Privacy Notice
Last Updated: December 21, 2025
Your privacy is important to us. This notice explains how SignalDeck collects, uses, and protects your information.
📋 Table of Contents
1️⃣ Information We Collect
Account Information
When you create a SignalDeck account, we collect:
- Company name and business information
- Contact email address
- Billing and payment information (processed securely via third-party payment providers)
- API credentials and authentication tokens
Decision Data
When you use our API to make decisions, we collect:
- Decision Identifiers (UUIDs) – Unique identifiers for each decision request
- Risk Scores & Model Outputs – Numerical scores and decision recommendations
- Anonymized IP Addresses – IP addresses with last octet removed (e.g., 192.168.1.xxx) for security monitoring
- Timestamps & Metadata – Request timestamps, pipeline names, vertical categories
⚠️ Important: We do NOT collect or store: Social Security Numbers (SSN), credit card numbers, customer names, account numbers, phone numbers, email addresses (except your business contact), home addresses, or other Personally Identifiable Information (PII) from your API requests.
🚀 Pre-Incorporation Notice: SignalDeck™ is currently operated by Tayron Portillo (individual) under the brand "iQuelo — SignalDeck™" while in stealth mode. Upon securing funding or incorporation, these policies will be updated to reflect the new legal entity.
Usage Data
We automatically collect technical information about your use of the service:
- API request logs (anonymized IP, endpoints, response times)
- Browser type, device information, operating system
- Session duration, page views, feature usage statistics
2️⃣ How We Use Your Information
We use the collected information for the following purposes:
🎯 Service Provision
To provide, maintain, and improve the SignalDeck decision engine API and SaaS platform.
🔐 Security & Fraud Prevention
To detect and prevent fraud, unauthorized access, rate limit abuse, and security threats.
📊 Analytics & Optimization
To analyze usage patterns, optimize model performance, and improve decision accuracy.
⚖️ Compliance & Legal Obligations
To comply with applicable laws, regulations (FCRA, GLBA, ECOA, CCPA), and legal processes.
📧 Transactional Communications
We send essential emails related to your account and billing, including:
- Invoices and receipts when generated or paid
- Payment failure notifications when charges fail to process
- Subscription change confirmations
- Security alerts and account verification
These transactional emails are necessary for the operation of your account and cannot be disabled while you have an active subscription.
3️⃣ Operational Alerts & Monitoring
🔔 Discord Webhook Alerts
SignalDeck uses Discord webhooks to send internal operational alerts to our private monitoring channel. These alerts help us maintain system reliability and security.
What We Send to Discord:
- Anonymized IP Prefixes – Last octet removed (e.g., 192.168.1.100 becomes 192.168.1.xxx)
- Decision IDs (UUIDs) – Unique identifiers like "dec_123e4567-e89b-12d3-a456-426614174000"
- Risk Scores & Anomaly Scores – Numerical values (e.g., 0.85, 0.75)
- System Event Types – "Rate limit exceeded", "High risk decision", "Authentication failure"
- Timestamps & Context – Date/time, pipeline names, error codes
What We DO NOT Send to Discord:
- ❌ Social Security Numbers (SSN)
- ❌ Credit card numbers
- ❌ Customer names or personal identifiers
- ❌ Account numbers or financial account details
- ❌ Phone numbers or email addresses
- ❌ Home addresses or other PII
✅ CCPA/GLBA Compliance: All data sent to Discord is automatically sanitized before transmission. IP addresses are anonymized, sensitive fields are blocked, and text is truncated to 500 characters maximum for data minimization.
Discord Server: Our Discord webhook sends alerts to a private server accessible only to authorized SignalDeck administrators. The channel is not public and messages are not shared with third parties.
Purpose: Discord alerts enable us to respond quickly to:
- Security incidents (brute force attacks, suspicious activity)
- System errors requiring immediate attention
- High-risk decisions that may indicate model drift
- Rate limit abuse or API misuse
4️⃣ Data Sharing & Disclosure
We do NOT sell your personal information. We may share data in the following limited circumstances:
Service Providers
We use trusted third-party service providers who assist in operating our platform:
- Discord Inc. – Operational alert delivery via webhooks (anonymized data only)
- Cloud Hosting Providers – Secure data storage and compute infrastructure
- Stripe & LemonSqueezy – Payment processing and subscription management (PCI-DSS compliant, Merchant-of-Record model)
- Email Service Providers – Transactional emails and system notifications
Legal Requirements
We may disclose information if required to do so by law or in response to:
- Valid legal process (subpoenas, court orders)
- Government requests or regulatory investigations
- Enforcement of our Terms of Service
- Protection of our rights, property, or safety
5️⃣ Data Security
We implement industry-standard security measures to protect your information:
6️⃣ Your Rights (CCPA & GDPR)
☀️ California Residents (CCPA)
Under the California Consumer Privacy Act (CCPA), you have the right to:
- Know what personal information we collect and how it's used
- Access your personal information (free, twice per 12 months)
- Delete your personal information (with some exceptions)
- Opt-out of the sale of your personal information (we do NOT sell data)
- Non-discrimination for exercising your privacy rights
To exercise your rights: Email contact@iquelo.com with subject "CCPA Request"
🇪🇺 EU/UK Residents (GDPR)
Under the General Data Protection Regulation (GDPR), you have the right to:
- Access your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing
- Data portability (receive data in structured format)
- Object to processing based on legitimate interests
- Lodge a complaint with your supervisory authority
To exercise your rights: Email contact@iquelo.com with subject "GDPR Request"
We will respond to verified requests within 30 days (CCPA) or 1 month (GDPR). Verification requires confirming your identity via account email or additional documentation.
7️⃣ Regulatory Compliance
SignalDeck is designed to comply with the following U.S. regulations:
⚖️ FCRA (Fair Credit Reporting Act)
We do not provide "consumer reports" as defined by 15 U.S.C. § 1681. Decision IDs and risk scores are provided to authorized business users only.
🏛️ GLBA (Gramm-Leach-Bliley Act)
Financial information privacy is protected through encryption, access controls, and data minimization. No customer financial information is sent to Discord or other third-party monitoring tools.
🤝 ECOA (Equal Credit Opportunity Act)
Our AI models do not use prohibited bases (race, religion, national origin, sex, marital status, age) for credit decisions. Fairness metrics are monitored daily.
☀️ CCPA (California Consumer Privacy Act)
IP addresses are anonymized (Cal. Civ. Code § 1798.140(o)). California residents have enhanced privacy rights detailed in Section 6 above.
8️⃣ Contact Us
If you have questions about this Privacy Notice or want to exercise your privacy rights, please contact us:
📧 Email:
🏢 Mailing Address:
iQuelo — SignalDeck™
c/o Tayron Portillo
Athens, GA 30601
United States
⏰ Response Time:
We respond to privacy requests within 30 days (CCPA) or 1 month (GDPR)
Last Updated: December 21, 2025
This Privacy Notice may be updated periodically. We will notify you of material changes via email or through the platform.