Privacy Policy

Personal Information

When you create an account or use SignalRoster, we collect information you provide directly, including:

• Name, email address, and phone number
• Profile information including resume, work history, and skills
• Job preferences, salary expectations, and location
• Account credentials and authentication information
• Payment information for subscription services (processed securely by Stripe)

Usage Data

We automatically collect information about your interactions with SignalRoster:

• Pages visited, time spent on the platform, and features used
• Job applications, matches viewed, and communication history
• Search queries and profile views
• Error reports and debugging information

Device Information

When you access SignalRoster, we collect:

• IP address and browser type
• Operating system and device type
• Mobile device identifiers (if applicable)
• General location data based on IP address

Cookies and Tracking

We use cookies, web beacons, and similar tracking technologies to remember your preferences, improve your experience, and analyze how you use SignalRoster. You can manage your cookie preferences at any time via the cookie banner (accessible from any page). See Section 6 for a full list of the analytics and advertising services we use and how to opt out.

Service Providers

We share information with third-party service providers who assist us with payment processing (Stripe), email delivery, data storage, analytics, and customer support. These providers are contractually obligated to use your information only to provide services to us.

Job Matching and Recruitment

When you apply for jobs or match with opportunities on our platform, we share relevant profile information with employers and recruiters to facilitate the hiring process. You control what information is visible in your profile.

Aggregated and De-identified Data

We may use and share aggregated or anonymized data that cannot reasonably be used to identify you for research, marketing, and analytics purposes.

Legal Requirements

We may disclose information when required by law, court order, or government request, or when necessary to protect the rights, safety, and property of SignalRoster, our users, and the public.

Business Transactions

If SignalRoster is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

Access

You have the right to request access to the personal information we hold about you.

Correction

You can update, correct, or modify your profile information at any time through your account settings.

Deletion

You have the right to request deletion of your account and associated personal data. Some information may be retained for legal or operational reasons.

Data Portability

You can request a copy of your personal information in a commonly used, machine-readable format.

Opt-Out

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or adjusting your notification preferences.

Essential

Required for the platform to function: authentication, session management, security (CSRF protection, rate limiting), and your cookie-consent decision itself. These cannot be disabled.

Analytics

Help us understand which pages and features work. Denied by default — only loaded if you accept.

• Google Analytics 4 — aggregate page views, session duration, funnel conversion. Uses Google Consent Mode v2, so analytics are measured without identifying cookies when you decline.
• First-party activity log — we record anonymized session events (path visited, referrer, UTM parameters) in our own database to measure product usage. Tied to your account only if you are signed in.

Marketing / Advertising

Let us measure whether our ads work. Denied by default — only loaded if you accept.

• Meta (Facebook) Pixel — browser-side tag that tells Meta you visited SignalRoster and whether you completed a signup, so we can attribute ad spend. Sets _fbp and, if you arrived from a Meta ad, _fbc.
• Meta Conversions API (server-side) — after you sign up, we also send a hashed copy of the conversion event directly from our server to Meta. This is the same information as the Pixel, sent a different way, to help Meta match your conversion to the ad you saw. Your email, first name, last name, IP, user agent, and _fbp/_fbc cookies are SHA-256 hashed before they leave our server; Meta only ever receives the hash, not the original value. A shared event ID prevents double-counting with the browser Pixel.
• Google Ads — conversion tracking tag. Like Meta, records that a signup happened so we can measure ad performance.

If you reject this category, we still count you in our own analytics, but we do not send any event to Meta or Google Ads.

Error and performance monitoring

When the app crashes, an anonymized error report (stack trace, URL, browser type) is captured to our self-hosted monitoring instance so we can diagnose the bug. We do not log the content of your forms or your personal information in error reports. This is considered essential for site reliability.

Stripe (payments)

Payment processing. Card data is entered on Stripe-controlled fields and never touches our servers. We receive only a customer ID and payment status.

Google (analytics & advertising)

Google Analytics 4 (usage analytics) and Google Ads (conversion tracking). Subject to your cookie-banner choice. See Section 6.

Meta / Facebook (advertising)

Meta Pixel (browser) and Meta Conversions API (server). Used to attribute ad spend to signups. Personal data sent via the Conversions API is SHA-256 hashed before leaving our server. Subject to your cookie-banner choice. See Section 6.

OpenAI (AI features)

When you use an AI-powered feature (resume writer, interview practice, skill matching, etc.), the specific prompt and any content you submit are sent to OpenAI's API to generate the response. Under OpenAI's API terms, this data is not used to train their models. We do not send your full profile — only the content needed for the feature you invoked.

Geolocation lookup

Your IP address is looked up against a geolocation service (currently ip-api.com) to derive approximate country/city. Only the IP is sent; we do not share any other information.

Email delivery (SMTP)

Transactional email (verification, password reset, job alerts) is sent via a standard SMTP provider. The email recipient, subject, and body are handled by that provider for delivery.

Self-hosted error monitoring

Crash reports go to our own infrastructure (GlitchTip, Sentry-compatible). No third party receives these reports.

Job Board APIs

We may integrate with third-party job boards to help match you with opportunities. Information shared with these services is limited to what's necessary for the integration to function.

External Links

SignalRoster may contain links to third-party websites. We're not responsible for their privacy practices. We encourage you to review their privacy policies before sharing information.