← Signal

Privacy Policy

Last updated: 1 June 2026

Signal (“we”, “our”, “us”) operates the Signal web application at signal-theta-one.vercel.app and the Signal – Meta Ad Sync Chrome extension. This policy explains what data we collect, why, and how we protect it.

1. Chrome Extension

What it accesses

The extension runs only on facebook.com/ads/library/*. It intercepts GraphQL responses from Meta’s public Ad Library to capture ad creative data (headlines, body copy, images, run dates) as you browse. It does not access any other Facebook pages, your Facebook account, personal messages, or profile data.

What it stores locally

Captured ads are held temporarily in Chrome’s local storage (chrome.storage.local) until you click “Sync to Signal”. This data never leaves your device except when you explicitly sync it.

What it sends to Signal

When you click Sync, the extension sends the captured ad data — headlines, body copy, image URLs, and run-date metadata — to the Signal server (signal-theta-one.vercel.app) authenticated by your personal API key. No Facebook login credentials or personal account data are ever transmitted.

Permissions used

  • storage — cache your API key and captured ads between sessions
  • scripting — inject the network interceptor into the Ad Library page to capture ad data before the page renders it
  • tabs — detect when you’re on a brand’s Ad Library page
  • facebook.com host permission — required to run on the Meta Ad Library
  • signal-theta-one.vercel.app host permission — required to sync captured ads and auto-connect to your Signal account

2. Signal Web Application

Account data

When you create an account we collect your email address, name, and (if you use Google sign-in) your Google profile picture. Passwords are hashed with bcrypt and never stored in plain text.

Ad data

Ad creatives you sync are stored in our database (hosted on Neon/PostgreSQL via Vercel) and associated with your account. This data comes exclusively from Meta’s public Ad Library — it is publicly visible data that Meta makes available to all users.

AI processing

Ad headlines and body copy may be sent to Anthropic’s Claude API to classify creative attributes (hook type, messaging angle, format) and generate competitive insights. Anthropic’s privacy policy applies to this processing.

3. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following sub-processors:

  • Vercel — hosting and deployment
  • Neon — database
  • Anthropic — AI classification and insights
  • Google — OAuth sign-in (optional)

4. Data Retention

Your account data and synced ads are retained for as long as your account is active. You can delete your account and all associated data by contacting us. Locally cached extension data is cleared from your device when you click Disconnect in the extension popup.

5. Security

All data is transmitted over HTTPS. Passwords are bcrypt-hashed. API keys are generated with cryptographically secure random values. We do not store your Google OAuth tokens.

6. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing us. You can disconnect the extension at any time by clicking “Disconnect” in the popup, which removes all locally stored credentials.

7. Contact

Questions about this policy? Email privacy@signal-theta-one.vercel.app.