Last updated: 2026-07-10
DRAFT — not legal advice. This is a practical starting point tailored to the Funding Signals API's compliance-first design. Have a qualified lawyer review it (and register any required data-controller details) before relying on it.
Funding Signals ("we", "us") operates an API that identifies recently-funded companies from public sources. For questions or data requests, contact michalis.solomu@gmail.com.
We deliberately process only publicly available business information:
| Category | Source | Examples |
|---|---|---|
| Company funding facts | Public SEC EDGAR Form D filings & public funding-news feeds | company name, raise amount, filing date, industry, jurisdiction |
| Company enrichment | The company's own public website | domain, generic role emails (info@, sales@, contact@…) |
| API customer data | Provided by you / your marketplace | account identifier, email, API usage counts |
We do not: - collect or store personal email addresses (only generic role addresses tied to a company); - scrape LinkedIn or use gated personal-data brokers; - store full article text from news sources (we keep facts + a source link only).
Where the data relates to individuals within a business context (e.g. a generic role inbox), we rely on legitimate interest (Art. 6(1)(f) GDPR): providing B2B sales intelligence from information that is already public, balanced against the limited, business-only nature of the data. We do not process special-category data.
We do not sell personal data.
Any company or individual can request access to, correction of, or erasure of their information, and can opt out of being included:
POST /v1/optout?email=<address> — the address
is added to a permanent suppression list and excluded from future outreach and
results.You also have the right to lodge a complaint with your local data-protection authority.
We use infrastructure providers to run the Service (e.g. cloud hosting, and — for billing — Stripe if you subscribe directly, or the API marketplace you subscribe through otherwise). They act as processors under appropriate terms. We do not otherwise share data with third parties except as required by law.
We apply reasonable technical measures (encrypted transport, access controls, API-key authentication, per-key rate/quota limits). No system is perfectly secure; we cannot guarantee absolute security.
Data may be processed on servers outside your country (e.g. the United States, where our hosting region is located). Where required, appropriate safeguards apply.
We may update this policy; the "Last updated" date reflects the current version.
Privacy questions or requests: michalis.solomu@gmail.com