Last updated: May 22, 2026
This Privacy Policy explains how HeatSignal LLC, a Colorado limited liability company ("HeatSignal," "we," "us," or "our"), collects, uses, and shares information when you use the Service. HeatSignal LLC is the data controller (under GDPR / UK GDPR) and the business (under CCPA / CPRA and equivalent U.S. state privacy laws) for the personal information described here. We do not sell your personal information and we do not run an affiliate program tied to your personal data.
Account and authentication. Email address, name (if provided by your sign-in method), and data needed to maintain your session and verify your sign-in via one-time magic link.
Subscriptions and preferences. Pairs you follow, size filters, language preference, and similar settings you configure in the app.
Optional SMS. If you opt in to text alerts, we collect the phone number you provide and related opt-in/opt-out status as required for compliance.
Push notification tokens. When you enable notifications in the iOS or Android app, your device shares an opaque push token with us via Apple Push Notification service (APNs) or Google Firebase Cloud Messaging (FCM). The token is used solely to deliver alerts you have opted in to and is never shared with advertisers or analytics providers.
Technical and usage data. IP address, browser and device type, approximate location derived from IP, timestamps, and diagnostic logs—typical for operating a secure web application.
Communications. Messages you send us (for example, pair requests or support) and records of transactional emails we send (delivery metadata).
Provide the Service: sign-in, abuse-prevention checks, showing listings, matching alerts to your subscriptions, and honoring your preferences.
Communicate with you: transactional email (magic links, invitations, listing alerts) and optional SMS when you have opted in.
Security and integrity: detect abuse, protect accounts, debug issues, and improve reliability.
Legal and compliance: comply with law, respond to lawful requests, and enforce our Terms.
We share information with service providers that process data on our behalf under contractual obligations. Our current sub-processors are: Vercel (application hosting and request logs), Neon (managed Postgres database), Resend (transactional email delivery), Twilio (SMS delivery, used only when you opt in), Apple Push Notification service (iOS push delivery), and Google Firebase Cloud Messaging (Android push delivery). Each handles your data only as our processor and is contractually required to protect it to a standard equivalent to this policy.
We may disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice where appropriate).
We do not sell personal information as that term is commonly defined in U.S. state privacy laws.
We protect data in transit with TLS, store database records on encrypted volumes, and follow industry-standard access controls (least-privilege credentials, rotating session tokens, audit logging). No system is perfectly secure—if we become aware of a breach affecting your information, we will notify you consistent with applicable law.
HeatSignal does not track you across other companies' apps or websites for advertising or marketing purposes.
On iOS, we do not request the advertising identifier (IDFA) and we do not use the App Tracking Transparency framework. On Android, we do not use the Google Advertising ID.
We do not run third-party advertising networks, retargeting pixels, or cross-site analytics SDKs in the Service.
We use cookies and similar technologies for authentication, security, session management, and core functionality. You can control cookies through your browser settings; disabling certain cookies may limit sign-in or features.
We keep information for as long as your account is active and as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account or certain data; we will respond consistent with operational and legal requirements.
You can manage subscriptions and notification settings inside the Service where available. For SMS, use STOP/HELP as described in the opt-in flow when applicable.
Depending on where you live, you may have rights to access, correct, delete, or export personal data, or to object to certain processing. Contact us using the email below. We will not discriminate against you for exercising privacy rights granted by law.
California residents (CCPA/CPRA). You have the right to request access to, correction of, or deletion of your personal information, to know the categories of personal information we collect and share, and to opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share for cross-context behavioral advertising. Authorized agents may submit requests on your behalf with valid authorization.
Colorado residents (CPA). Under the Colorado Privacy Act, you have the right to confirm whether we process your personal data, to access and correct it, to delete it, to obtain a portable copy, and to opt out of targeted advertising, sale of personal data, and certain profiling. We do not engage in targeted advertising, do not sell personal data, and do not conduct profiling producing legal or similarly significant effects. To exercise these rights, contact us at the email below; you may appeal a denied request by replying to our response.
EEA, UK, and Switzerland users (GDPR / UK GDPR). HeatSignal LLC is the controller of your personal data. Our lawful bases for processing are contract performance (operating the Service for you), legitimate interests (security, abuse prevention, product improvement), legal obligation (where required), and consent (for optional features such as SMS alerts and push notifications). You may request access, correction, erasure, restriction, portability, or object to processing, and you may withdraw consent at any time without affecting the lawfulness of prior processing. You may also lodge a complaint with your local data protection authority. We do not currently maintain an EU/UK representative; users from those regions may reach us at the email below.
HeatSignal is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe a child under 13 has provided us personal information, contact us and we will take steps to delete it. This language reflects common requirements under U.S. law (such as COPPA) and similar rules elsewhere—it does not mean the product is “for kids”; it means we take minors’ privacy seriously.
If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries where we or our vendors operate. Those countries may have different data protection laws than your own.
We may update this Privacy Policy from time to time. We will change the “Last updated” date when we do and may provide additional notice for material changes.
Privacy questions or requests: email support@heatsignal.app. Address correspondence to HeatSignal LLC. We do not list a postal address or phone number for privacy requests on this page; for legal service of process, contact HeatSignal LLC through its registered agent on file with the Colorado Secretary of State.