Back to home

Privacy Policy

Effective 2026-05-16 · Last updated 2026-05-16

1. Who we are

SignalIQ Pro ("we", "us") is operated from Hyderabad, India. Contact: hello@signaliq.in.

2. Personal data we collect

  • Identity & contact: name, email, phone number, country, IP address, browser user-agent.
  • Authentication: password (stored only as a one-way PBKDF2-SHA256 hash with 600,000 iterations — we cannot read your password), session tokens, login event log.
  • Subscription & payment: tier, status, expiration, payment-provider transaction IDs. We do NOT store card numbers — those are held by our payment gateway (Razorpay and/or Stripe).
  • Acknowledgement records: timestamp + IP at which you accepted our Terms, Privacy Policy, Disclaimer, and Refund Policy. Required for SEBI Research Analyst compliance.
  • Optional integrations: Telegram chat ID after you link the alerts bot.

3. Why we collect it

  • Provide and improve the Service.
  • Authenticate logins and prevent fraud / credential sharing (single-session enforcement, geo-anomaly detection, IP rate limiting).
  • Meet SEBI Research Analyst record-keeping obligations.
  • Send recommendation alerts via the channel you opted into (email, Telegram, SMS).
  • Process subscription payments and refunds.

4. How long we keep it

  • Active accounts: retained for the lifetime of the account.
  • Deleted accounts: identity records hard-deleted within 30 days; payment / SEBI compliance records retained for 7 years per applicable rules.
  • Login event log: retained for 24 months for fraud forensics.

5. Who we share it with

We do not sell or rent your personal data. Limited sharing only with:

  • Payment processor (Razorpay / Stripe) — transaction processing.
  • Telegram (only if you opt in) — alert delivery.
  • Hosting provider (Render) — operational logs and backups.
  • SEBI, RBI, or other Indian regulators — only when legally required.

6. Your rights

  • Access / correction / deletion: email hello@signaliq.in from your registered address.
  • Withdraw consent for alerts: unsubscribe links in every alert channel; you may also disable channels in your account settings.
  • Account deletion: see Section 4.

7. Security

We use industry-standard controls including HTTPS encryption, PBKDF2 password hashing, single-active-session enforcement, encrypted-at-rest secrets storage (Fernet AES-128 + HMAC-SHA256), daily encrypted backups, and IP-based geo-anomaly detection. No system is perfectly secure; we cannot warrant the absolute security of your data.

8. Cookies

We use a single HTTPOnly, SameSite=Lax session cookie (siq_session) for authentication. No third-party advertising cookies. The cookie is set Secure in production HTTPS environments.

9. Changes

Material changes will be notified at the email address on file with at least 14 days notice. Continued use of the Service after the effective date constitutes acceptance.