Privacy Policy

Last updated: April 8, 2026

All Them Signals ("we", "us", "our") operates the website allthemsignals.com (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address — used for authentication and sending keyword alerts
Password — stored as a one-way cryptographic hash (bcrypt via Django's auth system); we never store or have access to your plaintext password

1.2 Keyword Configuration

We store the keywords you configure for monitoring, including any platform preferences, exclude/require refinement rules, and alert delivery preferences. This data is used solely to operate the Service.

1.3 Payment Information

Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other financial information on our servers. We store only a Stripe customer ID and subscription ID to manage your plan. See Stripe's Privacy Policy.

1.4 Third-Party Platform Data

Our Service monitors publicly available content on third-party platforms (Hacker News, Reddit, Bluesky, GitHub, Stack Overflow, Lobsters, Mastodon, dev.to, Medium, Lemmy, Product Hunt, Hacker Noon, Discourse, npm, PyPI, and Telegram) to find keyword matches. When a match is found, we store:

The platform name and content ID (for deduplication)
The title and a brief text excerpt (up to 500 characters)
The URL of the original content
The author username as displayed on the platform
The timestamp of when the content was posted

            Important: We only process publicly available content. We do not access private messages, private profiles, non-public posts, or any content that requires authentication to view on any platform. We do not collect, store, or process any personal data about the authors of matched content beyond their publicly visible username.
        

2. Reddit-Specific Data Handling

When accessing data through the Reddit API, we comply fully with Reddit's Responsible Builder Policy and the Reddit Data API Terms:

2.1 Data We Collect from Reddit

We access only public posts and comments from Reddit's streaming API
We store only the minimum data necessary to deliver keyword alerts: post/comment ID, title, a text snippet (up to 500 characters), URL, author username, and timestamp
We do not collect user profiles, voting data, private messages, moderation data, or any non-public Reddit content

2.2 Reddit Data Retention and Deletion

48-Hour Deletion Compliance: We automatically delete Reddit-sourced content that has been deleted or removed on Reddit within 48 hours of the deletion event, in compliance with Reddit's Data API Terms. Our system runs an automated daily reconciliation process to identify and purge any Reddit content that is no longer publicly available.

2.3 Reddit Data Usage

Reddit data is used exclusively for the purpose of delivering keyword mention alerts to our users
We do not sell, license, or share Reddit data with any third parties
We do not use Reddit data for training machine learning models, advertising, or any purpose other than the Service
We do not aggregate Reddit data for analytics, research, or commercial purposes beyond individual keyword alerts

2.4 Reddit User Rights

Reddit users who wish to have their content excluded from our keyword matching can contact us at privacy@allthemsignals.com. We will promptly exclude the specified content and/or username from our monitoring.

3. How We Use Your Information

We use the collected information to:

Operate and maintain the Service
Send keyword alert notifications via email, RSS, JSON feed, or webhooks as configured by you
Process payments and manage subscriptions
Communicate important service updates

We do not:

Sell your personal data to third parties
Use your data for advertising or ad targeting
Share your keyword configurations with anyone
Train AI/ML models on any collected data

4. Data Storage and Security

4.1 Storage

Your data is stored in a PostgreSQL database hosted on infrastructure operated by Bunny.net (BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia). Data is stored within the European Union.

4.2 Security Measures

All data in transit is encrypted via TLS/HTTPS
Passwords are hashed using bcrypt with per-user salts
API tokens are generated using cryptographically secure random number generators
Database access is restricted to authenticated application services only
We follow the principle of least privilege for all data access

5. Data Retention

Account data: Retained as long as your account is active. Upon account deletion, all personal data is permanently deleted within 30 days.
Keyword match data: Match records are retained for 90 days, after which they are automatically purged.
Reddit-sourced data: Subject to 48-hour deletion when content is removed from Reddit (see Section 2.2).
Payment records: Managed by Stripe per their retention policies. We retain only Stripe customer/subscription IDs.

6. Data Sharing

We share data only with the following service providers, strictly for operating the Service:

Stripe (payment processing) — Privacy Policy
Resend (email delivery) — Privacy Policy
Bunny.net (hosting and CDN) — Privacy Policy

We do not share data with any other third parties. We will disclose information only if required by law.

7. Your Rights

You have the right to:

Access your personal data — available in your account settings
Correct your personal data — update your email or password in settings
Delete your account and all associated data — contact us at privacy@allthemsignals.com
Export your data — available via the JSON feed in settings
Object to processing — contact us at privacy@allthemsignals.com

For users in the European Economic Area (EEA), these rights are guaranteed under the General Data Protection Regulation (GDPR). We process data under the legal basis of contractual necessity (to provide the Service you signed up for) and legitimate interest (to operate and improve the Service).

8. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or advertising cookies. We do not use any third-party tracking scripts.

9. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For any questions, data requests, or privacy concerns:

Email: privacy@allthemsignals.com
Website: https://allthemsignals.com

Data Controller: All Them Signals, operated by Dino Kukic. For GDPR inquiries, contact privacy@allthemsignals.com.