Privacy Policy

PR Signal — a product of Neon Comms & PR
Effective Date: June 29, 2026 | Last Updated: June 29, 2026

1. Introduction

Neon Comms & PR ("Neon," "we," "us," or "our") operates PR Signal, a software platform available at prsignal.neoncommspr.com (the "Service"). This Privacy Policy explains what information we collect when you use the Service, how we use and share it, how we secure it, and the choices and rights available to you.

PR Signal is currently offered as an invite-based beta product to a limited group of users. This Policy applies to all users of the Service, including beta testers.

By creating an account or otherwise using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service.

2. Who We Are

PR Signal is built and operated by Neon Comms & PR, a public relations and communications consultancy headquartered in Maryland. The data controller for information collected through the Service is:

Neon Comms & PR

9904 Henry Hearn Way

Laurel, MD 20723

Contact: privacy@neoncommspr.com

3. Information We Collect

3.1 Information You Provide Directly

  • Account information: your name and email address, used to create your account and authenticate you via magic-link (passwordless) sign-in.

  • Company context: information you enter about your company and industry sector (e.g., flexible workforce, logistics, healthcare tech, fintech, B2B SaaS, e-commerce), used to match your account to relevant industry benchmarks.

  • Uploaded files: CSV files you choose to upload containing your own operational or transactional data, for the purpose of generating signals and benchmark comparisons.

  • Communications: any information you send us directly, such as beta feedback, support requests, or survey responses.


3.2 Information from Connected Third-Party Accounts

The Service allows you to optionally connect certain third-party accounts so PR Signal can analyze your own operational data. You control which accounts, if any, you connect, and you can disconnect them at any time. Currently available connections are:

  • Google Analytics: If you connect your Google Analytics account, we access traffic and engagement data via your own per-user Google authorization (OAuth), using a read-only scope (analytics.readonly). By default, we use this data to compare your site's traffic and engagement patterns against industry benchmarks, and as input to the signal-detection, newsworthiness-scoring, and pitch/report drafting features described in Section 5 — meaning derived Google Analytics metrics (such as page views, sessions, engagement duration, conversions, and active users, by date) may be included in requests we send to our AI processing provider as part of generating those features. You can turn this off at any time: a control in the Sources tab on your Google Analytics connection lets you exclude your Google Analytics data from being sent to our AI processing provider, while still collecting and showing that data in your own dashboard. We do not access or store your Google Account password, we do not modify your Google Analytics property, and we never send your OAuth credentials, raw Google API responses, or your Google Analytics property ID to any AI processing provider.

  • Stripe: If you connect your Stripe account, we contact Stripe's API on-demand when you load the Service to retrieve basic account information (such as your account ID, country, and default currency) and charge-level data (transaction amounts, payment status, and timing) used to display revenue and transaction summaries to you within the Service. This data is used for your own in-product display only — it is not stored in our database and does not reach our AI processing provider.

PR Signal does not store Stripe revenue, transaction amounts, or any other currency-denominated values. Stripe financial data is computed in your active browser session, returned to your device for on-screen display, and discarded when the session ends. The signal-detection and benchmarking pipelines have no access to Stripe financial values, and no prompt sent to our AI processing provider includes any Stripe financial figure.

We plan to offer additional optional connections in the future (including HubSpot, Mixpanel, Salesforce, Amplitude, QuickBooks, and Rippling). We will update this Policy, and prompt you for any additional consent required, before any new connector is made available or used in a new way.

3.3 Information Collected Automatically

  • Usage data: pages and features you interact with, timestamps, and general usage patterns within the Service, used to operate, secure, and improve the Service.

  • Device and log data: IP address, browser type, and similar technical information generated through ordinary use of a web application.

3.4 Information We Do Not Collect, and How AI Processing Relates to Google Data

We do not collect or generate signals from your company's revenue, profit, or other financial-performance figures.

We do not sell Google user data, and we do not use Google user data to develop, improve, or train generalized AI or machine learning models. As described in Section 3.2, derived Google Analytics metrics may be included in requests sent to Anthropic's Claude API as part of generating signals, benchmark comparisons, scores, and draft pitch content for your own use — this use is consistent with the Google API Services User Data Policy because it directly implements a feature you requested, and your Google data is not sold or used to train models in the process. Under Anthropic's standard commercial API terms, Anthropic does not train its models on data submitted via the API, and automatically deletes that data from its backend within 30 days of receipt (subject to narrow exceptions for legal compliance or detected misuse, as described in Section 5).


4. How We Use Your Information

We use the information described above to:

  • Provide the Service, including generating industry benchmark comparisons and signal detection specific to your account.

  • Authenticate you and maintain the security of your account.

  • Compare your operational data against third-party industry benchmark data (such as data from the Bureau of Labor Statistics, Federal Reserve, Gartner, FreightWaves, and similar sources) to identify potentially newsworthy patterns.

  • Generate draft pitch language and reports for your own use in PR outreach.

  • Communicate with you about your account, beta participation, and material changes to the Service.

  • Monitor, maintain, secure, and improve the Service, including diagnosing technical issues.

  • Comply with legal obligations.

We do not use your operational data to build aggregated cross-customer benchmarks or peer comparisons at this time. Should we introduce an aggregated, anonymized peer-benchmarking feature in the future (planned only once a sufficient number of users in a given sector participate), we will update this Policy first, prompt you for any consent required, and the feature will rely on anonymized, aggregated data only — it will not disclose any individual company's underlying data to other users.

No fully automated decision producing a legal or similarly significant effect about you is made using these systems. The newsworthiness scoring and pitch-drafting features described in Section 5 are drafting and prioritization aids for your own review and judgment; you decide what, if anything, to publish or send to a journalist.


5. Use of AI Tools

PR Signal uses Anthropic's Claude API to help score the newsworthiness of signals and to help draft pitch language and reports. Relevant data — such as your operational data patterns (including, where applicable, derived Google Analytics metrics as described in Section 3.2), your selected industry sector, and matched benchmark context — is sent to Anthropic's API for this processing.

We also use Perplexity to retrieve current, publicly available editorial and news context about your industry sector. Perplexity queries are limited to static, sector-level research questions and do not include your operational data, your Google Analytics data, or any other information specific to your account.

Under Anthropic's standard commercial API terms, Anthropic does not train its models on the data we submit through the API, and that data is automatically deleted from Anthropic's backend within 30 days of receipt or generation. Exceptions to this 30-day window are narrow and apply only where a longer retention period is required to enforce Anthropic's usage policies or where retention is required by law. We have not entered into a Zero Data Retention agreement with Anthropic, which is a separate, optional arrangement; the terms described here are Anthropic's standard commercial API terms and do not require any special agreement.

Perplexity maintains a zero data retention policy for the API we use (Sonar): Perplexity does not retain the content of our queries or its responses, and does not use that data to train its models. The only data Perplexity retains in connection with our use of its API is billing-related metadata (such as token counts, the model used, and request timestamps), which does not include query or response content.

6. How We Share Information

We do not sell your personal information. We share information only as follows:

  • Service providers: with vendors who process data on our behalf to operate the Service, currently Supabase (database hosting and authentication), Anthropic (AI processing, described above), Firecrawl (industry benchmark data extraction from public third-party research sites — this does not involve your personal data), and Perplexity (editorial trend research). Each is bound by contractual obligations to protect your data and use it only to provide services to us.

  • Third-party connectors you authorize: Google Analytics and Stripe, solely to retrieve your own data as you have authorized, as described in Section 3.2.

  • Legal and safety reasons: if required by law, legal process, or to protect the rights, property, or safety of Neon, our users, or others.

  • Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to standard confidentiality protections.

7. Data Storage and Security

Your account and operational data are stored in our Supabase database, hosted in the United States. We use industry-standard administrative, technical, and organizational safeguards designed to protect your information, including encrypted connections (HTTPS/TLS) and passwordless (magic-link) authentication. No method of storage or transmission is completely secure, and we cannot guarantee absolute security.

When you connect Google Analytics, we store the OAuth access token and refresh token issued by Google in our application database (Supabase Postgres). These credentials are protected by encryption at rest at the storage layer and transmitted only over encrypted (TLS) connections. A row-level access policy restricts a signed-in user to reading or writing only their own stored connection; our backend systems (for example, the server-side process that completes the initial Google connection and the scheduled process that refreshes your data) use elevated access to operate this feature on your behalf, consistent with the purposes described in this Policy. Tokens are not stored in a separate, dedicated secrets vault, and are never written to application logs or error messages. Disconnecting Google Analytics revokes the token with Google and deletes the stored credentials from our database.

8. Data Retention

We retain your account and operational data for as long as your account remains active. If you delete your account or request deletion, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal, accounting, or security purposes. If your data contributed to any aggregated or anonymized feature prior to deletion (see Section 4), the anonymized, aggregated output is not reversed, but no further individually identifiable data about you will be retained beyond the window stated above.

9. Your Rights and Choices

  • Access and correction: you can review and update your account information within the Service, or by contacting us.

  • Disconnecting third-party accounts: you may disconnect Google Analytics, Stripe, or any other connected account at any time from within the Service.

  • Excluding Google Analytics data from AI processing: without disconnecting your Google Analytics account, you may turn off a control in the Sources tab to exclude your Google Analytics data from being sent to our AI processing provider for signal scoring, reports, and pitch drafts, while still collecting and viewing that data in your own dashboard. This applies going forward only and does not remove signals, reports, or pitches already generated.

  • Google Account permissions: you may also revoke PR Signal's access to your Google Account at any time via your Google Account security settings at https://myaccount.google.com/permissions.

  • Deletion: you may request deletion of your account and associated data by contacting us at the email in Section 2.

  • Marketing communications: you may opt out of non-essential email communications at any time using the unsubscribe link or by contacting us.

Depending on where you live, you may have additional rights under applicable state privacy laws, including the right to know what personal information we hold about you, request its deletion, or opt out of certain uses. PR Signal's beta is currently limited to users located in the United States. These state-specific disclosures will be expanded as the Service scales and as applicability thresholds under laws such as the California Consumer Privacy Act and the Maryland Online Data Privacy Act are assessed against actual user volume.

10. Children's Privacy

PR Signal is a business tool intended for use by adults in a professional capacity. It is not directed to, and we do not knowingly collect information from, individuals under the age of 18 (or the applicable age of majority).

11. International Users

PR Signal is operated from the United States and data is stored in the United States. The Service is currently offered only to beta users located in the United States. If this changes and the Service becomes available to users outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your country of residence, and we will update this Policy to address any additional rights that apply.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes — including any change to how we use data obtained through your connected Google Account — we will notify active users by email and/or by posting a notice within the Service, and will request renewed consent where required, prior to the change taking effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

Neon Comms & PR

privacy@neoncommspr.com