Legal
Last updated: March 24, 2026
This Privacy Policy describes how Prometheus Signal (“Prometheus Signal,” “we,” “us,” or “our”) collects, uses, stores, and shares information when you use our websites, dashboards, APIs, and related services (collectively, the “Service”). It applies whether you use the Service as an individual or on behalf of an organization. By using the Service, you acknowledge the practices described here. Our Terms of Service also apply.
Our approach. We aim to measure how content and campaigns perform— attribution, conversion, and product usage—rather than to build invasive profiles of individuals. In short: we track performance, not people. The sections below describe what we collect, how we attribute outcomes, and your choices.
We collect information in the following categories:
Account and profile. When you register or sign in, we collect identifiers and credentials such as your name, email address, and a password hash (we do not store your password in plain text). We may collect similar contact details if you correspond with us.
Organization and workspace data. If you create or join workspaces (for example businesses or brands within the dashboard), we store the names and settings you provide, associations between your account and those workspaces, and related configuration.
Content and operational data. We process content you upload, enter, or generate through the Service—such as post ideas, captions, hashtags, media assets, schedules, queue items, approval states, and similar materials—so we can run features you request (planning, generation, scheduling, publishing workflows, and related analytics you see in the product).
Integrations and third-party connections. When you connect third-party services (for example social or publishing platforms or scheduling tools), we may receive and store account identifiers, tokens or keys you authorize, channel or profile metadata, and operational data needed to maintain those connections. Those providers also process information under their own policies and under data processing agreements where applicable.
Technical and usage data. We automatically collect certain technical information when you use the Service, such as IP address, device and browser type, approximate location derived from IP, timestamps, pages or endpoints accessed, diagnostic logs, and similar data used for security, reliability, debugging, and improvement.
Cookies and similar technologies. We use cookies and similar technologies to operate the Service—for example to keep you signed in, remember preferences, and protect against abuse. We distinguish essential cookies from optional analytics where applicable; see Section 15 for EU/UK consent. You can control cookies through your browser settings; disabling some cookies may limit functionality.
We use the information above to:
We do not sell your personal information as that term is commonly defined in U.S. state privacy laws. Features that use third-party AI or hosting providers send only what is needed to perform the feature; those providers process data under their own policies and under data processing agreements where applicable, in addition to any contractual terms between you and them or us and them.
Where laws such as the GDPR apply, we rely on one or more of the following: performance of a contract with you; legitimate interests (for example securing the Service, improving the product, and communicating with you in a proportionate way), provided those interests are not overridden by your rights; consent where we ask for it; and legal obligation.
We may share information in these situations:
We retain information for as long as your account is active, as needed to provide the Service, and as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods can vary by data type; for example, security logs may be kept for a limited period, while billing records may be kept longer where the law requires. When data is no longer needed, we delete or de-identify it where feasible.
We implement technical and organizational measures designed to protect information against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure; we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and for the security of devices you use to access the Service.
We may process and store information in the United States and other countries where we or our providers operate. Those countries may have different data-protection laws than your own. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers from the EEA, UK, or Switzerland.
Depending on where you live, you may have rights to access, correct, delete, or export certain personal data; to object to or restrict certain processing; to withdraw consent where processing is consent-based; and to lodge a complaint with a supervisory authority. You may also have the right to opt out of certain uses of data under U.S. state laws, where applicable.
To exercise rights, contact us using the information on our Contact page. We may need to verify your identity before responding. You can update some account details directly in the dashboard where available.
The Service is not directed to children under 13 (or the age required in your jurisdiction), and we do not knowingly collect personal information from them. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.
If the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA) applies, you may have additional rights regarding access, deletion, correction, and opt-out of certain sharing. We do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined under California law, except as described in this policy. To submit a request, use Contact.
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the “Last updated” date. If changes are material, we may provide additional notice. Continued use of the Service after the effective date constitutes acceptance of the updated policy where permitted by law.
To operate attribution, growth analytics, and the product loop that connects content performance to business outcomes (including the Prometheus Signal planning and measurement workflow), we may record and correlate events along paths such as post → click → signup → paid (and similar funnels you configure). To do this we may use:
We may perform cross-session attribution—for example first-touch or multi-touch models—so an earlier visit or marketing touch can be associated with a later conversion. If you operate your own landing pages or ads, you are responsible for disclosures and consents required in your context.
We rely on subprocessors—third-party providers—to run the Service. That includes categories such as hosting and infrastructure, analytics and observability, artificial intelligence and ML APIs, payments and billing, email and communications, and security. They process personal data on our behalf only as needed to deliver those functions, under confidentiality obligations and data processing agreements where applicable.
A live, category-level list with representative providers is maintained at Subprocessors. We update that page when we add or replace material subprocessors.
When you delete your account or request erasure of personal data, we will delete or de-identify your account profile and associated workspace content within approximately thirty (30) days, unless a longer or shorter period is required or permitted by law.
We may retain certain data after closure, including: billing, invoicing, and tax records; information needed to resolve disputes or enforce our agreements; and security, abuse-prevention, and operational logs for limited periods consistent with Section 5 (Retention). Backup and disaster-recovery systems may retain residual copies until they expire according to technical retention schedules.
To request deletion or to exercise other rights, use Contact.
We treat cookies and similar technologies in two broad groups: essential (strictly necessary) cookies required for authentication, security, fraud prevention, and core functionality; and, where we deploy them, analytics or performance cookies that help us understand how the Service is used.
Where the GDPR, UK GDPR, or similar laws require consent for non-essential cookies or comparable tracking, we obtain your consent before activating those technologies (for example via a cookie banner or preference center). You may withdraw consent at any time through that mechanism or your browser settings; disabling essential cookies may prevent sign-in or other core features from working.
If we become aware of a personal data breach that affects your information and the law requires notification, we will inform you and, where mandatory, supervisory authorities, in accordance with applicable timelines (for example without undue delay under the GDPR, where that standard applies). Notice may describe the nature of the incident, likely consequences, and steps we are taking, subject to legitimate restrictions such as law-enforcement or security investigations.
We do not use your personal data or your Service content to train our own or third-party foundation or general-purpose models for broad model training. Third-party AI providers process inputs and outputs solely to deliver the features you invoke, under their terms and data processing agreements where applicable; where a provider offers settings to disable training on customer content, we configure those options when available.
We may use aggregated or de-identified information (that does not identify you) to improve reliability, security, and features of the Service.
For privacy-related questions or requests, contact us through Contact. For privacy matters specifically, you may use the email channel that best fits your inquiry (for example support@prometheus-signal.com for general account and product questions).