for account verification, security or account notifications, alerts you have configured, or Signal8 marketing messages — the mobile information collected as part of that opt-in (your phone number and your SMS consent) is used only to operate Signal8's own text-messaging program. We do not share or sell the mobile opt-in data or consent you give to Signal8'sSMS program with or to any third party for that third party's own marketing purposes. Standard message and data rates may apply, and you can opt out of Signal8 marketing texts at any time by replying STOP.

Separate, named-partner SMS consent. Independently of Signal8's own SMS program, we may present you with an optional checkbox during sign-up that asks whether you also want to receive text messages from a specific, named partner identified next to that checkbox. If — and only if — you affirmatively check that box, you are giving that named partner your consent to contact you directly under itsown text-messaging program, and that partner becomes responsible for messaging you in accordance with its own terms and privacy policy (linked beside the checkbox). This is your separate, affirmative choice to opt in to that partner's program — it is not a transfer of the mobile opt-in data from Signal8's own SMS program described in the paragraph above. You are never required to check this box to create or use a Signal8 account, and leaving it unchecked has no effect on the Service.

This Section 4.5 governs only mobile opt-in data and SMS consent. It does not limit, and is in addition to, the broader sharing and sale of your contact information described in Sections 4.1 through 4.4 and Section 9.3, including the sale and sharing of your email address and phone number to our business clients.

5. Cookies, Tracking Technologies, and Advertising Pixels

Signal8 uses the following categories of cookies and tracking technologies:

Essential (cannot be disabled): authentication session cookies and CSRF protection tokens required to keep you signed in and secure the Service.

Analytics: first-party analytics used to measure product usage and improve the Service.

Advertising and Conversion Tracking: Signal8 may deploy third-party advertising pixels (for example from Meta, Google, TikTok, or LinkedIn) on its marketing pages. These pixels collect information about your interactions with our marketing pages and may be used by the respective platforms to attribute conversions, measure ad performance, and serve you ads. These platforms may combine this data with other information they hold about you.

You can manage or disable non-essential cookies through the cookie preference banner displayed on first visit, or by adjusting your browser settings. Disabling essential cookies will prevent you from using authenticated features of the Service.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Login history (IP address, user agent) — automatically purged after 90 days.
  • Session tokens — short-lived; refresh tokens are revoked on logout and on account deletion.
  • Account data — when you delete your account we deactivate it and release your email address and phone number so they can be reused. We retain a limited record of the deletion (and previously associated contact details) for audit, fraud-prevention, and legal-compliance purposes. Residual data may persist in backups for a limited period before being overwritten.
  • Consent records — retained as long as required to evidence your consent and comply with telecommunications and marketing regulations.
  • IR widget subscriber emails — retained until the subscriber unsubscribes or the IR widget configuration is removed.

7. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Passwordless authentication (one-time codes) — there is no password to steal or leak
  • Authentication tokens stored in httpOnly, Secure cookies to prevent JavaScript access
  • TLS encryption for all data in transit
  • Encrypted storage of server environment secrets
  • Rate limiting on authentication endpoints to defend against abuse
  • Login history monitoring for anomalous access detection
  • Refresh token rotation on each use

No method of transmission over the Internet or method of electronic storage is 100% secure. While we take commercially reasonable measures to protect your information, we cannot guarantee absolute security. If we become aware of a data breach that affects your rights or freedoms, we will notify you as required by applicable law.

8. International Data Transfers

Signal8 is based in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

Our third-party service providers (including our email and SMS providers) may also process your data in the United States or other countries. By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

9.1 General Rights

  • Access — Request a copy of the personal information we hold about you.
  • Correction — Request correction of inaccurate or incomplete personal information.
  • Deletion — Request deletion of your personal information, subject to our retention obligations.
  • Portability — Request a machine-readable copy of your personal information in certain cases.
  • Opt out of marketing — Opt out of marketing email via the unsubscribe link in any marketing email, and opt out of marketing SMS at any time by replying STOP to any message.
  • Opt out of sale/sharing — Opt out of the sale and sharing of your contact information (see Section 9.3).
  • Notification opt-out — Disable alert notifications via account settings at any time.
  • Account deletion — Delete your account at any time from your account settings page. Account deletion releases your contact identifiers and is irreversible (subject to the limited retention described in Section 6).

9.2 Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (“GDPR”) or equivalent applicable law:

  • Right to object — Object to processing of your personal information based on our legitimate interests, including direct marketing.
  • Right to restrict processing — Request restriction of processing in certain circumstances.
  • Right to withdraw consent — Where processing is based on consent, withdraw that consent at any time (which does not affect lawfulness of prior processing).
  • Right to lodge a complaint — You have the right to lodge a complaint with your local supervisory authority.

Our legal bases for processing personal information include: (a) performance of our agreement with you (providing the Service); (b) your consent (for marketing and, where applicable, SMS); and (c) our legitimate interests (security, fraud prevention, and service improvement). We do not sell or share the personal information of EEA, UK, or Swiss residents for lead-generation purposes without a valid legal basis such as your explicit consent.

9.3 California Resident Rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (“CCPA”) and California Privacy Rights Act (“CPRA”):

  • Right to Know — Request information about what personal data we have collected, used, disclosed, and sold about you.
  • Right to Delete — Request deletion of your personal data.
  • Right to Correct — Request correction of inaccurate personal data.
  • Right to Opt Out of Sale/Sharing — Signal8 sells and shares your contact information (email address and phone number) to business clients as described in Section 4. California residents may opt out of this sale and sharing using our Do Not Sell or Share My Personal Information page, by using the same option in our cookie preference banner, or by emailing [email protected]. If you have a Signal8 account, you can also manage this from Account → Privacy.
  • Right to Limit Use of Sensitive Personal Information — You may request limits on how we use sensitive personal information.
  • Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA rights.

To exercise your rights under CCPA/CPRA, contact us at [email protected]. We will verify your identity before processing your request and will respond within 45 days (extendable by an additional 45 days if necessary, with notice).

10. How to Exercise Your Rights

To exercise any of the rights described above, please email us at [email protected] with the subject line “Privacy Request” and include:

  • The email address and/or phone number associated with your account
  • A description of the right you wish to exercise
  • Sufficient information to verify your identity

We will respond to verified requests within 30 days, or within any shorter period required by applicable law. We may deny requests that cannot be verified, that are manifestly unfounded or excessive, or that conflict with our legal obligations.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will promptly delete such information.

12. Links to Third-Party Websites

The Service may contain links to third-party websites, SEC filings on EDGAR, and other external resources. Signal8 is not responsible for the privacy practices or content of these third-party websites. We encourage you to review the privacy policies of any third-party site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page with a new Effective Date, and by sending a notification to the email address or phone number associated with your account. Your continued use of the Service after the updated policy is posted constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Signal8 Inc.
1309 Coffeen Ave, Suite 1200
Sheridan, WY 82801
United States
Privacy requests: [email protected]
General inquiries: [email protected]

We aim to respond to all privacy-related inquiries within 30 days of receipt.