SaturdaySignal Privacy Policy

Effective Date: February 15, 2026
Last Updated: February 15, 2026
Document Version: 1.0

---

1. Introduction

1.1 About This Privacy Policy

This Privacy Policy ("Policy") describes how Open Channel Media LLC, a Wyoming limited liability company ("Company," "we," "us," or "our"), collects, uses, discloses, retains, and protects your personal information when you access or use the SaturdaySignal.com website, all associated subdomains, and all related services, content, features, and applications (collectively, the "Service").

This Policy applies to all visitors, users, and subscribers ("you," "your," "Subscriber," or "User") of our Service, regardless of how you access it (website, email, mobile device, or any other means).

1.2 Data Controller

For purposes of the General Data Protection Regulation (GDPR) and UK GDPR, Open Channel Media LLC is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data.

Open Channel Media LLC
1712 Pioneer Ave STE 500
Cheyenne, WY 82001
United States
Email: privacy@saturdaysignal.com

We have not appointed a Data Protection Officer (DPO) as we do not meet the threshold requirements under Article 37 of the GDPR (we do not engage in large-scale systematic monitoring or large-scale processing of special category data). For all privacy inquiries, contact privacy@saturdaysignal.com.

1.3 Our Commitment to Your Privacy

We are committed to protecting your privacy and handling your personal information responsibly and transparently. Our privacy practices are guided by the following principles:

• Data Minimization: We collect only the information necessary to provide our Service.
• Purpose Limitation: We use your information only for the purposes disclosed in this Policy.
• Storage Limitation: We retain your information only as long as necessary for the stated purposes.
• Transparency: We clearly disclose what we collect, why, and with whom we share it.
• No Sale of Data: We do not sell your personal information to third parties. We never sell your email address — not to marketers, data brokers, or anyone else, under any circumstances.

1.4 Agreement to This Policy

If you do not agree with any part of this Privacy Policy, you should not access or use the Service.

1.5 Related Documents

This Privacy Policy is incorporated by reference into our Terms of Service and should be read in conjunction with our Disclaimers and Disclosures. Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service. In the event of any conflict between this Privacy Policy and the Terms of Service regarding privacy matters, this Privacy Policy shall control.

1.6 When Providing Information Is Required

Certain information is required to create an account and subscribe to our Service. Specifically:

• Required: Name, email address, password, and payment information are required to create an account and process your subscription.
• Consequences of Not Providing: If you do not provide the required information, you will not be able to create an account or subscribe to our paid Service. You may still access publicly available portions of our website.

---

2. Information We Collect

We collect information in several ways: directly from you when you provide it, automatically when you use our Service, and from third-party service providers who assist us in operating the Service.

2.1 Account Information

When you create an account or subscribe to our Service, we collect:

Data Element	Description	Required
Name	Your first and last name as provided during registration	Yes
Email Address	Your primary email address, used for account access, delivery of stock Picks, and communications	Yes
Password	Your account password, stored in hashed (encrypted) form using industry-standard algorithms; we do not store or have access to your plaintext password	Yes
Subscription Tier	Your current subscription level (Basic or Premium)	Automatic
Account Creation Date	The date and time you created your account	Automatic

2.2 Payment Information

When you subscribe to a paid tier of our Service, payment processing is handled by our third-party payment processor, Stripe, Inc. ("Stripe"). We collect and store:

Data Element	Description	Stored By
Billing Address	Your billing address associated with your payment method	SaturdaySignal
Transaction History	Records of your subscription payments, renewals, refunds, and other transactions	SaturdaySignal
Partial Payment Identifiers	Last four digits of your payment card and card type (e.g., Visa, Mastercard) for your reference	SaturdaySignal
Full Payment Card Data	Full card number, expiration, CVV	Stripe only

We do NOT collect, store, or have access to:

• Full credit card numbers
• Full debit card numbers
• Card verification codes (CVV/CVC)
• Complete bank account numbers
• Card expiration dates

All sensitive payment information is collected and processed directly by Stripe in accordance with Payment Card Industry Data Security Standards (PCI-DSS Level 1). Stripe acts as an independent data controller for payment data it processes. For information on how Stripe handles your payment information, please review Stripe's Privacy Policy.

2.3 Usage Information

We automatically collect certain information about how you interact with our Service:

Data Element	Description
Email Engagement	Open rates and click-through data for emails we send you, collected through standard email service provider tracking mechanisms
Website Activity	Pages visited, features used, links clicked, and navigation patterns on our website
Login Information	Timestamps of when you log into your account and session duration
IP Address	Your Internet Protocol address when you access our website or open our emails
Device Information	Browser type and version, operating system, device type, and screen resolution
Referral Source	How you arrived at our website (e.g., search engine, direct link, referring website)

2.4 Communication Information

We collect information from your communications with us:

• Support Communications: Emails, messages, or other correspondence you send to our support team, including the content of your messages and any attachments
• Survey Responses: Your responses if you choose to participate in optional surveys or feedback requests
• Feedback and Reviews: Any feedback, testimonials, or reviews you voluntarily provide

2.5 Information We Do NOT Collect

For clarity, we do NOT collect:

• Social Security numbers or government identification numbers
• Investment account information or brokerage credentials
• Trading history or portfolio holdings
• Biometric data
• Health or medical information
• Precise geolocation data (beyond what is inferable from IP address)
• Genetic data
• Religious or philosophical beliefs
• Political opinions
• Trade union membership
• Sexual orientation
• Criminal history
• Information from children under 18 years of age

---

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

• Creating, maintaining, and managing your account
• Processing your subscription and payments
• Delivering stock Picks and other content to your email address on our published schedule (Saturdays at approximately 11:00 AM Eastern Time)
• Providing access to the subscriber portal and track record
• Authenticating your identity when you log in
• Responding to your requests, questions, and support inquiries
• Processing refund requests and account cancellations

3.2 Improving and Personalizing the Service

• Analyzing usage patterns to improve the Service and user experience
• Understanding how subscribers engage with our content and emails
• Identifying and fixing technical issues, bugs, and errors
• Developing new features, products, and functionality
• Conducting internal research and analytics

3.3 Communications

• Transactional Emails: Subscription confirmations, payment receipts, renewal reminders, password resets, and account notifications
• Service Emails: Delivery of our weekly stock Picks and related content
• Administrative Emails: Notifying you of material changes to the Service, Terms of Service, or this Privacy Policy; service-related announcements (e.g., scheduled maintenance, security alerts)
• Marketing Emails: Promotional communications about our Service (you may opt out at any time; see Section 8.5)

3.4 Security and Fraud Prevention

• Protecting against unauthorized access to your account
• Detecting and preventing fraud, abuse, and security incidents
• Enforcing our Terms of Service and other policies
• Protecting the rights, property, and safety of Open Channel Media LLC, our users, and others
• Monitoring for and preventing violations of our intellectual property rights

3.5 Legal Compliance

• Complying with applicable laws, regulations, and legal processes
• Responding to lawful requests from public authorities, including law enforcement
• Establishing, exercising, or defending legal claims
• Fulfilling our tax, accounting, and regulatory obligations

3.6 Business Operations

• Analyzing business performance and operational metrics
• Planning business development and strategy
• Processing corporate transactions (e.g., mergers, acquisitions, reorganizations)

---

4. Legal Basis for Processing (GDPR)

If you are located in the European Union (EU), European Economic Area (EEA), or the United Kingdom (UK), we are required to identify the legal basis for processing your personal data under the General Data Protection Regulation (GDPR) or UK GDPR.

4.1 Processing Activities and Legal Bases

Processing Activity	Legal Basis	Explanation
Account creation and management	Contract	Necessary to perform our contract with you (your subscription agreement)
Payment processing	Contract	Necessary to process your subscription payment
Delivering stock Picks and Service content	Contract	Necessary to perform our contract with you
Customer support	Contract	Necessary to perform our contract with you
Transactional emails (receipts, confirmations)	Contract	Necessary to perform our contract with you
Website analytics	Legitimate Interests	To improve our Service and user experience
Email engagement tracking	Legitimate Interests	To understand content effectiveness and optimize delivery
Security and fraud prevention	Legitimate Interests	To protect our Service, users, and business
Marketing to existing subscribers	Legitimate Interests	To promote our Service (subject to your opt-out right)
Marketing to prospective subscribers	Consent	Based on your explicit opt-in consent
Compliance with legal obligations	Legal Obligation	Required by applicable law

4.2 Legitimate Interests Assessment

Where we rely on legitimate interests as the legal basis for processing, we have conducted a balancing test to ensure our interests do not override your fundamental rights and freedoms. Our legitimate interests include:

• Service Improvement: Analyzing how users interact with our Service to identify improvements, fix issues, and develop new features. This benefits both us (better product) and users (improved experience).
• Security: Protecting our Service and users from fraud, abuse, and security threats. This is essential to maintaining a trustworthy service.
• Marketing to Existing Subscribers: Informing current subscribers about our Service, updates, and offerings. This is a reasonable expectation in a subscription relationship. You may opt out at any time without affecting your subscription.

We have determined that these processing activities are necessary for our legitimate interests and that these interests are not overridden by your data protection rights, given:

• The limited nature of data processed
• The security measures we implement
• Your ability to opt out of non-essential processing
• The benefits to you from an improved, secure Service

4.3 Withdrawal of Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time by:

• Clicking "unsubscribe" in any marketing email
• Updating your preferences in your account settings
• Contacting us at privacy@saturdaysignal.com

Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.

---

5. How We Share Your Information

We do not sell your personal information. In particular, we never sell, rent, or trade subscriber email addresses to any third party — not to marketers, data brokers, advertisers, or anyone else. We share your information only in the limited circumstances described below, and none of those circumstances involve selling your data.

5.1 Third-Party Service Providers

We share your information with third-party service providers who perform services on our behalf. These providers are contractually obligated (through Data Processing Agreements where required by law) to:

• Use your information only for the purposes of providing services to us
• Maintain appropriate technical and organizational security measures
• Not sell or disclose your information except as directed by us or required by law
• Delete or return your information upon termination of services

Our service providers and the categories of data shared:

Service Provider	Purpose	Categories of Data Shared
Stripe, Inc.	Payment processing	Billing address, transaction details; Stripe directly collects payment card data
Email Service Provider (e.g., GetResponse or similar)	Email delivery and tracking	Email address, name, email engagement data (opens, clicks)
Google Analytics	Website analytics	IP address (anonymized), device information, website activity (pseudonymized)
Cloudflare, Inc.	Security, CDN, DDoS protection	IP address, traffic data
Cloud Hosting Provider	Website and data hosting	All data stored on our systems

These service providers may use sub-processors to assist in providing services. We maintain a list of approved sub-processors and require our service providers to notify us of any new sub-processors.

For more information about our service providers' privacy practices:

• Stripe: https://stripe.com/privacy
• Google Analytics: https://policies.google.com/privacy
• Cloudflare: https://www.cloudflare.com/privacypolicy/

5.2 Legal Requirements and Protection of Rights

We may disclose your information when we believe in good faith that disclosure is necessary to:

• Comply with applicable law, regulation, legal process, or enforceable governmental request
• Enforce our Terms of Service or other agreements, including investigation of potential violations
• Protect the security or integrity of our Service
• Protect the rights, property, or safety of Open Channel Media LLC, our users, or others
• Detect, prevent, or address fraud, security, or technical issues
• Respond to an emergency involving danger to any person's safety

When legally permitted, we will attempt to notify you of such requests before disclosure.

5.3 Business Transfers

If Open Channel Media LLC is involved in a merger, acquisition, sale of assets, bankruptcy, reorganization, dissolution, or similar transaction, your information may be transferred as part of that transaction. In such event:

• We will notify you via email and/or a prominent notice on our website before your information is transferred
• We will notify you of any change in ownership or uses of your personal information
• We will notify you of any choices you may have regarding your information
• The acquiring entity will be bound by this Privacy Policy until it provides you with notice of any changes

5.4 Aggregated or De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example, we may share statistics about the number of subscribers, general engagement metrics, or demographic trends. This information is not considered personal information under applicable law.

5.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5.6 Information We Do NOT Share

We do NOT share your information with:

• Third-party advertisers
• Data brokers
• Marketing partners or affiliate networks of any kind
• Social media companies for advertising purposes
• Any party for cross-context behavioral advertising

---

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit, which can make it easier to return to the site and make your visit more useful.

6.2 Types of Cookies We Use

Essential Cookies (Strictly Necessary):

• Purpose: Enable core website functionality including security, account authentication, session management, and load balancing
• Duration: Session or up to 1 year
• Opt-out: You cannot opt out of essential cookies while using our Service, as they are required for the website to function

Analytics Cookies:

• Purpose: Help us understand how visitors interact with our website by collecting and reporting information
• Provider: Google Analytics
• Duration: Up to 2 years
• Data Collected: Pages visited, time on site, referral source, device/browser information (IP addresses are anonymized)
• Opt-out: You may opt out via browser settings, Google Analytics opt-out browser add-on, or our cookie preference center

Preference Cookies (Functional):

• Purpose: Remember choices you make (such as language preference, login status, or region) to provide a more personalized experience
• Duration: Up to 1 year
• Opt-out: You may opt out via browser settings, but this may affect website functionality

6.3 Cookies We Do NOT Use

We do NOT use:

• Third-party advertising cookies
• Social media tracking cookies
• Cross-site tracking cookies for advertising purposes
• Retargeting or remarketing cookies
• Cookies that sell or share your data with advertisers

6.4 Cookie Consent (EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or United Kingdom, we will request your consent before placing non-essential cookies on your device, in compliance with the ePrivacy Directive (Cookie Law) and GDPR. You may manage your cookie preferences at any time through our cookie consent banner or by contacting us.

6.5 Email Tracking

Our email service provider uses standard tracking technologies to measure email engagement:

• Open Tracking: We track whether you open our emails using a small transparent image (pixel) that loads when the email is opened. This helps us understand engagement and optimize delivery times.
• Click Tracking: We track which links you click in our emails by routing clicks through our email service provider. This helps us understand which content is most valuable to subscribers.

What We Do NOT Do:

• We do NOT use tracking pixels that share data with third-party advertisers
• We do NOT build behavioral profiles for advertising purposes
• We do NOT sell email engagement data

Email tracking is used solely to improve our Service and communications.

6.6 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can typically:

• View what cookies are stored on your device
• Delete individual cookies or all cookies
• Block third-party cookies
• Block cookies from particular sites
• Block all cookies
• Delete all cookies when you close your browser

Browser-Specific Instructions:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Options > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy, Search, and Services > Cookies

Please note that if you disable or block essential cookies, some features of our Service may not function properly.

For more information about managing cookies, visit www.allaboutcookies.org.

6.7 Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites you visit, indicating that you do not want to be tracked. There is currently no industry-standard interpretation of DNT signals for websites. Our Service does not currently respond to DNT signals, but we do not engage in cross-site tracking for advertising purposes regardless of DNT settings. You can manage your privacy preferences through browser cookie settings as described above.

6.8 Global Privacy Control

We honor Global Privacy Control (GPC) signals as a valid opt-out request under the California Consumer Privacy Act (CCPA). If your browser sends a GPC signal, we will treat this as a request to opt out of the sale or sharing of personal information, though we do not sell or share personal information as defined by the CCPA.

---

7. Data Retention

7.1 Retention Principles

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:

• The purposes for which we collected the information
• The nature and sensitivity of the information
• Legal, regulatory, tax, and accounting requirements
• The need to defend or establish legal claims
• Business operational needs

7.2 Retention Periods by Data Category

Data Category	Retention Period	Basis
Account Information (name, email, password hash, subscription tier)	Duration of active account + 30 days after deletion request	Contract performance; deletion upon request
Payment Information (billing address, transaction history, partial card data)	7 years after last transaction	Tax, accounting, and financial reporting obligations (IRS requirements)
Usage Information (website activity, login timestamps, IP addresses)	26 months from collection	Analytics purposes; aligned with Google Analytics retention
Email Engagement Data (opens, clicks)	3 years from collection	Service improvement; marketing optimization
Support Communications	3 years after last interaction	Service quality; dispute resolution
Survey Responses	3 years from collection	Service improvement

7.3 Active vs. Closed Accounts

Active Accounts:
We retain your account information and associated data for as long as your account remains active and you maintain an active subscription or within a reasonable period after subscription expiration (to facilitate resubscription).

Closed Accounts:
Upon account deletion request:

• We will delete or anonymize your personal information within thirty (30) days
• Payment and transaction records are retained for 7 years as required by tax law
• Anonymized or aggregated data may be retained indefinitely

7.4 Legal Holds

We may retain information beyond standard retention periods if:

• Required for pending or anticipated litigation
• Required for regulatory investigation
• Required to comply with legal obligations
• Necessary to protect our legal rights

7.5 Anonymization

Where possible, we may anonymize your personal information instead of deleting it, so that it can no longer be used to identify you. Anonymization involves removing or altering identifying elements such that the data cannot be linked back to you, even when combined with other data. Anonymized data may be retained indefinitely for analytical, statistical, and business purposes.

---

8. Your Rights (All Users)

Regardless of your location, we provide all users with the following rights regarding their personal information:

8.1 Access Your Information

You have the right to request access to the personal information we hold about you. This includes:

• The categories of personal information we have collected
• The specific pieces of personal information we have collected
• The sources of that information
• The purposes for collection
• The categories of third parties with whom we share information

You can view much of this information directly through your account dashboard.

8.2 Correct Your Information

You have the right to correct inaccurate or incomplete personal information. You can update your name, email address, and password directly through your account settings. For other corrections, please contact us at privacy@saturdaysignal.com.

8.3 Delete Your Account and Data

You have the right to delete your account and personal information. You may request account deletion by:

• Self-Service: Logging into your account and navigating to Account Settings > Delete Account
• Email: Contacting us at privacy@saturdaysignal.com with subject line "Account Deletion Request"

Upon receiving a valid deletion request:

• We will verify your identity (see Section 8.9)
• We will delete your account and personal information within thirty (30) days
• We will retain only information we are legally required to keep (e.g., payment records for tax purposes)
• We will send confirmation when deletion is complete

8.4 Data Portability

You have the right to request a copy of your personal information in a structured, commonly used, machine-readable format (such as CSV or JSON). To request a data export:

• Email: privacy@saturdaysignal.com with subject line "Data Export Request"
• We will provide your data within 30 days of verified request

8.5 Unsubscribe from Marketing

You have the right to unsubscribe from marketing communications at any time by:

• Email Unsubscribe: Clicking the "unsubscribe" link at the bottom of any marketing email
• Account Settings: Updating your communication preferences in your account settings
• Email: Contacting us at privacy@saturdaysignal.com

We will process unsubscribe requests within ten (10) business days in compliance with CAN-SPAM.

Important Distinction:

• Marketing Emails: Promotional content about our Service (you may opt out)
• Transactional Emails: Emails necessary for the operation of your account (subscription confirmations, payment receipts, renewal reminders, security alerts, service-related notices) — these will continue while your account is active
• Stock Pick Emails: Delivery of the Service you subscribed to — these will continue while your subscription is active

To stop all communications, you must close your account.

8.6 Withdraw Consent

Where we process your information based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing performed before withdrawal.

8.7 Object to Processing

You have the right to object to certain processing of your personal information, including:

• Processing based on legitimate interests
• Processing for direct marketing purposes

See Section 9 (GDPR) for details on how we handle objections.

8.8 Restrict Processing

In certain circumstances, you have the right to request that we restrict processing of your personal information. See Section 9 (GDPR) for details.

8.9 Identity Verification

To protect your privacy, we must verify your identity before processing access, correction, deletion, or portability requests. Verification methods may include:

• Confirming information that matches our records (email address, account details)
• Requiring you to submit the request from the email address associated with your account
• For sensitive requests, requiring additional verification (such as confirming recent transaction details)

If you use an authorized agent to submit a request on your behalf, we may require:

• Signed written authorization from you
• Verification of the agent's identity
• Direct verification with you that you authorized the agent

8.10 Response Timeframes

We will respond to privacy-related requests within thirty (30) days, or within the timeframe required by applicable law (see jurisdiction-specific sections below).

8.11 Accessibility

If you have a disability and need assistance submitting a privacy request, please contact us at privacy@saturdaysignal.com and we will provide reasonable accommodations.

8.12 No Retaliation

We will not discriminate against you or retaliate in any way for exercising your privacy rights.

---

9. Your Rights Under GDPR (EU/EEA and UK Residents)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR.

9.1 Additional Rights Summary

In addition to the rights listed in Section 8, you have the following rights under GDPR:

Right	Description
Right to Restriction	Request that we restrict processing of your personal data in certain circumstances
Right to Object	Object to processing based on legitimate interests or for direct marketing
Right Not to Be Subject to Automated Decision-Making	Not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects
Right to Lodge a Complaint	File a complaint with your local data protection authority

9.2 Right to Object

Objection to Legitimate Interests Processing:
You have the right to object at any time to processing of your personal data based on legitimate interests (Article 6(1)(f)). Upon receiving your objection:

• We will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, OR
• Processing is necessary for the establishment, exercise, or defense of legal claims

Objection to Direct Marketing:
You have the absolute right to object to processing for direct marketing purposes at any time. Upon receiving your objection, we will immediately cease processing your data for direct marketing. No justification is required, and we cannot refuse.

9.3 Right to Restriction

You may request restriction of processing if:

• You contest the accuracy of your personal data (restriction during the period we verify accuracy)
• The processing is unlawful, but you oppose deletion and request restriction instead
• We no longer need the data, but you require it for establishment, exercise, or defense of legal claims
• You have objected to processing pending verification of whether our legitimate grounds override yours

When processing is restricted, we may only store the data (not process it) unless you consent, or processing is necessary for legal claims, protection of another person's rights, or important public interest.

9.4 Exercising Your GDPR Rights

To exercise any of your GDPR rights, please contact us at:

Email: privacy@saturdaysignal.com
Mail: Open Channel Media LLC, Attn: Privacy/GDPR, 1712 Pioneer Ave STE 500, Cheyenne, WY 82001

Response Timeframes:

• We will respond within one (1) month of receipt of your request
• This period may be extended by two (2) additional months where necessary, taking into account the complexity and number of requests
• If we extend the deadline, we will notify you within one month of receipt, explaining the reasons for the delay

No Fee (Usually):
We will process your request free of charge. However, we may charge a reasonable fee or refuse to act on the request if it is manifestly unfounded or excessive, particularly if repetitive.

9.5 Right to Lodge a Complaint

If you believe we have violated your rights under GDPR, you have the right to lodge a complaint with a supervisory authority. You may complain to:

• The supervisory authority in the EU/EEA member state where you reside
• The supervisory authority in the EU/EEA member state where you work
• The supervisory authority in the EU/EEA member state where the alleged infringement occurred

For UK Residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

We encourage you to contact us first at privacy@saturdaysignal.com so we can address your concerns directly.

9.6 UK-Specific Provisions

Following the UK's departure from the European Union, UK residents are protected by the UK GDPR (the GDPR as incorporated into UK law) and the Data Protection Act 2018. Your rights under the UK GDPR are substantially similar to those under the EU GDPR as described in this section.

For international transfers from the UK, we rely on:

• UK International Data Transfer Agreement (UK IDTA)
• UK Addendum to EU Standard Contractual Clauses

---

10. Your Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

10.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information:

Category	Examples	Collected	Sold	Shared
A. Identifiers	Name, email address, IP address, account name, unique personal identifier	Yes	No	No
B. Personal Information (Cal. Civ. Code § 1798.80)	Name, address, payment card information (partial)	Yes	No	No
C. Protected Classification Characteristics	Age (only to verify 18+), nothing else	Minimal	No	No
D. Commercial Information	Products purchased, transaction history, subscription tier	Yes	No	No
E. Biometric Information	N/A	No	No	No
F. Internet/Network Activity	Browsing history, website interactions, email engagement	Yes	No	No
G. Geolocation Data	Approximate location inferred from IP address	Yes	No	No
H. Sensory Data	N/A	No	No	No
I. Professional/Employment Information	N/A	No	No	No
J. Education Information	N/A	No	No	No
K. Inferences	Preferences and characteristics drawn from above data	Yes	No	No
L. Sensitive Personal Information	N/A	No	No	No

We have NOT sold or shared any personal information in the preceding 12 months.

10.2 Retention Periods by Category (CPRA Requirement)

Category	Retention Period
A. Identifiers	Duration of account + 30 days; 7 years for billing-related identifiers
B. Personal Information	Duration of account + 30 days; 7 years for billing/payment data
D. Commercial Information	7 years
F. Internet/Network Activity	26 months
G. Geolocation Data	26 months
K. Inferences	26 months

10.3 Sources of Personal Information

We collect personal information from:

• Directly from you: When you create an account, subscribe, contact support, or otherwise provide information
• Automatically: Through cookies, pixels, and similar technologies when you use our Service
• From service providers: Payment confirmation from Stripe; delivery confirmation from email service provider

10.4 Purposes for Collection and Use

We collect and use personal information for the business and commercial purposes described in Section 3, including:

• Providing and operating the Service (Business Purpose)
• Processing payments (Business Purpose)
• Customer support (Business Purpose)
• Website analytics and improvement (Business Purpose)
• Marketing our Service (Commercial Purpose—you may opt out)
• Security and fraud prevention (Business Purpose)
• Legal compliance (Business Purpose)

10.5 Categories of Third Parties

We disclose personal information to the following categories of third parties for business purposes:

Category of Third Party	Categories of PI Disclosed	Purpose
Payment Processors	Identifiers, Commercial Information	Payment processing
Email Service Providers	Identifiers (email, name), Internet Activity	Email delivery
Analytics Providers	Internet Activity, Geolocation (approximate), Identifiers (IP, device)	Website analytics
Security Providers	Identifiers (IP), Internet Activity	Security, CDN
Cloud Hosting Providers	All categories stored in our systems	Data hosting

10.6 Your California Privacy Rights

Right to Know (Access):
You have the right to request that we disclose:

• The categories of personal information we collected
• The categories of sources from which we collected
• The business or commercial purpose for collection or selling
• The categories of third parties with whom we share
• The specific pieces of personal information we collected about you

Right to Delete:
You have the right to request deletion of your personal information, subject to certain exceptions, including:

• Completing a transaction or providing a service you requested
• Security purposes
• Compliance with legal obligations
• Internal uses reasonably aligned with your expectations

Right to Correct:
You have the right to request correction of inaccurate personal information.

Right to Data Portability:
You have the right to receive your personal information in a portable, readily usable format that allows you to transmit it to another entity.

Right to Opt Out of Sale or Sharing:
You have the right to opt out of the sale or sharing of your personal information. We do NOT sell or share your personal information as those terms are defined under the CCPA/CPRA, so there is nothing to opt out of.

Right to Limit Use of Sensitive Personal Information:
We do not collect sensitive personal information as defined by the CCPA/CPRA, so this right does not apply.

Right to Non-Discrimination:
We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by:

• Denying goods or services
• Charging different prices or rates
• Providing a different level or quality of service
• Suggesting you will receive different treatment

10.7 Exercising Your California Rights

Methods to Submit Requests:

• Email: privacy@saturdaysignal.com (include "California Privacy Request" in subject line)
• Mail: Open Channel Media LLC, Attn: Privacy/CCPA, 1712 Pioneer Ave STE 500, Cheyenne, WY 82001

Verification:
We will verify your identity before processing your request by:

• Matching information you provide with information we have on file
• Requiring you to submit the request from your account email address
• For deletion requests or requests for sensitive information, requiring additional verification

Authorized Agents:
You may authorize an agent to submit a request on your behalf. We require:

• Written permission signed by you, OR
• Power of attorney under California Probate Code
• We may also contact you directly to verify the request

Response Timeframes:

• We will confirm receipt within 10 business days
• We will respond to your request within 45 days
• This period may be extended by an additional 45 days where reasonably necessary, with notice to you

10.8 California Shine the Light (Civil Code § 1798.83)

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes.

We do not disclose personal information to third parties for their direct marketing purposes.

10.9 Financial Incentives

We do not offer financial incentives, price differences, or service differences in exchange for the retention, sale, or deletion of personal information.

10.10 Minors Under 16

We do not knowingly collect personal information from minors under 16 years of age. We do not sell or share personal information of consumers under 16 years of age.

---

11. Your Rights Under Other State Laws

11.1 Nevada Residents (SB 220)

Nevada residents have the right to opt out of the sale of certain covered information. Although we do not sell your personal information as defined by Nevada law, you may submit an opt-out request to privacy@saturdaysignal.com. We will respond within 60 days.

11.2 Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act (VCDPA), including:

• Right to access, correct, and delete personal data
• Right to data portability
• Right to opt out of targeted advertising, sale of personal data, and profiling

We do not sell personal data, engage in targeted advertising as defined by the VCDPA, or engage in profiling for decisions producing legal or similarly significant effects. To exercise your rights, contact privacy@saturdaysignal.com.

11.3 Colorado Residents (CPA)

Colorado residents have rights under the Colorado Privacy Act (CPA) similar to those described for Virginia residents above. To exercise your rights, contact privacy@saturdaysignal.com.

11.4 Connecticut Residents (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act (CTDPA) similar to those described for Virginia residents above. To exercise your rights, contact privacy@saturdaysignal.com.

11.5 Other States

As additional state privacy laws take effect, we will update this Policy to address residents' rights under those laws. Contact us at privacy@saturdaysignal.com for information about your rights.

---

12. Do Not Sell or Share My Personal Information

12.1 Our Commitment

We do NOT sell your personal information. We have never sold personal information, and we have no plans to do so. This includes your email address, which we will never sell, rent, or trade to any third party under any circumstances.

We do NOT share your personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

These commitments apply regardless of whether you are a California resident or resident of any other jurisdiction.

12.2 Definitions

Under the CCPA/CPRA:

• "Sale" means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information for monetary or other valuable consideration.
• "Sharing" means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating personal information for cross-context behavioral advertising.

Our service provider relationships do NOT constitute "sales" or "sharing" because:

• Service providers process data only on our behalf
• Service providers are contractually prohibited from using data for their own purposes
• Service providers are contractually prohibited from selling or sharing the data

12.3 Third-Party Advertising

We do NOT run third-party advertising on our website or in our emails. We do NOT share your information with advertisers or advertising networks. We do NOT engage in behavioral advertising, retargeting, or remarketing.

12.4 Data Broker Registrations

We are NOT registered as a data broker in California, Vermont, or any other jurisdiction, because we do not engage in the sale of personal information.

---

13. Data Security

13.1 Security Measures

We implement and maintain appropriate technical and organizational security measures designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

Technical Safeguards:

• Encryption of data in transit using TLS 1.2+ / SSL protocols
• Encryption of sensitive data at rest using AES-256 or equivalent
• Secure password hashing using bcrypt or Argon2 algorithms
• Regular security assessments, penetration testing, and vulnerability scanning
• Firewall protection and intrusion detection/prevention systems
• DDoS protection through Cloudflare
• Secure software development practices
• Regular security patches and updates

Organizational Safeguards:

• Access controls limiting employee access to personal information on a need-to-know basis
• Role-based access control (RBAC)
• Employee background checks for personnel with data access
• Employee training on data protection, security practices, and incident response
• Incident response procedures for potential security breaches
• Business continuity and disaster recovery planning
• Contractual requirements for third-party service providers to maintain appropriate security (including Data Processing Agreements where required)

13.2 Payment Security

All payment transactions are processed through Stripe, which is certified as a PCI Level 1 Service Provider, the most stringent level of certification in the payment card industry. We do not process, store, or transmit cardholder data ourselves, which reduces our PCI scope.

13.3 No Guarantee of Security

While we implement commercially reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of your personal information. You acknowledge that:

• You provide personal information at your own risk
• We are not responsible for circumvention of any security measures
• You are responsible for maintaining the confidentiality of your account credentials

13.4 Your Security Responsibilities

You can help protect your account by:

• Choosing a strong, unique password
• Not sharing your password with anyone
• Logging out after each session on shared devices
• Notifying us immediately at support@saturdaysignal.com if you suspect unauthorized access

13.5 Security Breach Notification

In the event of a security breach that affects your personal information:

• We will investigate the incident promptly
• We will notify affected individuals in accordance with applicable law
• We will notify relevant regulatory authorities where required
• Notification may be by email, posted notice on our website, or other appropriate means

Notification Timeframes:

• GDPR: Without undue delay and where feasible within 72 hours of becoming aware
• CCPA: In the most expedient time possible and without unreasonable delay
• Other state laws: As required by applicable state breach notification statutes

---

14. International Data Transfers

14.1 Location of Data Processing

Open Channel Media LLC is based in the United States. Your personal information is transferred to, stored, and processed in the United States, where our servers, offices, and service providers are located.

14.2 Transfers from EU/EEA

If you are located in the European Union or European Economic Area, please be aware that your personal information will be transferred to the United States, which the European Commission has not determined provides an adequate level of data protection.

To ensure appropriate safeguards for international transfers, we rely on:

Standard Contractual Clauses (SCCs):
We use the Standard Contractual Clauses approved by the European Commission (Commission Implementing Decision (EU) 2021/914) for transfers of personal data to third countries. These clauses impose contractual obligations on both the data exporter (us) and the data importer to protect your data.

Supplementary Measures:
In accordance with the Schrems II decision (Case C-311/18), we have implemented supplementary measures where necessary, including:

• Technical measures (encryption in transit and at rest)
• Organizational measures (access controls, employee training)
• Assessment of destination country laws

14.3 Transfers from the UK

For transfers of personal data from the United Kingdom, we rely on:

• UK International Data Transfer Agreement (IDTA): Where required, we enter into the UK IDTA approved by the UK Information Commissioner's Office
• UK Addendum to EU SCCs: We use the International Data Transfer Addendum to the EU SCCs for transfers to third countries

14.4 Service Provider Safeguards

Our third-party service providers maintain appropriate data protection safeguards:

Service Provider	Transfer Mechanism
Stripe	SCCs, Binding Corporate Rules
Google (Analytics)	SCCs, additional safeguards
Cloudflare	SCCs
Email Service Provider	SCCs or equivalent

14.5 Your Consent

By using our Service, you acknowledge that your personal information will be transferred to the United States and processed there. If you do not consent to this transfer, you should not use our Service.

---

15. Children's Privacy

15.1 Age Requirement

The Service is intended for individuals who are at least eighteen (18) years of age. We do not knowingly collect, use, or disclose personal information from anyone under the age of eighteen (18).

15.2 COPPA Compliance

We do not knowingly collect personal information from children under the age of thirteen (13) as defined by the Children's Online Privacy Protection Act (COPPA).

If you are a parent or guardian and believe that your child under the age of 13 has provided personal information to us without your consent, please contact us immediately at privacy@saturdaysignal.com. We will:

• Investigate the matter promptly
• Delete the child's personal information from our systems
• Take steps to prevent future collection from children

15.3 Parental Notice

If you are a parent or guardian and believe that your child between the ages of 13 and 18 has provided personal information to us, please contact us at privacy@saturdaysignal.com. We will work with you to address your concerns.

15.4 California Minors

We do not knowingly collect personal information from California residents under 16 years of age. We do not sell or share personal information of consumers under 16 years of age.

---

16. Third-Party Links

16.1 External Websites

Our Service may contain links to third-party websites, services, or applications that are not operated or controlled by us. Examples include:

• Links to brokerage websites
• Links to news articles or financial publications
• Links to regulatory websites (SEC, FINRA)
• Links to service provider websites

This Privacy Policy does not apply to any third-party websites or services.

16.2 Third-Party Practices

We are not responsible for the privacy practices, content, or security of any third-party websites or services. We encourage you to review the privacy policies of any third-party websites or services before providing them with your personal information.

16.3 Social Media

Our website may include links to our social media profiles. Interactions with social media platforms are governed by the privacy policies of those platforms. We do not collect personal information through social media plugins on our website, and we do not use social login functionality.

---

17. Automated Decision-Making

17.1 Our Practices

We do NOT engage in automated decision-making, including profiling, that produces legal effects or similarly significant effects on you.

Specifically:

• We do not use algorithms to make decisions about your eligibility for services
• We do not use automated systems to determine pricing for you individually
• We do not use profiling to make decisions that significantly affect you

17.2 Limited Automated Processing

We use limited automated processing for:

• Fraud Detection: Automated systems may flag suspicious activity for manual review
• Email Delivery: Automated systems deliver emails and track engagement
• Website Analytics: Automated systems collect and analyze usage data

None of these automated processes produce legal effects or similarly significant effects on individuals. All significant decisions (such as account termination) involve human review.

17.3 Your Rights

Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you. Since we do not engage in such processing, this right is satisfied by our practices.

---

18. Changes to This Privacy Policy

18.1 Right to Modify

We reserve the right to modify, amend, or update this Privacy Policy at any time in our sole discretion to reflect changes in:

• Our data practices
• Applicable laws and regulations
• Our Service offerings
• Industry best practices

18.2 Notice of Material Changes

If we make material changes to this Privacy Policy, we will:

• Post the updated Privacy Policy on our website with a revised "Last Updated" date
• Update the Document Version number
• Notify you by email at least thirty (30) days before the changes take effect

Material changes include, but are not limited to:

• Changes to the categories of personal information collected
• Changes to how we use your information
• Changes to how we share your information
• Changes that reduce your privacy rights
• Introduction of new data processing activities

18.3 Acceptance of Changes

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the modified Privacy Policy. If you do not agree to the modified Privacy Policy, you must stop using the Service and may close your account.

18.4 Non-Material Changes

For non-material changes (e.g., typographical corrections, clarifications, updates to contact information), we may update this Privacy Policy at any time without prior notice. The "Last Updated" date at the top of this Privacy Policy indicates when it was last revised.

18.5 Prior Versions

Upon request, we will provide you with prior versions of this Privacy Policy.

---

19. Dispute Resolution and Governing Law

19.1 Governing Law

This Privacy Policy and any disputes arising out of or related to this Policy or our privacy practices shall be governed by and construed in accordance with the laws of the State of Wyoming, without regard to its conflict of laws principles.

19.2 Incorporation of Terms of Service Dispute Resolution

Any dispute arising out of or related to this Privacy Policy is subject to the Dispute Resolution and Arbitration provisions set forth in Section 14 of our Terms of Service, which are incorporated herein by reference.

This includes:

• The binding arbitration agreement
• The class action waiver
• The jury trial waiver
• The opt-out provisions

You have the right to opt out of arbitration within thirty (30) days of accepting our Terms of Service. See Section 14.8 of the Terms of Service for details.

19.3 GDPR Exception

For users located in the EU/EEA/UK, nothing in this section limits your right to:

• Lodge a complaint with a supervisory authority
• Seek judicial remedy before courts of the Member State where you reside or work
• Bring claims under GDPR in courts of the Member State where the alleged infringement occurred

19.4 Jurisdiction

For any claims not subject to arbitration and not covered by GDPR exceptions, you agree to submit to the exclusive personal jurisdiction and venue of the state and federal courts located in Laramie County, Wyoming.

---

20. Contact Us

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or our privacy practices, please contact us:

Open Channel Media LLC

Address:
1712 Pioneer Ave STE 500
Cheyenne, WY 82001
United States

Privacy Inquiries: privacy@saturdaysignal.com
General Support: support@saturdaysignal.com

Website: https://saturdaysignal.com

Response Timeframes:

• General privacy inquiries: Within 30 days
• GDPR requests: Within 1 month (extendable by 2 months)
• CCPA requests: Within 45 days (extendable by 45 days)
• Other requests: Within the timeframe required by applicable law

We are committed to resolving privacy concerns. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority (see Section 9.5).

---

21. Acknowledgment

---

© 2024–2026 Open Channel Media LLC. All Rights Reserved.

SaturdaySignal® is a trademark of Open Channel Media LLC.