Last updated: June 2026
This Privacy Policy explains how HeatSignal LLC, a Colorado limited liability company ("HeatSignal," "we," "us," or "our"), collects, uses, and shares information when you use the Service. HeatSignal LLC is the data controller (under GDPR / UK GDPR) and the business (under CCPA / CPRA and equivalent U.S. state privacy laws) for the personal information described here. We do not sell your personal information and we do not run an affiliate program tied to your personal data.
Account and authentication. Email address and the data needed to verify your sign-in and maintain your session. You can sign in with a one-time email magic link, or with Google or Apple. When you use Google or Apple sign-in, we receive your name and email address from that provider to create or access your account. With Apple you may choose Hide My Email, in which case we receive a private relay address instead of your real one. We never receive your Google or Apple password.
Profile and social. A display name and optional profile photo, Instagram handle, reseller status, and notes you choose to add. Some of this appears on your public collector profile and in social features (such as followers and activity) when you make it visible.
Your collection and listings. Pairs you catalog, photos you upload of your items, purchase prices you record, and any marketplace listings you create.
Subscriptions and preferences. Pairs you follow, size filters, language preference, and similar settings you configure in the app.
Deals and trades. When you transact with another collector, we collect the shipping address you provide, ship and receive confirmations, any receipt or evidence photos you upload, and ratings or vouches you exchange.
Payments. To send or receive money through the platform you connect a payment account. Our payment processor collects your identity and bank or payout details directly; we receive transaction records and your payout-account status, not your full financial credentials.
Optional SMS. If you opt in to text alerts, we collect the phone number you provide and related opt-in/opt-out status as required for compliance.
Push notification tokens. When you enable notifications in the iOS or Android app, your device shares an opaque push token with us via Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM). The token is used solely to deliver alerts you have opted in to and is never shared with advertisers or analytics providers.
Technical and usage data. IP address, browser and device type, approximate location derived from IP, timestamps, links you click out to marketplaces, and diagnostic logs—typical for operating a secure web application.
Communications. Messages you send us (for example, pair requests or support) and records of transactional emails we send (delivery metadata).
Provide the Service: sign-in, abuse-prevention checks, showing listings, matching alerts to your subscriptions, and honoring your preferences.
Run the marketplace: show listings and collector profiles, facilitate deals between collectors, process payments and payouts through our payment processor, and surface ratings and vouches.
Communicate with you: transactional email (magic links, invitations, listing alerts) and optional SMS when you have opted in.
Measure our advertising: understand which ads bring people to HeatSignal, using conversion tracking as described in “Tracking and advertising identifiers” below.
Security and integrity: detect abuse, protect accounts, debug issues, and improve reliability.
Legal and compliance: comply with law, respond to lawful requests, and enforce our Terms.
We share information with service providers that process data on our behalf under written contracts. These include providers for application hosting and request logging, managed database storage, file and image storage, payment processing and payouts, transactional email delivery, SMS delivery (used only when you opt in), push notification delivery to your device (Apple and Google operate the iOS and Android push channels), and advertising-conversion measurement (Google Ads, described below). Each handles your data only as permitted by our agreement with them. We maintain a current list of our sub-processors and will provide their specific identities on request.
When you transact with another collector, the shipping address you provide is shared with your counterparty to complete the deal, and your public profile information is visible to other users where you have chosen to make it public.
We may disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice where appropriate).
We do not sell personal information as that term is commonly defined in U.S. state privacy laws.
We protect data in transit with TLS, store database records on encrypted volumes, and follow industry-standard access controls (least-privilege credentials, rotating session tokens, audit logging). No system is perfectly secure—if we become aware of a breach affecting your information, we will notify you consistent with applicable law.
We use Google Ads conversion tracking on our website to measure how well our advertising works—for example, to learn that someone who clicked one of our ads later created an account. This loads Google’s tag, sets Google cookies (such as `_gcl_au`), and shares conversion information with Google. You can limit this through your browser settings and Google’s ad-settings and opt-out tools.
Beyond this advertising measurement, HeatSignal does not run other third-party advertising networks or cross-site analytics SDKs in the Service, and we do not sell your personal information.
On iOS, we do not request the advertising identifier (IDFA) and we do not use the App Tracking Transparency framework. On Android, we do not use the Google Advertising ID.
We use cookies and similar technologies for authentication, security, session management, and core functionality. We also use advertising-measurement cookies set by Google Ads to attribute ad conversions, as described above. You can control cookies through your browser settings; disabling certain cookies may limit sign-in or features.
We keep information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.
Deleting your account. You can permanently delete your account at any time from inside the app: open your profile, scroll to the bottom, and choose Delete account. You will be asked to confirm before anything is removed. You do not need to email us or take any step outside the app.
What deletion removes. If you have never completed a marketplace trade, deleting your account permanently erases your account and all associated data—your profile, collection, photos, subscriptions, messages, vouches, and settings.
Transaction records we retain. If you have completed a marketplace trade, we permanently erase your personal profile data (such as your name, email, profile photo, Instagram handle, sizes, and notes) and remove your account from the collector directory and public profiles, but we retain a minimum, anonymized record of the transactions you were part of—order and payment metadata, shipping and delivery confirmations, ratings, and the dispute history. We keep this because tax, anti-money-laundering, and financial record-keeping laws require it, because it is necessary to resolve disputes and prevent fraud, and because the other party to a trade has a right to their own record of the deal. This retained data is disassociated from your identity, stored only for as long as the applicable legal retention period requires, and then deleted.
You may also request deletion of specific data by contacting us; we will respond consistent with these operational and legal requirements.
You can manage subscriptions and notification settings inside the Service where available. For SMS, use STOP/HELP as described in the opt-in flow when applicable.
Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. Contact us using the email below. We will not discriminate against you for exercising privacy rights granted by law.
California residents (CCPA/CPRA). You have the right to request access to, correction of, or deletion of your personal information, to know the categories of personal information we collect and share, and to opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell your personal information. We use Google Ads conversion tracking for advertising measurement, which may be considered "sharing" under California law; you can opt out by disabling advertising cookies in your browser, using Google’s ad-settings tools, or contacting us at the email below. Authorized agents may submit requests on your behalf with valid authorization.
Colorado residents (CPA). Under the Colorado Privacy Act, you have the right to confirm whether we process your personal data, to access and correct it, to delete it, to obtain a portable copy, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not sell personal data and do not conduct profiling producing legal or similarly significant effects. We use Google Ads conversion tracking for advertising measurement; to the extent this is considered targeted advertising under the CPA, you may opt out through your browser’s advertising-cookie controls, Google’s tools, or by contacting us at the email below. You may appeal a denied request by replying to our response.
EEA, UK, and Switzerland users (GDPR / UK GDPR). HeatSignal LLC is the controller of your personal data. Our lawful bases for processing are contract performance (operating the Service for you), legitimate interests (security, abuse prevention, product improvement), legal obligation (where required), and consent (for optional features such as SMS alerts, push notifications, and advertising-measurement cookies where required). You may request access, correction, erasure, restriction, portability, or object to processing, and you may withdraw consent at any time without affecting the lawfulness of prior processing. You may also lodge a complaint with your local data protection authority. We do not currently maintain an EU/UK representative; users from those regions may reach us at the email below.
HeatSignal is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, contact us and we will take steps to delete it. This language reflects common requirements under U.S. law (such as COPPA) and similar rules elsewhere—it does not mean the product is “for kids”; it means we take minors’ privacy seriously.
If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where we or our vendors operate. Those countries may have different data protection laws than your own.
We may update this Privacy Policy from time to time. We will change the “Last updated” date when we do and may provide additional notice for material changes.
Privacy questions or requests: email support@heatsignal.app. Address correspondence to HeatSignal LLC. We do not list a postal address or phone number for privacy requests on this page; for legal service of process, contact HeatSignal LLC through its registered agent on file with the Colorado Secretary of State.