Who We Are
Signal Marketplace operates the website located at signalmarketplace.co.uk (the "Platform"). For the purposes of UK data protection law, Signal Marketplace is the data controller responsible for your personal data.
We are based in the United Kingdom. Our platform is accessible globally and may be used by individuals from any country. Where you access this platform from outside the UK, you acknowledge that your data will be processed in accordance with UK GDPR and the UK Data Protection Act 2018.
If you have any questions about this Privacy Policy or how we handle your data, you can contact us at any time using the email address above. We aim to respond within 30 days.
What Personal Data We Collect
We collect personal data that you provide to us directly and data that is generated automatically when you use the Platform. We only collect what is necessary to provide our service.
| Data Type | What We Collect | How Collected |
|---|---|---|
| Account Data | Email address, full name, username, account role | Provided by you at signup |
| Profile Data | Bio, website URL, Twitter handle, avatar image | Optionally added by you in your profile settings |
| Usage Data | Pages visited, features used, session activity | Automatically collected via Supabase |
| Trading Tool Data | Trade journal entries, backtest sessions, prop challenge data, calculator inputs | Provided by you when using platform tools |
| Support Data | Name, email, message content from contact form submissions | Provided by you when contacting support |
| Payment Data | Payment processing references, subscription status | Processed by Stripe — we do not store card details |
| Technical Data | IP address, browser type, device information | Automatically collected by Supabase infrastructure |
We do not collect sensitive personal data such as financial account numbers, government ID numbers, health information, or biometric data. We do not collect data from children under the age of 18.
How We Use Your Data
We use your personal data only for the purposes set out below. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects on you.
- To create and manage your account — your email and name allow us to identify you, maintain your session, and give you access to platform features.
- To provide platform tools and features — trade journal, backtest, prop challenge, calculators and other tools require storing data you input in order to function.
- To process payments and subscriptions — where applicable, we use Stripe to handle membership payments and track subscription status.
- To respond to support requests — when you submit a contact form or support ticket, we use your details to respond to your query.
- To improve the platform — aggregated, anonymised usage data helps us understand how the platform is used and where improvements can be made.
- To prevent fraud and abuse — we monitor activity to detect misuse of the platform and protect users.
- To fulfil legal obligations — we may be required to process or retain certain data to comply with UK law.
We do not sell your personal data to third parties. We do not use your data for advertising or marketing to third parties. We do not send you unsolicited marketing emails. We do not share your data with any party other than those described in Section 5 of this policy.
Legal Basis for Processing
Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases depending on the type of processing:
| Processing Activity | Legal Basis |
|---|---|
| Creating and managing your account | Contract — necessary to provide the service you signed up for |
| Storing tool data (journal, backtest, etc.) | Contract — necessary to deliver the functionality you use |
| Processing payments | Contract — necessary to fulfil a paid subscription |
| Responding to support requests | Legitimate interests — to assist users who contact us |
| Platform security and fraud prevention | Legitimate interests — to protect the platform and its users |
| Compliance with UK law | Legal obligation — where required by applicable legislation |
Who We Share Your Data With
We do not sell, rent or trade your personal data. We only share data with the following third-party service providers who help us operate the Platform, and only to the extent necessary for that purpose.
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication and backend infrastructure | All account and platform data stored in the database |
| Stripe | Payment processing and subscription management | Email address, payment details processed directly by Stripe |
Both Supabase and Stripe operate under their own privacy policies and are GDPR-compliant data processors. We have agreements in place with these providers that restrict how they may use your data.
We may also disclose your data to law enforcement or regulatory authorities where we are legally required to do so, or where necessary to protect the safety of users or the public.
Beyond the providers listed above, we do not share your personal data with any other third parties, partners, advertisers or analytics platforms.
Cookies and Local Storage
We use cookies and browser local storage to make the Platform work and to improve your experience. We do not use advertising cookies or third-party tracking cookies.
| Type | Purpose | Stored By |
|---|---|---|
| Authentication Cookie | Keeps you logged in to your account between visits | Supabase |
| Session Storage | Maintains your active session while using the platform | Supabase |
| Local Storage | Saves your preferences such as saved articles, read articles, and blog bookmarks on your device | Your browser (client-side only) |
The local storage data listed above is stored entirely on your own device and is never transmitted to our servers. You can clear it at any time by clearing your browser storage or using your browser's developer tools.
We do not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising cookies. The only cookies set are those strictly necessary for the Platform to function.
Your Rights Under UK GDPR
Under UK data protection law you have the following rights in relation to your personal data. You can exercise any of these rights by contacting us at support@signalmarketplace.co.uk. We will respond within 30 days.
You can request a copy of all personal data we hold about you at any time.
You can ask us to correct any inaccurate or incomplete personal data we hold.
You can request that we delete your personal data where there is no compelling reason for us to continue processing it.
You can ask us to restrict processing of your data in certain circumstances.
You can request a copy of your data in a structured, commonly used, machine-readable format.
You can object to processing based on legitimate interests at any time.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would however appreciate the opportunity to resolve any concerns directly before you contact the ICO.
How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by law. The following retention periods apply:
| Data Type | Retention Period |
|---|---|
| Account and profile data | For the duration of your account plus 12 months after deletion request |
| Trading tool data | For the duration of your account. Deleted upon account deletion request |
| Support ticket data | Up to 2 years after the ticket is resolved |
| Payment records | Up to 7 years as required by UK financial record-keeping obligations |
| Technical and log data | Up to 90 days, retained by Supabase infrastructure logs |
If you request deletion of your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain certain records.
To request deletion of your account and associated data, please email us at support@signalmarketplace.co.uk with the subject line "Account Deletion Request". We will process your request within 30 days and confirm once complete.
How We Protect Your Data
We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it against unauthorised access, loss, destruction or alteration.
- Encrypted storage — all data is stored in Supabase which encrypts data at rest and in transit using industry-standard TLS encryption.
- Secure authentication — user passwords are never stored in plain text. Authentication is handled entirely by Supabase Auth using industry-standard hashing.
- Row level security — our database uses Supabase Row Level Security (RLS) policies that ensure users can only access their own data.
- Payment security — all payment processing is handled by Stripe, which is PCI DSS compliant. We never store card numbers or sensitive payment details on our servers.
- Access controls — access to platform infrastructure is restricted to authorised personnel only.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware and will notify affected users without undue delay where required.
Contact and Policy Updates
If you have any questions, concerns or requests relating to this Privacy Policy or your personal data, please contact us using the details below. We will always do our best to resolve any concerns promptly and transparently.
Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the Platform after any changes constitutes your acceptance of the updated policy.
April 2026. This policy applies to all users of signalmarketplace.co.uk regardless of location.