Comprehensive Privacy Policy

1. Introduction & Scope

Catalytic Signal ("we," "our," or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This Privacy Policy governs the data collection, processing, and usage practices for our website, our Vanguard Leads browser extension, and our AI Signal Score API (collectively, the "Services").

Critical Distinction: This policy clearly differentiates between "Customer Data" (information belonging to the users who subscribe to our Services) and "Extracted Public Data" (business contact information retrieved from public sources via our engine).

2. Information We Collect

2.1 Customer Data (Your Information)

When you register an account, we collect:

• Identity Data: First name, last name, and corporate email address.
• Financial Data: Processed securely via our payment gateway (Stripe). We do not store full credit card numbers on our servers.
• Technical Data: IP addresses, browser types, operating systems, and authentication tokens via Supabase.
• Usage Data: Metrics on how you interact with our Services, including API call volume, extension activation frequency, and interface preferences.

2.2 Extracted Public Data (Lead Information)

Our Vanguard Leads extension operates strictly on the client-side. When actively triggered by a Customer, the engine extracts publicly available professional information, which may include:

• Publicly stated names, current job titles, and employment history.
• Publicly stated educational background and professional certifications.
• Corporate metadata (Company name, headcount, industry classification).

Note: We do not extract, process, or store private messages, hidden contact details, or data behind explicit non-public authentication barriers.

3. How We Use the Information

We use the collected data for the following operational purposes:

• Service Delivery: To authenticate your account, process payments, and provide access to the Command Center dashboard.
• The Global Data Moat (Hashing): Extracted Public Data is converted into cryptographic hashes (e.g., MD5). We use these anonymous hashes to cross-reference our Global Cache, preventing duplicate API calls and reducing proxy costs across our user base.
• AI Gatekeeper Analysis: Extracted textual data is piped through our Large Language Model (LLM) infrastructure to generate a "Signal Score." We do not use Customer Data or Extracted Public Data to train our foundational AI models.
• Security & Fraud Prevention: To monitor for unusual activity, prevent abuse of our API, and ensure compliance with our Terms of Service.

4. Data Sharing & Third-Party Subprocessors

We do not sell your personal Customer Data to data brokers. We share data only with trusted infrastructure partners required to operate the Services:

5. Data Retention & Deletion

Customer Data: Retained for as long as your account is active. Upon account deletion, your personal data is purged from our active databases within 30 days.

Extracted Data: Processed temporarily for AI evaluation. Hashed identifiers remain in our Global Cache to fulfill the technical requirements of the deduplication engine.

6. Your Privacy Rights (CCPA & International)

Depending on your jurisdiction (such as California under the CCPA/CPRA), you may have the right to:

• Request access to the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your personal data.
• Opt-out of the "sale" or "sharing" of personal information (Note: Catalytic Signal does not sell Customer Data).

For individuals residing in the European Economic Area (EEA) or the United Kingdom, please refer to our dedicated GDPR Compliance Page for specific information regarding your rights under European law.