Last updated 2026-05-24 · DRAFT

Privacy Policy.

What we collect, how we use it, what we share with third parties, and how to exercise your rights over your data. Written operator-direct — no boilerplate buried.

Request data deletionEmail questions
DRAFT — awaiting counsel review. This policy is published in good faith and accurately describes current practice. It will be replaced with a counsel-reviewed version before charter outreach scales beyond the hand-picked cohort. If anything here conflicts with what we tell you in writing or in a contract, the contract governs.

1. Who we are

Seven16 Intel, a Seven16 Group product.

Seven16 Intel is operated by Seven16 Group. We process data described below as the “controller” under GDPR terminology — i.e., we decide what data is collected and what it’s used for. Where you contact us about your data, you’ll be talking to a human at hello@seven16group.com.

This policy covers the Seven16 Intel product at seven16intel.com (legacy traffic on agencysignal.co and directory.seven16group.com 308-redirects here). It does not cover other Seven16 Group products (DOT Intel, DOTCarriers, DOTAgencies, Bind Lab) which publish their own policies on their own domains.

2. What we collect

The minimum needed to run the product.

Account data you give us

  • · Email address (required to sign in)
  • · Full name (optional; helps us address you correctly)
  • · Password (hashed via Supabase Auth; we never see the plaintext)
  • · Organization name (if you create or join a team)

Usage data we observe

  • · Pages you visit (via Vercel Analytics — anonymized, no third-party cookies)
  • · Search filters you run and lists you save (so we can show them back to you)
  • · Export history (credits charged, files generated)
  • · IP address and user-agent (for security logs + rate-limiting, retained 30 days)
  • · Errors and crashes (via Sentry — stack traces, page URL, user ID)

Payment data we never see

When you pay, you do so via Stripe. We see only the transaction reference, plan tier, and status — never your card number, expiration, CVV, or billing address. Stripe is the controller of payment data; their policy at stripe.com/privacy governs that path.

3. How we use it

Run the product, secure it, and improve it. Nothing else.

We use the data above to: authenticate you and authorize what you can see; serve features (search, lists, exports); bill you accurately; debug errors; prevent abuse (rate-limit, bot-check via Cloudflare Turnstile); and improve the product based on aggregated, anonymized usage patterns.

We do not sell your data. We do not use your data to train ML models for third parties. We do not share your account data with advertisers.

4. Third-party processors

Who else touches your data.

We use these processors to run the product. Each has its own privacy policy you should read separately.

  • · Supabase — auth + database + storage. Data residency: us-east-1.
  • · Vercel — hosting + page analytics + speed insights. Data residency: edge-distributed.
  • · Stripe — payment processing. Sees payment data only.
  • · Sentry — error tracking. Stack traces + page URL + user ID; we redact form values.
  • · Cloudflare Turnstile — bot-check on signup/signin/forgot-password.
  • · Upstash — rate-limit cache. Sees IP + user ID; 1-hour rolling window.
  • · Seven16 Group Support — the chat widget at the bottom of every page. Conversations stored on seven16groupsupport.com; not in the Seven16 Intel database.
  • · Better Stack — uptime monitoring. Sees public-page status; not your account data.

5. Your rights

Access, correct, delete, export.

Under GDPR (if you’re in the EU), CCPA/CPRA (if you’re in California), and similar laws elsewhere, you have the right to:

  • · Access the data we hold about you
  • · Correct inaccuracies
  • · Delete your account and associated personal data
  • · Export your data in a portable format
  • · Object to processing for certain purposes
  • · Withdraw consent for any opt-in processing

For deletion: visit /account/delete while signed in. For everything else, email hello@seven16group.com and we’ll respond within 30 days. We may need to verify your identity before processing the request.

6. Retention

What we keep, for how long, and why.

  • · Account data — until you delete your account. After deletion request, soft-deleted immediately; hard-deleted within 30 days.
  • · Audit log — retained indefinitely for security and dispute-resolution purposes (records of significant actions: sign-ins, exports, billing changes, deletion requests).
  • · Financial records — retained per US tax law (typically 7 years), even after account deletion. Required for IRS / state revenue agency compliance.
  • · Aggregated usage data — retained anonymized; cannot be re-identified to you.
  • · Web server / rate-limit logs — 30 days.
  • · Error logs (Sentry) — 90 days.

7. Contact

Reach us about your data.

For privacy-specific questions, requests, or complaints: hello@seven16group.com. We aim to respond within 5 business days; we will not exceed 30 days for substantive responses.