Privacy Policy

Last Updated: 19.02.2026

§1. General Information

1.1. The controller of your personal data is Wojtek Kibitlewski, operating a business at ul. Śnieżyczek 11A, Katowice, Poland, Tax ID: 8441087460, email: sales@thesignalscout.com (hereinafter: the "Controller").

1.2. This Privacy Policy describes the rules for processing personal data collected through the theSignalScout platform available at thesignalscout.com (hereinafter: the "Service").

1.3. The Controller takes the protection of personal data seriously and applies appropriate technical and organizational measures to ensure data security in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR).

§2. Categories of Personal Data

2.1. The Controller processes the following categories of personal data:

  • a) Account data — name, email address, encrypted password, language preferences;
  • b) Business profile data — description of the User's business or professional activity;
  • c) Payment data — billing information, transaction history (payment card data is processed exclusively by the payment processor, e.g., Stripe, and is not stored by the Controller);
  • d) Technical data — IP address, browser type, operating system, access logs;
  • e) Service usage data — list of Monitored Profiles, Alert history, AI analysis results (Scoring, summaries);
  • f) Public Data — publicly available information from LinkedIn profiles of Monitored Profiles, including names, job titles, company names, and post content.

§3. Purposes and Legal Basis of Data Processing

3.1. Personal data is processed for the following purposes and on the following legal bases:

  • a) Performance of the service agreement (Art. 6(1)(b) GDPR) — creating and managing the Account, providing the Service's functionalities, processing payments, sending service-related notifications (Alerts, digests);
  • b) Legitimate interest of the Controller (Art. 6(1)(f) GDPR) — ensuring the security of the Service, preventing abuse, handling complaints, pursuing or defending legal claims, internal analytics and improving the Service;
  • c) Consent (Art. 6(1)(a) GDPR) — sending the newsletter and marketing communications (consent may be withdrawn at any time);
  • d) Legal obligations (Art. 6(1)(c) GDPR) — fulfilling accounting and tax obligations, responding to requests from authorized authorities.

§4. Public Data from LinkedIn

4.1. The Service processes publicly available data from the LinkedIn platform (names, job titles, company names, post content) for the purpose of providing the Service's functionalities.

4.2. This data is independently sourced from publicly accessible online sources. The Service does not use the User's LinkedIn account to collect any data.

4.3. The legal basis for processing Public Data is the legitimate interest of the Controller (Art. 6(1)(f) GDPR), consisting in enabling Users to monitor publicly available business information for purposes related to their professional activity.

4.4. If a person whose data is being monitored exercises their rights (e.g., right to object), the Controller will take appropriate action in accordance with GDPR provisions.

§5. Data Sharing with Third Parties

5.1. The Controller may share personal data with the following categories of recipients:

  • a) AI providers — post content and business descriptions are processed through third-party AI APIs (including OpenAI) for the purpose of generating summaries, Scoring, and Alerts. The User's personal data (email, password) is not transmitted to AI providers;
  • b) Payment processor — payment data is processed by Stripe (or another payment processor) for the purpose of handling transactions;
  • c) Hosting and infrastructure providers — servers and cloud services used to store and process data;
  • d) Email service providers — for sending transactional and marketing emails;
  • e) Authorities — when required by law or a legally binding order.

5.2. The Controller does not sell personal data to third parties.

§6. International Data Transfers

6.1. Personal data is primarily stored on servers located within the European Union.

6.2. Some data may be transferred to third countries (including the United States) in connection with the use of services such as OpenAI and Stripe.

6.3. Such transfers are based on appropriate safeguards compliant with GDPR, including Standard Contractual Clauses (SCCs), adequacy decisions, or the EU–US Data Privacy Framework, as applicable.

§7. Data Retention Period

7.1. Personal data is stored for the following periods:

  • a) Account data — for the duration of having an active Account, and for 30 days after Account deletion;
  • b) Payment and billing data — for the period required by tax and accounting regulations (up to 5 years from the end of the fiscal year);
  • c) Marketing data — until consent is withdrawn or an objection is raised;
  • d) Technical logs — up to 90 days;
  • e) Public Data — for the duration of monitoring. After the User removes a Monitored Profile, the related data is deleted within 30 days.

§8. Rights of Data Subjects

8.1. In accordance with GDPR, you have the following rights:

  • a) Right of access (Art. 15 GDPR) — the right to obtain information about the processing of your personal data and to receive a copy thereof;
  • b) Right to rectification (Art. 16 GDPR) — the right to have inaccurate data corrected or incomplete data completed;
  • c) Right to erasure (Art. 17 GDPR) — the right to request deletion of your data ("right to be forgotten");
  • d) Right to restriction of processing (Art. 18 GDPR) — the right to request that processing be limited in certain circumstances;
  • e) Right to data portability (Art. 20 GDPR) — the right to receive your data in a structured, commonly used, machine-readable format;
  • f) Right to object (Art. 21 GDPR) — the right to object to data processing based on the Controller's legitimate interest, including profiling;
  • g) Right to withdraw consent (Art. 7(3) GDPR) — the right to withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

8.2. To exercise your rights, please contact the Controller at: sales@thesignalscout.com.

8.3. The Controller shall respond to requests within 30 days of receipt. In complex cases, this period may be extended by a further 60 days, of which you will be notified.

8.4. You also have the right to lodge a complaint with a supervisory authority — in Poland, the President of the Personal Data Protection Office (UODO).

§9. Cookies and Tracking Technologies

9.1. The Service uses cookies and similar technologies for the following purposes:

  • a) Essential cookies — necessary for the proper functioning of the Service (session management, language preferences, security);
  • b) Analytical cookies — used to analyze traffic and usage of the Service (e.g., Google Analytics) to improve its quality;
  • c) Marketing cookies — used to display personalized advertisements and measure the effectiveness of marketing campaigns (only with the User's consent).

9.2. You can manage cookie preferences through your browser settings or the cookie consent banner displayed when you first visit the Service.

9.3. Disabling essential cookies may affect the proper functioning of the Service.

§10. Data Security

10.1. The Controller applies appropriate technical and organizational measures to protect personal data, including:

  • a) SSL/TLS encryption for data in transit;
  • b) encryption of passwords using secure hashing algorithms;
  • c) regular security audits and software updates;
  • d) access control and the principle of least privilege;
  • e) regular data backups.

10.2. Despite the security measures in place, no method of data transmission over the Internet or electronic storage is 100% secure. The Controller shall promptly notify Users and the relevant supervisory authority of any personal data breach in accordance with GDPR requirements.

§11. Changes to the Privacy Policy

11.1. The Controller reserves the right to amend this Privacy Policy. Users will be notified of material changes at least 14 days in advance via email or a notice within the Service.

11.2. Continued use of the Service after the changes take effect constitutes acceptance of the updated Privacy Policy.

§12. Contact

For any questions regarding data protection or to exercise your rights, please contact:

Wojtek Kibitlewski
ul. Śnieżyczek 11A, Katowice
Email: sales@thesignalscout.com

This document is a draft and does not constitute legal advice. We recommend having the content reviewed by a lawyer specializing in data protection before implementation.

← Back to homepage