Skip to main content
Signal990

Privacy Policy

Effective Date: February 11, 2026 · Last Updated: February 11, 2026

1. Introduction

This Privacy Policy describes how JS Ventures Holdings LLC, doing business as Signal990 ("Signal990," "we," "us," or "our"), collects, uses, discloses, and protects your personal information when you access or use our website at signal990.com, our web application, and any related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your email address and password (stored in hashed form). You may optionally provide your name, organization name, job title, and organization details.
  • Organization and Mission Data: If you use our AI-powered matching features, you may provide your organization's mission statement, focus areas, geographic service area, and budget range. This information is used solely to generate foundation matches and is associated with your account.
  • Saved Lists and Preferences: We store foundations you star, lists you create, notes you add, and export history.
  • Payment Information: When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We do not receive, store, or have access to your full credit card number. We receive only a tokenized reference, your billing name, the last four digits of your card, card expiration date, and billing address from Stripe for record-keeping and customer support purposes.
  • Communications: If you contact us via email or other channels, we retain the content of those communications.

2.2 Information Collected Automatically

  • Usage Data: We collect information about how you interact with the Service, including pages viewed, searches performed (search queries, filters applied), features used, and click patterns.
  • Device and Browser Information: We collect your IP address, browser type and version, operating system, device type, screen resolution, and language preference.
  • Cookies and Similar Technologies: We use essential cookies for authentication and session management. We may use analytics cookies to understand Service usage. See Section 7 for details.
  • Log Data: Our servers automatically record information including your IP address, access times, pages viewed, referring URL, and actions taken within the Service.

2.3 Information from Third-Party Services

  • Authentication Providers: If we offer social login options (e.g., Google), we receive your name, email address, and profile picture from the provider, as authorized by you.
  • Stripe: We receive transaction confirmations, subscription status, and limited billing details from Stripe.

2.4 Information We Do NOT Collect

  • We do not collect sensitive personal information such as Social Security numbers, government-issued identification numbers, financial account numbers (other than through Stripe as described above), biometric data, or health information.
  • We do not knowingly collect information from children under 16 years of age. See Section 13 for details.

3. How We Use Your Information

3.1 To Provide and Operate the Service

  • Authenticate your identity and manage your account
  • Process your searches and deliver foundation matching results
  • Generate AI-powered recommendations based on your organization's mission and characteristics
  • Maintain your saved lists, starred foundations, and preferences
  • Process payments and manage your subscription

3.2 To Improve the Service

  • Analyze usage patterns to improve features, user experience, and performance
  • Debug errors, monitor system health, and maintain security
  • Develop new features based on aggregate usage trends

3.3 To Communicate with You

  • Send transactional emails (account confirmation, password resets, payment receipts, subscription changes)
  • Send Service-related announcements (maintenance, security alerts, policy changes)
  • With your consent, send product updates, new feature notifications, or newsletters (you may opt out at any time)

3.4 To Ensure Security and Compliance

  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service
  • Comply with legal obligations

4. How We Process Your Data with AI

4.1 AI-Powered Matching

When you use our AI matching features, your organization's mission statement, focus areas, location, and budget range are processed by third-party AI services (currently OpenAI and Anthropic) to generate numerical vector embeddings. These embeddings are mathematical representations used to compare your organization against foundation giving patterns.

4.2 AI-Generated Summaries

We use AI services to generate summaries of foundation profiles, grant trends, and recommendations. These summaries are generated from publicly available IRS 990 data and are cached on our servers.

4.3 Data Sent to AI Providers

We send to our AI providers only the minimum data necessary to perform the requested function:

  • For matching: your organization's mission text, focus areas, location, and budget range
  • For summaries: publicly available foundation data from IRS 990 filings

We do NOT send your email address, name, payment information, or other personal identifiers to AI providers. Our AI providers' use of data is governed by their respective data processing agreements with us, which contractually prohibit the use of data submitted via their APIs for model training purposes. As of the effective date, we use OpenAI (governed by their API Data Usage Policy, which states API inputs are not used to train models) and Anthropic (governed by their API Terms of Service and data usage policies, which similarly prohibit use of API inputs for training).

4.4 No Automated Decision-Making with Legal Effects

Our AI features provide informational recommendations only. No automated decisions are made that produce legal effects or similarly significant effects on you. All AI-generated content is advisory, and you are solely responsible for your grant-seeking decisions.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share information only in the following limited circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your data:

ProviderPurposeData Shared
Supabase (Supabase, Inc.)Database hosting, authenticationAccount data, usage data, saved lists
Stripe (Stripe, Inc.)Payment processingBilling name, email, payment method
Vercel (Vercel, Inc.)Application hostingIP address, usage data (via server logs)
OpenAI (OpenAI, LLC)AI embeddings and matchingOrganization mission, focus areas, location
Anthropic (Anthropic, PBC)AI summaries and insightsPublicly available foundation data

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests, provided we make commercially reasonable efforts to notify you unless prohibited by law.

5.3 Protection of Rights

We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Service, or as otherwise required by law.

5.4 Business Transfers

If JS Ventures Holdings LLC is involved in a merger, acquisition, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on our Service of any change in ownership or uses of your personal information, as well as any choices you may have.

5.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Public Data Disclaimer

The Service displays information derived from publicly available IRS 990 and 990-PF tax filings, which are public records maintained by the Internal Revenue Service. This includes foundation names, Employer Identification Numbers (EINs), grant amounts, recipient organizations, officer names, asset totals, and other data reported on these forms. We do not consider this publicly available government data to be personal information subject to this Privacy Policy. We aggregate, organize, and present this public data but do not alter the underlying public records.

7. Cookies and Tracking Technologies

7.1 Essential Cookies

We use strictly necessary cookies for authentication (maintaining your logged-in session) and security (CSRF protection). These cookies cannot be disabled as they are required for the Service to function.

7.2 Analytics

We may use privacy-respecting analytics tools to collect aggregate, anonymized usage data. We do not use invasive tracking technologies, and we do not share analytics data with advertising networks.

7.3 No Third-Party Advertising

We do not serve third-party advertisements on the Service and do not use advertising cookies, tracking pixels, or similar technologies for advertising purposes.

7.4 Do Not Track

We honor Do Not Track (DNT) signals from your browser. When we detect a DNT signal, we disable any non-essential analytics tracking.

8. Data Retention

  • Account Data: We retain your account information for as long as your account is active. Upon account deletion, we delete or anonymize your personal data within 30 days, except as required for legal compliance or legitimate business purposes (e.g., financial records required for tax purposes).
  • Usage Logs: Server logs containing IP addresses and access data are retained for no more than 90 days, after which they are deleted or anonymized.
  • Payment Records: Transaction records are retained for 7 years as required by applicable tax and financial regulations.
  • AI-Generated Data: Embeddings generated from your organization data are deleted within 30 days of account deletion. Cached AI summaries of public foundation data are retained independently as they are derived from public records.
  • Saved Lists and Preferences: Deleted within 30 days of account deletion.

9. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest
  • Hashed password storage (bcrypt via Supabase Auth)
  • Row-level security policies on database tables
  • Regular security updates and dependency patching
  • Access controls limiting employee access to personal data on a need-to-know basis

No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and any applicable regulatory authorities as required by law.

10. Your Rights and Choices

10.1 Account Management

You may access, update, or correct your account information at any time through your account settings.

10.2 Account Deletion

You may request deletion of your account and associated personal data by emailing privacy@signal990.com or using the account deletion feature in your settings. We will process deletion requests within 30 days.

10.3 Data Export

You may request a copy of your personal data in a portable format by contacting privacy@signal990.com. We will fulfill such requests within 30 days.

10.4 Email Communications

You may opt out of non-essential emails (newsletters, product updates) at any time by clicking the "unsubscribe" link in any such email or updating your preferences in account settings. You cannot opt out of transactional emails necessary for Service operation (e.g., payment receipts, security alerts).

10.5 Cookie Preferences

You may control non-essential cookies through your browser settings. Disabling essential cookies may impair Service functionality.

11. State-Specific Privacy Rights

11.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, and disclose
  • Delete your personal information, subject to certain exceptions
  • Opt out of the sale or sharing of personal information — we do not sell or share your personal information as defined under the CCPA/CPRA
  • Non-discrimination for exercising your privacy rights
  • Correct inaccurate personal information
  • Limit use of sensitive personal information — we do not collect sensitive personal information as defined under the CPRA

To exercise these rights, contact us at privacy@signal990.com. We will verify your identity before processing any request.

In the preceding 12 months, we have collected the categories of personal information described in Section 2. We have not sold personal information, nor have we shared personal information for cross-context behavioral advertising.

11.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and Other State Laws

Residents of states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out of certain data processing. To exercise any applicable rights, contact privacy@signal990.com.

11.3 Nevada Residents

We do not sell your personal information as defined under Nevada SB 220. If you wish to submit a verified request to opt out of any future sale, contact privacy@signal990.com.

12. International Users

The Service is operated from the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to this transfer. We do not currently target or market the Service to individuals in the European Economic Area, United Kingdom, or other jurisdictions with cross-border data transfer restrictions.

13. Children's Privacy

The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete such information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@signal990.com.

14. Third-Party Links

The Service may contain links to third-party websites, including foundation websites, nonprofit websites, and IRS resources. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party site you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (at the address associated with your account) or by posting a prominent notice on the Service at least 30 days prior to the changes taking effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

JS Ventures Holdings LLC d/b/a Signal990
Email: privacy@signal990.com

We will respond to all privacy-related inquiries within 30 days.

© 2026 JS Ventures Holdings LLC. All rights reserved.

    Privacy Policy | Signal990