1. Overview

FieldCrest Ventures LLC ("Company," "we," "us," or "our") operates the Signa platform ("Service"). This Privacy Policy describes how we collect, use, store, disclose, and protect information in connection with your access to and use of the Service, including access via web interface, API, Model Context Protocol (MCP), or any Agent-to-Agent (A2A) integration.

2. Information We Collect

2.1 Account and Registration Information

When you create an account, we may collect full name, email address, password (stored encrypted — we do not store plaintext passwords), phone number (for two-factor verification), and organization or firm name.

2.2 Usage and Activity Data

We automatically collect information about how you interact with the Service, including pages viewed, features accessed, Signal Outputs interacted with, timestamps and session activity, clickstream data, filter selections, screener parameters, and watchlist configurations.

2.3 Technical and Device Information

We may collect IP address and geographic region, browser type and version, device type and operating system, User-Agent string, and referring URLs and entry points.

2.4 API and Programmatic Access Data

If you access the Service via API, MCP Server, or any programmatic channel, we collect API keys and associated metadata (Agent-ID, User-Agent header), complete request logs including endpoint accessed, HTTP method, response status, and timestamp, usage patterns and request velocity, and any error codes generated by your requests. This telemetry data is used for security monitoring, abuse detection, rate limit enforcement, and compliance verification. You consent to this collection as a condition of programmatic access.

2.5 Broker and Third-Party Integration Data

If you connect third-party broker platforms (Alpaca, tastytrade, Coinbase Advanced Trade), we may collect connection status and integration configuration, account identifiers provided by the third-party platform, and API tokens or credentials, which are stored using industry-standard encryption. We do not control data collected by third-party brokers and are not responsible for their privacy practices.

2.6 Payment Information

Payments are processed by Stripe, Inc. We do not store full credit card numbers. We may retain billing status, subscription tier, transaction metadata, and Stripe customer ID.

2.7 Communications and Support

We collect information you provide when contacting support, submitting inquiries, or engaging in enterprise discussions.

3. How We Use Information

We use collected information to: operate, maintain, and secure the Service; authenticate users; provide features and deliver Signal Outputs; monitor for abuse, fraud, and unauthorized access; improve platform performance and signal quality; develop new features; enforce our Terms of Use; communicate with users regarding accounts and security; and comply with legal obligations.

4. AI, Analytics, and Model Improvement

We may use aggregated, anonymized, or de-identified data derived from platform usage to improve system performance, analyze usage patterns, and enhance internal quantitative infrastructure. We do not use identifiable personal data to train external AI models without your explicit authorization.

5. Data Sharing and Disclosure

We do not sell personal information. We do not share personal information for third-party advertising or marketing purposes. We may share information in the following limited circumstances:

5.1 Service Providers

We share data with vendors who assist in operating the Service, including hosting providers, analytics services, payment processors, and infrastructure vendors. These providers are contractually obligated to protect your data and may only use it for the specific purpose for which it was shared. Current categories of subprocessors include cloud infrastructure, payment processing (Stripe, Inc.), authentication services, and analytics and monitoring tools.

5.2 Legal and Compliance Disclosures

We may disclose information to comply with applicable law, regulation, or legal process; in response to a valid court order, subpoena, or government request; to protect the rights, property, or safety of Company, its users, or the public; or to prevent fraud, investigate violations of our Terms, or enforce our legal rights.

5.3 Business Transfers

In connection with a merger, acquisition, or asset sale, user information may be transferred as part of the transaction. We will provide reasonable notice prior to personal information being transferred and becoming subject to a different privacy policy.

5.4 Enforcement and Abuse Prevention

We may use and disclose information — including API telemetry, request logs, and watermark signal analysis — to detect abuse, enforce contractual restrictions, investigate violations of our Terms of Use, and pursue available legal remedies.

6. Data Retention

We retain personal data only as long as necessary to provide the Service and maintain your account; comply with legal obligations; resolve disputes; and enforce our agreements. Specifically:

• Account information is retained for the duration of your subscription and for three (3) years following account closure, unless required otherwise by law.
• API request logs and telemetry data are retained for up to two (2) years for security, abuse prevention, and compliance purposes.
• Payment and billing records are retained as required by applicable financial and tax regulations.
• Aggregated, anonymized usage data may be retained indefinitely as it does not constitute personal information.

7. Data Security

We implement reasonable administrative, technical, and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encrypted storage of passwords and sensitive credentials, TLS/HTTPS encryption for data in transit, access controls and authentication requirements for internal systems, monitoring and logging of system activity, and regular security reviews.

You are responsible for maintaining the confidentiality of your account credentials and API keys. Report any suspected unauthorized access to security@fieldcrestventures.com.

8. Third-Party Services and Integrations

The Service integrates with third-party services, including broker platforms and market data providers. We are not responsible for the privacy practices or security of any third-party service. Your use of third-party services is governed by those parties' own privacy policies and terms.

9. Your Rights and Choices

Regardless of jurisdiction, you may: access and update your account information through account settings; cancel your subscription at any time; request deletion of your account by contacting privacy@fieldcrestventures.com; and opt out of non-essential marketing communications. We may require identity verification before fulfilling requests. See Section 16 for jurisdiction-specific rights.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain sessions, analyze usage, and improve platform functionality. Essential cookies are required for platform functionality and cannot be disabled without impairing the Service. Analytics cookies are optional and may be disabled via Cookie Settings. See our Cookie Policy for full details.

11. International Data Transfers

FieldCrest Ventures LLC is based in the United States. If you access the Service from outside the United States, your personal data will be transferred to and processed in the United States. By using the Service, you acknowledge and consent to such transfer. Where required by applicable law, we implement appropriate safeguards including Standard Contractual Clauses.

12. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a minor, please contact privacy@fieldcrestventures.com.

13. Limitation of Liability — Data and Privacy

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, COMPANY SHALL NOT BE LIABLE FOR: (i) UNAUTHORIZED ACCESS TO YOUR DATA BY THIRD PARTIES DESPITE REASONABLE SECURITY MEASURES; (ii) SECURITY BREACHES CAUSED BY YOUR FAILURE TO MAINTAIN ACCOUNT SECURITY; (iii) DATA LOSS OR CORRUPTION RESULTING FROM THIRD-PARTY INFRASTRUCTURE FAILURES; (iv) ACTIONS OF THIRD-PARTY SERVICE PROVIDERS OPERATING UNDER THEIR OWN PRIVACY POLICIES; OR (v) MISUSE OF INFORMATION BY OTHER USERS OR THIRD PARTIES.

14. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email with at least 14 days' notice. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

15. Contact

• Privacy requests: privacy@fieldcrestventures.com
• Security reports: security@fieldcrestventures.com
• Legal notices: legal@fieldcrestventures.com
• Mailing address: FieldCrest Ventures LLC, Palm Beach Gardens, Florida

16. Additional Privacy Rights — GDPR & CCPA

16.1 Scope

This section applies to users located in: (i) the European Economic Area (EEA); (ii) the United Kingdom; and (iii) the State of California. It supplements the general Privacy Policy above.

16.2 GDPR Rights — EU and UK Users

If you are located in the EEA or United Kingdom, you have the following rights under GDPR:

• Right of Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate or incomplete personal data.
• Right to Erasure — Request deletion of your personal data, subject to our legal obligations.
• Right to Restriction — Request that we restrict processing of your personal data in certain circumstances.
• Right to Data Portability — Where processing is based on consent or contract, request your data in a structured, machine-readable format.
• Right to Object — Object to processing based on legitimate interests, including profiling.
• Right to Withdraw Consent — Where processing is based on consent, withdraw consent at any time without affecting the lawfulness of prior processing.

Contact privacy@fieldcrestventures.com to exercise these rights. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

16.3 Legal Basis for Processing (GDPR)

• Contractual Necessity (Art. 6(1)(b)) — Account registration, service delivery, billing, and support.
• Legitimate Interests (Art. 6(1)(f)) — Security monitoring, abuse prevention, fraud detection, API telemetry, platform improvement, and enforcement of Terms.
• Legal Obligation (Art. 6(1)(c)) — Compliance with applicable laws and lawful government requests.
• Consent (Art. 6(1)(a)) — Analytics cookies and non-essential tracking technologies.

16.4 International Transfers (GDPR)

Your data may be transferred to and processed in the United States. Where such transfers occur, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission.

16.5 CCPA/CPRA Rights — California Users

California residents have the following rights under the CCPA as amended by the CPRA:

• Right to Know — Request disclosure of the categories and specific pieces of personal information we have collected, the sources, purposes, and third parties with whom we share it.
• Right to Delete — Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct — Request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing — We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Right to Limit Sensitive Data Use — We do not use sensitive personal information for purposes beyond providing the Service.
• Right to Non-Discrimination — We will not discriminate against you for exercising your California privacy rights.

To submit a California privacy request, contact privacy@fieldcrestventures.com. You may designate an authorized agent to make requests on your behalf, subject to verification.

16.6 Data Categories (CCPA Disclosure)

In the preceding 12 months, we have collected: Identifiers (name, email, IP address); Internet activity information (usage data, API logs); Commercial information (subscription and billing data); and Professional information (organization name, if provided). We have not sold any of these categories.