Privacy Policy

1. Who We Are

GitDealFlow ("we", "us", "our") operates the website gitdealflow.com and signals.gitdealflow.com. We provide GitHub-based engineering momentum signals for investors. Our contact email is signal@gitdealflow.com.

2. Information We Collect

We collect the following information:

• Email address — when you subscribe to the Signal Digest or purchase a plan.
• Payment information — processed securely by Stripe. We never store your card details.
• Usage analytics — we use PostHog to collect anonymous pageview and interaction data to improve the product.

3. How We Use Your Information

• To send you the Signal Digest and drip email sequence you subscribed to.
• To process payments and manage your subscription.
• To improve our website and product based on aggregate usage data.
• To communicate important service updates.

We will never sell, rent, or share your email address with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services to operate:

• Resend — for sending transactional and marketing emails.
• Stripe — for payment processing. See Stripe's privacy policy.
• Vercel — for website hosting.
• PostHog — for product analytics. See PostHog's privacy policy.

5. Cookies and Tracking

We run PostHog in cookieless mode (in-memory persistence only). No cookies or local storage are set on your device. Each page visit is treated as an independent anonymous session. We do not use advertising cookies or trackers.

6. Data Retention

We retain your email address for as long as you are subscribed to our service. If you unsubscribe, we will remove your email from our active mailing list. Payment records are retained as required by applicable tax and accounting laws.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction or deletion of your data.
• Unsubscribe from our emails at any time by replying to any email or contacting us.
• Request a copy of your data in a portable format.

To exercise any of these rights, email signal@gitdealflow.com.

8. Data Security

We take reasonable measures to protect your personal information. All data is transmitted over HTTPS. Payment processing is handled entirely by Stripe's PCI-compliant infrastructure.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify subscribers of any material changes via email. The "last updated" date at the top of this page indicates when this policy was last revised.

10. Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

• Consent: When you voluntarily subscribe to our newsletter or create an account.
• Contractual necessity: When processing is required to deliver paid services you have purchased.
• Legitimate interest: For analytics and service improvement, balanced against your privacy rights.

11. International Data Transfers

Your data may be processed by third-party services located outside the European Economic Area (EEA), including:

• Stripe (payment processing) — United States, certified under EU-U.S. Data Privacy Framework.
• Resend (email delivery) — United States.
• PostHog EU (analytics) — European Union.

Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or adequacy decisions.

12. Your Rights Under GDPR

If you are located in the EEA, you have the following rights:

• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority (e.g., your local Data Protection Authority)

To exercise any of these rights, contact us at signal@gitdealflow.com.

13. Contact

If you have any questions about this privacy policy, contact us at signal@gitdealflow.com.