OffTrack Signal_ — Legal
Privacy Policy
Effective Date: April 10, 2026
1. Scope and Controller
This Privacy Policy describes how Ming-Cheng Chiu (“Company,” “we,” “us”) collects, uses, and shares personal data in connection with OffTrack Signal_ (“Service”).
- Service Data Controller: Ming-Cheng Chiu is the data controller for personal data collected in connection with your use of the Service.
- Payment Data Controller:Paddle.com Market Ltd (“Paddle”) acts as an independent controller for payment processing, invoicing, tax compliance, and fraud prevention. Paddle's Privacy Policy (available at paddle.com/legal/privacy) governs its data processing activities.
2. Data We Collect
2.1 Account Data
- Name, email address, and account credentials.
- Account preferences and settings.
2.2 Usage Data
- Search queries, intelligence parameters, and report generation events.
- Radar Fuel and Decryption Key consumption records (used for billing, dispute resolution, and service integrity).
- Timestamps and session identifiers.
2.3 Technical Data
- IP address, browser type and version, operating system.
- Cookies and similar tracking technologies (see Section 9).
- Server access logs and error logs.
2.4 Payment Identifiers
We do not collect or store full payment card data. Paddle receives and processes all payment credentials directly. We receive only a transaction identifier and confirmation status from Paddle.
2.5 OSINT Query Data
Queries and associated parameters you submit to the Service may contain third-party personal data. You represent that you have a lawful basis for submitting such data and that your use complies with applicable law. We process this data solely to execute your query and return results.
3. Purposes and Legal Bases
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the Service | Account, Usage, Technical | Contract performance |
| Process payments via Paddle | Transaction identifiers | Contract performance |
| Fraud prevention and security | Technical, Usage | Legitimate interests |
| Service improvement (aggregated/anonymized) | Usage | Legitimate interests |
| Legal and tax compliance | Account, Billing records | Legal obligation |
| Marketing communications (opt-in) | Consent |
4. Sharing and Disclosure
- Paddle: Transaction data is shared with Paddle as necessary for payment processing, tax compliance, and chargeback handling.
- Infrastructure Providers: Hosting and cloud providers operate under data processing agreements with appropriate safeguards.
- Analytics and Security Tools: Aggregate and anonymized data may be processed by analytics providers under contractual restrictions.
- Legal Obligations: We disclose data where required by court order, law, or regulatory authority.
- Business Transfers: In connection with a merger, acquisition, or asset sale, personal data may be transferred subject to equivalent confidentiality obligations.
We do not sell personal data.
5. International Transfers
Where personal data is transferred outside the European Economic Area (“EEA”) or United Kingdom (“UK”), we use appropriate safeguards, including Standard Contractual Clauses (“SCCs”) approved by the European Commission or the UK ICO, or rely on adequacy decisions where applicable.
6. Retention
- Account data: Retained for the duration of your account, plus a maximum of 36 months following account closure, unless longer retention is required by law.
- Consumption logs and billing records: Retained for 7 years from the transaction date, as required for tax and legal compliance.
- Usage/query logs: Retained for up to 24 months; aggregated and anonymized thereafter.
- Marketing consents: Retained until withdrawal of consent.
7. Security
We implement technical and organizational security measures, including: encryption of data in transit (TLS); access controls and authentication requirements for system access; regular security assessments; and incident response procedures. No system is entirely secure, and we cannot guarantee absolute security.
8. Your Rights
GDPR / UK GDPR (EU and UK residents)
- Access: Request a copy of personal data we hold.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: Request deletion, subject to legal retention obligations.
- Restriction: Request we limit processing while a dispute is pending.
- Portability: Receive data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Complaint: Lodge a complaint with your local supervisory authority.
CCPA / CPRA (California residents)
- Right to Know: Request disclosure of categories and specific pieces of personal information collected.
- Right to Delete: Request deletion of personal information.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell personal information.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
To exercise any right, contact us at support@offtracksignal.app. We will respond within the timeframes required by applicable law.
9. Cookies
We use cookies and similar technologies for: session management (strictly necessary); analytics (performance cookies, requiring consent where applicable); and optional marketing/retargeting (requiring explicit consent). You can manage cookie preferences via the cookie consent tool displayed on the Service or through your browser settings.
10. Children
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected such data, we will delete it promptly.
11. Data Protection Contact
OffTrack Signal_ (operated by Ming-Cheng Chiu)
14F.-15, No. 188, Sec. 4, Chenggong Rd., Neihu Dist., Taipei City 114049, Taiwan (R.O.C.)
support@offtracksignal.app12. Changes
We will notify you of material changes to this Privacy Policy via email or in-app notice at least 14 days before the effective date of any revision. Continued use of the Service after that date constitutes acceptance.