WiseSignal Privacy Policy

Last updated: April 23, 2026

This Privacy Policy describes how Wisesignal, LLC ("WiseSignal," "we," "us," or "our"), a Delaware limited liability company, collects, uses, discloses, and protects personal data when you visit our website, use the Service, or otherwise interact with us.

This Policy applies to all users of the Service, including visitors to publicly accessible features, waitlist subscribers, registered account holders, trial users, and paying subscribers. Your use of the Service is also governed by our Terms of Service.

WiseSignal is committed to complying with applicable data protection laws, including, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the UK General Data Protection Regulation (UK GDPR), and certain U.S. state privacy laws.

Under the GDPR, "personal data" means any information relating to an identified or identifiable individual.

For questions about this Policy or how your data is processed, contact us at contact@wisesignal.io.

1. Data Controller

Wisesignal, LLC is the data controller responsible for the processing of personal data described in this Policy.

Contact for data protection inquiries: contact@wisesignal.io

WiseSignal does not currently have a designated Data Protection Officer (DPO). All data protection inquiries may be directed to the email address above.

WiseSignal does not currently designate an EU/EEA representative under Article 27 GDPR. If this changes, this section will be updated.

2. Personal Data We Collect

We collect personal data in the following categories:

2.1 Account Registration Data

When you create an Account, we collect:

  • Your email address;
  • Your password, which is hashed and stored by our authentication provider (Supabase Auth) — WiseSignal does not store plaintext passwords;
  • A unique user identifier (UUID), generated automatically;
  • Account creation date and legal consent timestamp; and
  • Records of the Terms of Service version and Privacy Policy version you accepted at signup.

2.2 Subscription and Billing Data

When you subscribe to the Service, we store the following subscription metadata:

  • Stripe customer ID and Stripe subscription ID (reference identifiers used to manage your access to the Service);
  • Subscription status (e.g. pending, active, past_due, cancelled);
  • Current billing period end date;
  • Cancellation status;
  • Trial eligibility and trial claim status; and
  • Early adopter status (a flag indicating whether you signed up via the waitlist).

WiseSignal does not process or store your payment card information, billing address, or transaction details. All payment processing is handled by Stripe. WiseSignal stores only the reference identifiers and metadata listed above, which are necessary to manage your access to the Service.

2.3 Waitlist Subscriber Data

If you sign up for the WiseSignal waitlist, we collect:

  • Your email address;
  • Your consent timestamp (recorded at the time of signup);
  • Your subscription status (pending, confirmed, or unsubscribed);
  • Double opt-in confirmation timestamp (after you click the confirmation link);
  • Source of signup (e.g. landing page); and
  • A hashed confirmation token (SHA-256), used for email verification only.

2.4 User Content

When you use the Service, we may store:

  • Watchlist entries (the transaction IDs you save to your watchlist).

Filter preferences and sort settings are session-based and are not stored on our servers. WiseSignal does not currently store user notes, comments, or other free-text content.

2.5 Acquisition and Attribution Data

To understand how users find WiseSignal, we maintain attribution records that include:

  • A hashed version of your email address (SHA-256 — a one-way hash that cannot be reversed to recover the original email);
  • Your acquisition channel (how you first found WiseSignal, such as Substack, LinkedIn, X/Twitter, Google Search, or other sources);
  • Your most recent acquisition channel (updated if you re-subscribe);
  • Signup and re-signup timestamps;
  • Whether you have previously used a trial;
  • Your subscription lifecycle status; and
  • Cancellation reason and optional comment (if you provided one).

This data is keyed by email hash, not by your user ID. It persists after account deletion to support aggregate marketing attribution analysis. Because it is keyed by an irreversible hash, it cannot be linked back to a specific individual without access to the original email address.

2.6 Analytics Data

We collect analytics data to understand how the Service is used and to improve it:

  • Pages visited, referrer URLs, browser type and version, operating system, and device type;
  • Approximate geographic location (country or region), derived from your IP address by our analytics providers;
  • Timestamps of visits;
  • Interaction events, such as button clicks, scroll depth, feature usage, filter applications, and navigation patterns.

On marketing pages, analytics data is pseudonymous and not linked to any user account. Google Analytics (GA4) operates in Consent Mode v2 and sets analytics cookies only if you grant consent.

In the authenticated app, Amplitude analytics data is associated with your account identifier (User ID) along with your early adopter flag and signup date. This data is used for product improvement purposes only and is not used for advertising or shared with third parties for their own purposes.

IP addresses may be processed by our analytics providers to derive approximate geographic information, but are not stored by WiseSignal in its own systems.

2.7 Support and Communication Data

When you use the in-app support widget or contact us, we may process:

  • Your email address and user ID (sent to Featurebase to identify you in the support widget);
  • Your subscription status, trial status, and acquisition channel (sent to Featurebase as contextual attributes to help us provide relevant support); and
  • Any messages, feedback, or bug reports you submit through the Featurebase widget or via email to contact@wisesignal.io.

2.8 Technical and Security Data

We process the following technical data:

  • IP addresses, which are processed temporarily during waitlist signup requests for rate limiting purposes — IP addresses are not stored permanently;
  • Authentication session tokens (JWTs), stored in browser cookies by Supabase Auth;
  • Cookie consent preferences, stored in your browser's localStorage; and
  • Theme preferences (light/dark mode), stored in your browser's localStorage.

3. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Providing the Service: Operating, maintaining, and delivering the features and functionality of the Service, including research content, AI commentary, filters, watchlists, and performance data;
  • Account management: Creating and managing your Account, authenticating your identity, and managing your Subscription and access to features;
  • Billing and payments: Processing subscription billing and payments through Stripe;
  • Communications: Sending transactional emails, including account confirmation and waitlist confirmation emails;
  • Customer support: Providing support through the in-app Featurebase messenger and email;
  • Analytics and improvement: Analyzing usage patterns to understand how the Service is used and to improve it, using GA4 (on marketing pages, with consent) and Amplitude (in the authenticated app);
  • Security and anti-abuse: Detecting and preventing fraud, abuse, and unauthorized access, including rate limiting, trial abuse prevention, and honeypot-based spam protection;
  • Legal compliance: Complying with applicable legal obligations, enforcing our Terms of Service, and responding to valid legal requests; and
  • Attribution analysis: Understanding acquisition channels and marketing effectiveness using hashed, non-reversible attribution data.

We do not sell, rent, or trade your personal data to third parties.

We do not engage in targeted advertising, cross-context behavioral advertising, or sharing of personal data with third parties for their own advertising purposes.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area or the United Kingdom, we process your personal data based on the following legal bases under the GDPR:

4.1 Consent (Article 6(1)(a))

We rely on your consent for:

  • Analytics cookies: Google Analytics cookies are set only after you grant consent via the cookie consent banner; and
  • Waitlist emails: Your email address is collected and used for waitlist communications based on your consent, which is recorded with a timestamp and confirmed via double opt-in.

You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

4.2 Performance of a Contract (Article 6(1)(b))

We process personal data as necessary to perform our contract with you (the Terms of Service), including:

  • Account registration and authentication;
  • Subscription management and billing through Stripe;
  • Providing the Service, including access to research content, AI commentary, filters, watchlists, and performance data; and
  • Processing cancellation and refund requests.

4.3 Legitimate Interests (Article 6(1)(f))

We process certain personal data based on our legitimate interests, balanced against your rights and freedoms:

  • Product analytics (Amplitude in authenticated sessions): Our legitimate interest in understanding how the Service is used and improving it. We minimize the data collected to your User ID, early adopter flag, and signup date, and do not use this data for advertising;
  • Security and anti-abuse: Our legitimate interest in protecting the Service and its users through rate limiting, trial abuse prevention, and honeypot fields;
  • Durable attribution analysis: Our legitimate interest in understanding marketing effectiveness through hashed email-based attribution records. We use irreversible hashing (SHA-256) and do not link this data back to identifiable individuals; and
  • Support context: Our legitimate interest in providing effective customer support by sharing your subscription status and acquisition channel with our support tool (Featurebase).

4.4 Legal Obligation (Article 6(1)(c))

We process personal data as necessary to comply with legal obligations, including retaining records required by applicable law and responding to valid legal requests.

5. Cookies and Tracking Technologies

5.1 Cookie Consent

WiseSignal uses a cookie consent banner that appears on marketing and authentication pages. Before you consent, no analytics cookies are set.

Your consent choice is stored in your browser's localStorage (not in a cookie). You may change your cookie preferences at any time using the "Cookie Preferences" link in the website footer.

5.2 Cookies We Use

Essential cookies (always active):

sb-*-auth-token (Supabase) — Authentication session management. Required for the Service to function for authenticated users. Set with SameSite=Lax and Secure flags.

Analytics cookies (set only if you consent):

_ga, _ga_* (Google Analytics) — Pseudonymous website analytics. Set only on marketing pages after you grant consent via the cookie banner.

Cookies we do NOT use:

  • Advertising or retargeting cookies;
  • Cross-site tracking cookies; or
  • Third-party advertising pixels.

5.3 Amplitude

Amplitude does not use cookies in any mode:

  • On marketing and authentication pages: Amplitude operates in fully cookieless mode with no user identification;
  • In the authenticated app: Amplitude uses browser localStorage (not cookies) for identity persistence. Your User ID, early adopter flag, and signup date are sent for product analytics.

5.4 Mixpanel

Mixpanel is used in a tightly scoped, anonymous-only configuration for evaluating the marketing and signup-funnel surfaces. It runs with persistence opted out by default — no Mixpanel cookies are set, and no Mixpanel device id is stored in localStorage. The anonymous distinct id exists only in memory for the duration of your current browser tab.

  • Surfaces: marketing pages, authentication pages (login / signup / password reset / email confirmation), the access-denied placeholder pages shown to users without an active subscription, and the /checkout/success landing page. Mixpanel is not loaded on the authenticated product surfaces (signals, transactions, watchlist, settings) — those routes continue to use Amplitude only.
  • Data sent — public marketing pages: page path and query string (UTM and click-id parameters captured for campaign attribution), Page View event metadata, and IP-derived geographic data (country / region / city). No Supabase user id, no email, no signup date.
  • Data sent — authentication pages: page path only (the query string is intentionally NOT captured so password-reset tokens, email-confirmation codes, and similar one-time secrets are never forwarded to Mixpanel), Page View event metadata, and IP-derived geographic data. No Supabase user id, no email.
  • Data sent — placeholder and /checkout/success pages: page path only (no query string), event metadata for click / checkout-funnel events, and IP-derived geographic data. Despite the user being signed in on these pages, Mixpanel does NOT receive your Supabase user id, email, or any other identifying profile data.
  • Autocapture is disabled on every surface. Only the curated event taxonomy (CTA clicks, section views, FAQ toggles, signup events, checkout-funnel events, etc.) flows to Mixpanel.
  • Session replay: enabled only on marketing pages, only after you accept the analytics consent banner, with default form-input masking on. Replay is not recorded on authentication pages, placeholder pages, the /checkout/success page, or any authenticated product page.
  • Opt-out: the same analytics opt-out path used for Amplitude (currently: clearing your stored consent via the cookie banner) suppresses Mixpanel session replay. Pre-consent event analytics on cookieless surfaces follows the same posture as Amplitude.

5.5 Featurebase

The Featurebase in-app support widget is loaded on both marketing and app pages:

  • For unauthenticated visitors: No user identification is sent to Featurebase;
  • For authenticated users: A signed JWT containing your email and user ID is sent to Featurebase, along with your subscription status, trial status, and acquisition channel, to provide contextual support.

6. Service Providers and Data Sharing

We share personal data with the following service providers, and only to the extent necessary to operate the Service:

6.1 Supabase (Database and Authentication)

  • Purpose: Database hosting, user authentication, session management, and data storage
  • Data processed: Account data, entitlements, watchlists, email subscriber records, and acquisition profiles
  • Role: Data processor
  • Hosting: Supabase cloud infrastructure hosted in the United States (us-east-1)
  • Privacy: supabase.com/privacy

6.2 Stripe (Payment Processing)

  • Purpose: Subscription billing, payment processing, tax compliance, and chargeback handling
  • Data processed: Email address (for checkout) and subscription status references
  • Role: Payment processor and, where applicable, merchant of record under the Managed Payments arrangement. Stripe acts as an independent data controller for payment data it processes.
  • Note: Stripe processes and stores payment card details, billing addresses, and transaction history independently. WiseSignal stores only reference identifiers and subscription metadata.
  • Privacy: stripe.com/privacy

6.3 Google Analytics (GA4)

  • Purpose: Website analytics on marketing pages
  • Data processed: Pseudonymous interaction events, page views, and approximate geographic location (derived from IP address by Google). No user ID is sent to GA4.
  • Role: Data processor
  • Consent: Analytics cookies require explicit opt-in via the cookie consent banner. Consent Mode v2 ensures no analytics cookies are set before consent is granted.
  • Hosting: Google servers, which may be located outside the EEA
  • Privacy: policies.google.com/privacy

6.4 Amplitude (Product Analytics)

  • Purpose: Product analytics — anonymous and aggregate on marketing pages; user-level usage patterns in the authenticated app
  • Data processed: On marketing pages: no identifying data (cookieless mode). In the authenticated app: User ID (UUID), early adopter flag, signup date, and interaction events.
  • Role: Data processor
  • Hosting: Amplitude servers in the United States
  • Privacy: amplitude.com/privacy

6.5 Mixpanel (Marketing-Funnel Analytics + Session Replay)

  • Purpose: Anonymous marketing-funnel analytics (page views, CTA clicks, signup conversion, checkout-open events) and consent-gated session replay on marketing pages only. Mixpanel runs alongside Amplitude on a narrow set of surfaces during a side-by-side evaluation period.
  • Data processed: On marketing pages: page URL with query string (for UTM / click-id attribution) and IP-derived geographic data. On authentication and post-signup-checkout pages: page path only (query string is intentionally stripped so reset / confirmation tokens never reach Mixpanel) and IP-derived geographic data. No Supabase user id, no email, no signup date — Mixpanel runs in anonymous-only mode in this configuration.
  • Session replay: Recorded only on marketing pages, only after analytics consent has been granted, with default form-input masking. Not recorded on authentication pages, placeholder pages, the /checkout/success page, or any authenticated product page.
  • Role: Data processor
  • Hosting: Mixpanel servers in the United States
  • Retention: Governed by Mixpanel project settings and Mixpanel's published retention policy (default retention applies).
  • Privacy: mixpanel.com/legal/privacy-policy

6.6 Featurebase (Support and Feedback)

  • Purpose: In-app support widget, feedback collection, and bug reporting
  • Data processed: For authenticated users: email, user ID (via signed JWT), subscription status, trial status, and acquisition channel. For unauthenticated visitors: no identifying data.
  • Role: Data processor
  • Privacy: featurebase.app/privacy

6.7 Resend (Transactional Email)

  • Purpose: Sending transactional emails, including waitlist confirmation and account verification emails
  • Data processed: Recipient email address and email content
  • Role: Data processor
  • Hosting: Resend servers in the United States
  • Privacy: resend.com/legal/privacy-policy

We do not share personal data with any other third parties except as required by law or to protect our rights.

7. International Data Transfers

WiseSignal is operated by Wisesignal, LLC, a company based in Delaware, United States. Some of our service providers process data on servers located outside the European Economic Area (EEA), including in the United States.

Service providers that process EEA personal data outside the EEA include Supabase, Google (GA4), Amplitude, Resend, and Stripe — all of which may process data on servers located in the United States.

Where personal data is transferred outside the EEA, we rely on the safeguards used by the relevant service provider, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • The EU-U.S. Data Privacy Framework, where the provider is certified; or
  • Other appropriate safeguards as required by applicable law.

If you are located in the EEA and would like more information about the specific safeguards applied to international transfers of your data, please contact us at contact@wisesignal.io.

8. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, or as required by law.

8.1 Account Data

Your account registration data, entitlements, and watchlist data are retained for the duration of your Account. When you delete your Account, these records are deleted.

8.2 Acquisition Profiles

Attribution records (keyed by SHA-256 hash of your email address) are retained indefinitely after account deletion. These records support aggregate marketing attribution analysis. Because they are keyed by an irreversible hash, they are not linked to any live user account after deletion and cannot be used to identify you without access to the original email address.

8.3 Waitlist Subscriber Data

Waitlist subscriber data is retained until you unsubscribe or request deletion. If you unsubscribe, your record is retained with an "unsubscribed" status and the timestamp of your unsubscribe action.

8.4 Analytics Data

  • Google Analytics: Analytics data is retained for 14 months, as configured in our Google Analytics settings, after which it is automatically deleted.
  • Amplitude: Analytics data is retained according to Amplitude's data retention policies.
  • Mixpanel: Anonymous marketing-funnel analytics and consent-gated marketing-page session replay are retained according to Mixpanel's default project retention policy.

8.5 Billing and Payment Data

Stripe reference identifiers and subscription metadata stored in WiseSignal's database are deleted when you delete your Account. Payment transaction records held by Stripe are retained by Stripe according to its own retention policies and applicable financial record-keeping requirements.

8.6 Support Data

Messages, feedback, and bug reports submitted through Featurebase or email are retained as long as the support relationship exists or as needed for operational or legal purposes.

8.7 Legal Consent Records

Records of the Terms of Service and Privacy Policy versions you accepted, along with the timestamp of your acceptance, are stored in your account entitlement record and are retained for the duration of your Account. These records are deleted when your Account is deleted.

8.8 Technical Data

  • IP addresses processed for rate limiting are not stored permanently. They are processed in-memory during request handling only.
  • Session cookies expire according to our authentication provider's session configuration.

9. Your Rights

9.1 Rights Under GDPR (EEA and UK Users)

If you are located in the European Economic Area or the United Kingdom, you have the following rights under the GDPR and UK GDPR:

  • Right of access (Article 15) — You may request a copy of the personal data we hold about you.
  • Right to rectification (Article 16) — You may request that we correct inaccurate personal data.
  • Right to erasure (Article 17) — You may request that we delete your personal data, subject to applicable legal retention obligations.
  • Right to restriction of processing (Article 18) — You may request that we limit the processing of your personal data in certain circumstances.
  • Right to data portability (Article 20) — You may request to receive your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Article 21) — You may object to the processing of your personal data where we rely on legitimate interests as a legal basis.
  • Right to withdraw consent — You may withdraw consent for any processing based on consent (such as analytics cookies or waitlist signup) at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right to lodge a complaint — You have the right to file a complaint with your local data protection authority (supervisory authority) if you believe your personal data has been processed in violation of applicable data protection law.

9.2 Rights Under U.S. State Privacy Laws

Delaware Residents. If and to the extent the Delaware Personal Data Privacy Act (DPDPA) applies to WiseSignal, Delaware residents may have the following rights:

  • Right to confirm whether we are processing your personal data;
  • Right to access your personal data;
  • Right to correct inaccuracies in your personal data;
  • Right to delete your personal data;
  • Right to obtain a copy of your data in a portable format;
  • Right to opt out of targeted advertising, sale of personal data, or profiling (WiseSignal does not engage in any of these activities); and
  • Right to appeal: If we deny your request, you may appeal by contacting contact@wisesignal.io. If the appeal is denied, we will provide information on how to contact the Delaware Department of Justice at privacy@delaware.gov.

California Residents. If and to the extent the California Consumer Privacy Act (CCPA/CPRA) applies to WiseSignal, California residents may have the following rights:

  • Right to know what personal information is collected, used, and disclosed;
  • Right to delete your personal information;
  • Right to correct inaccurate personal information;
  • Right to opt out of the sale or sharing of personal information (WiseSignal does not sell or share personal data for cross-context behavioral advertising);
  • Right to limit use and disclosure of sensitive personal information (WiseSignal does not collect or use sensitive personal information beyond what is necessary to provide the Service); and
  • Right to non-discrimination for exercising your privacy rights.

9.3 How to Exercise Your Rights

To exercise any of the rights described above, contact us at contact@wisesignal.io.

We will respond to your request within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.

Account deletion can be initiated through the account settings in the Service. When you delete your Account, your authentication record, entitlements, watchlist data, and legal consent records are deleted. Hashed attribution data (acquisition profiles) is retained as described in Section 8.2.

10. Data Security

WiseSignal takes reasonable technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

  • Encrypted data transmission using HTTPS/TLS for all connections;
  • Hashed passwords, managed by our authentication provider (Supabase Auth);
  • Row-Level Security (RLS) on database tables, ensuring users can only access their own data;
  • JWT-based authentication with secure session management;
  • Server-side API keys and secrets stored as environment variables, not in client-side code;
  • Signed JWTs (HMAC-based) for third-party identity verification;
  • Hashed confirmation tokens (SHA-256) for email verification; and
  • Honeypot fields and rate limiting for anti-spam and anti-abuse protection.

No internet transmission or electronic storage system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security of your data.

11. Children's Privacy

The Service is not directed to individuals under the age of 18 (or the age of legal majority in their jurisdiction). WiseSignal does not knowingly collect personal data from children.

If we become aware that we have inadvertently collected personal data from a child, we will take reasonable steps to delete that data promptly.

If you believe that a child has provided personal data to WiseSignal, please contact us at contact@wisesignal.io.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals. There is currently no uniform industry standard for recognizing or responding to DNT signals.

WiseSignal does not currently respond to DNT signals. However, you can manage your cookie and analytics preferences at any time using the cookie consent banner, and you can opt out of analytics tracking by declining cookies or adjusting your preferences through the "Cookie Preferences" link in the website footer.

13. Changes to This Privacy Policy

WiseSignal may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law.

If we make material changes, we will update the "Last Updated" date at the top of this page and may notify you by email or by prominent posting on the Service.

Where required by applicable law, we will obtain your consent before applying material changes to processing that depends on consent.

We encourage you to review this Policy periodically. If you do not agree with the updated Policy, you should stop using the Service.

14. Contact Information

Wisesignal, LLC
A Delaware limited liability company

Data protection and privacy inquiries: contact@wisesignal.io

User support: In-app Featurebase messenger or contact@wisesignal.io

EEA supervisory authority complaints: Users in the European Economic Area have the right to lodge a complaint with their local data protection authority if they believe their personal data has been processed in violation of applicable data protection law.

WiseSignal provides financial data and research for informational purposes only. Not investment advice. Past performance does not guarantee future results.

This Privacy Policy was last updated on April 23, 2026.

Back to Home