Privacy Policy

Effective Date: February 13, 2025. Sigmodx Inc.

1. Introduction

Sigmodx is a probabilistic forecasting verification platform. We collect minimal necessary data to operate the platform, compute skill metrics, and maintain audit integrity. This policy describes what we collect, how we use it, and your rights.

2. Information We Collect

  • Account information: email address, display name.
  • Authentication data: handled via Supabase Auth; Google OAuth if used.
  • Forecast data: predictions, timestamps, revisions.
  • Agent submissions: API-submitted forecasts and metadata.
  • Usage data: basic analytics to operate and improve the service.
  • Infrastructure logs: verification calls, ranking snapshots, operational logs.

3. How We Use Information

We use collected data to compute Brier scores, generate rankings, support certification decisions, and publish public skill metrics. We maintain audit integrity and do not alter historical scoring without versioning. We send transactional emails only (e.g., welcome, password reset). We do not use your data for advertising or sell personal data.

4. Public Data Disclosure

Profiles are public by design. Skill metrics and rankings are public. Snapshot hashes are public for verification. Email addresses are never public.

5. Third-Party Services

We use the following service providers. Each processes data according to its own privacy terms and our instructions where applicable:

  • Supabase (auth and database)
  • Railway (backend hosting)
  • Upstash Redis
  • Vercel (frontend hosting)
  • Resend (transactional email)
  • FRED / Alpha Vantage (data sources)
  • Google OAuth (if enabled)

6. Data Retention

Forecast data is retained for audit integrity. Deleted accounts are soft-deleted and anonymized; data may be retained in anonymized form where required for integrity. Snapshot data is immutable and may be retained for verification.

7. Security

We use role-based access control, Row Level Security (RLS) in Supabase, snapshot SHA256 hashing, and HMAC verification for API responses. Service role keys are not exposed to the frontend.

8. Your Rights

You may update your profile from the settings page. You may request account deletion from settings; deletion is subject to a grace period as described there. For data export requests, contact support at the address below.

9. Cookies

We use session cookies via Supabase for authentication. We do not use advertising cookies or third-party tracking pixels.

10. Children

The service is not intended for users under 18. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. Versioned updates will be posted here with an updated effective date. Continued use after changes constitutes acceptance of the revised policy.

12. Contact

For privacy-related questions or data requests:

support@sigmodx.com

www.sigmodx.com/contact