Privacy Policy
Last updated: February 2026
1. Who we are
Controller: Laura Otto Solutions, Gijsbrecht van Aemstelstraat 26, 2026 VH Haarlem, The Netherlands.
KvK: 94716501 · VAT: NL005104012B61
Contact: lauraottosolutions@gmail.com
Market Signal (“we”, “us”, “our”) provides an AI-powered market-research platform that analyzes publicly available online discussions and search-trend data to help users validate market needs (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use the Service.
Your use of the Service is also governed by our Terms of Service.
2. What personal data we process
2.1 Account and service use
- Email address and password (hashed).
- Search queries you submit and analysis metadata.
- Session identifiers, usage counts, subscription status.
Retention: Duration of account and subscription plus 1 year for licence/usage logs.
2.2 Billing and administration
- Name, email, billing address, payment status, subscription metadata (handled by Stripe). We never store full card numbers.
Retention: 7 years (Dutch statutory bookkeeping requirement where applicable).
2.3 AI analysis
- Your search queries and publicly available Reddit content are sent to OpenAI and Anthropic for real-time analysis only (inference).
- We do not use this data to train AI models. Processing is governed by our Data Processing Agreements with these providers.
Retention: Transient — not stored beyond the request/response cycle by the AI provider (per DPA terms).
2.4 Support and communications
- Support ticket content, contact details, attachments.
Retention: 2 years after resolution; attachments deleted within 90 days after issue closure.
2.5 Website usage and cookies
- Server logs: IP address, User-Agent, pages visited, timestamps. Retained for 90 days.
- Session cookie: Keeps you signed in. First-party, session duration. Strictly necessary — no consent required.
- Google Analytics (where you consent):
_ga(2 years),_ga_*(2 years). Third-party analytics cookies that collect anonymous page visit data, device type, and referrer information. We obtain consent before activating analytics in the EEA. Data retained for 26 months. - localStorage items:
ms_cookie_consent,ms_cookie_consent_set— store your cookie preference.ms_pending_query,ms_current_job_id— functional, session-scoped.
You can withdraw cookie consent at any time via the “Cookie Settings” link in the page footer.
3. How we use your information
- Provide, maintain, and improve the Service, including support, security, and troubleshooting.
- Retrieve publicly available data for analysis using third-party APIs (Reddit and DataForSEO).
- Process queries to generate insights with third-party AI providers (Anthropic and OpenAI).
- Process payments and manage accounts and subscriptions through Stripe.
- Comply with legal obligations.
4. Legal bases (EU/EEA)
- Performance of a contract (GDPR Art. 6(1)(b)) — providing the Service, account management, billing.
- Legal obligation (GDPR Art. 6(1)(c)) — bookkeeping, tax, fraud prevention.
- Legitimate interests (GDPR Art. 6(1)(f)) — improving and securing the Service, analytics (where consent is not required).
- Consent (GDPR Art. 6(1)(a)) — Google Analytics cookies in the EEA, optional communications.
Digital content and withdrawal. EU/EEA consumers have a 14-day right of withdrawal for distance contracts. For digital content supplied immediately, you may be asked to consent to immediate access before payment. By giving that consent, you acknowledge that you waive your right of withdrawal once performance has begun. This consent is obtained on our site before redirect to the payment provider. See our Terms of Service for details.
5. How we share information
We do not sell your personal data. We share it only with:
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| Stripe | Payments, billing | EU/US | DPA, SCCs |
| Railway | Hosting, database | EU (Amsterdam-West) | DPA |
| OpenAI | AI analysis (inference only) | US | DPA, SCCs |
| Anthropic | AI analysis (inference only) | US | DPA, SCCs |
| Reddit API | Public data retrieval | US | No PII sent |
| DataForSEO | Search trend data | EEA (Estonia) | No PII sent |
| Google Analytics | Website analytics (consent) | US | Consent, SCCs |
We may also share data with authorities or other parties when required by law or to protect rights, safety, or property.
6. International transfers
OpenAI, Anthropic, and Google Analytics are US-based. We use Standard Contractual Clauses (SCCs) and Data Processing Agreements (DPAs) as the transfer mechanism under GDPR Art. 46(2)(c). Railway is hosted in the EU (Amsterdam-West). Stripe has EU entities (Stripe Payments Europe) and SCCs as applicable.
7. Business transfers
If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to this Privacy Policy.
8. Security
We employ industry-standard technical and organisational measures to protect your data, including: TLS encryption in transit, access controls, password hashing, session security (HttpOnly, Secure, SameSite flags), rate limiting, and vendor DPAs. No online service is 100% secure; you use the Service at your own risk.
9. Children’s privacy
The Service is not intended for persons under 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.
10. Your rights
Under the GDPR, you have the right to:
- Access — obtain a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your data (subject to legal retention obligations).
- Restriction — restrict processing in certain circumstances.
- Objection — object to processing based on legitimate interests.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent — at any time, without affecting the lawfulness of prior processing.
To exercise these rights, contact us at lauraottosolutions@gmail.com. We will respond within one month.
11. Complaints
You have the right to lodge a complaint with a supervisory authority. In the Netherlands: Autoriteit Persoonsgegevens.
12. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date indicates when changes were last made. Material changes will be notified via email or prominent notice on the Service.
13. Contact
If you have questions about this policy or our privacy practices, contact us at lauraottosolutions@gmail.com.