Privacy Policy

1. Introduction

CNY Signal ("we," "us," or "our") is committed to protecting the privacy of visitors to cnysignal.com (the "Site") and users of our services, including SMS alerts, the Signal Pro subscriber dashboard, community chat, and all related features (collectively, the "Service"). This Privacy Policy describes what information we collect, how we use it, how we protect it, and the choices you have.

By using the Site or subscribing to any CNY Signal service, you agree to the practices described in this Policy. If you do not agree, please discontinue use immediately.

This Privacy Policy should be read in conjunction with our Terms of Service and, if you are a Signal Pro subscriber, the Signal Pro Subscriber Agreement.

2. Information We Collect

2.1 Information Collected Automatically

When you visit the Site, our servers and analytics tools automatically collect:

IP address (anonymized where required by law)
Browser type, operating system, and device type
Pages visited, time on page, links clicked, and referring URLs
Approximate geographic location (city/region level only, derived from IP address)
Session duration and interaction patterns

2.2 Information You Provide Voluntarily

We collect information you submit through our forms, including:

Phone number — required for SMS alert subscriptions and Signal Pro OTP authentication
Email address — for newsletter subscriptions and account communications
Street address / ZIP code / coordinates — for geo-targeted alert delivery (see Section 10 for detailed location data practices)
Display name — for your subscriber profile and chat identity (optional)
Contact form messages — tips, corrections, inquiries

2.3 Subscription and Billing Data

When you subscribe to Signal Pro, Paddle (our payment processor and Merchant of Record) collects your payment information. CNY Signal receives a transaction record from Paddle that includes your subscription ID, plan type, subscription status, and email address. CNY Signal does not receive, process, or store your full credit card number, debit card number, CVV, or bank account details. See Section 7 for complete payment data practices.

2.4 Cookies and Similar Technologies

We use cookies, localStorage, and sessionStorage to operate the Site. See Section 5 for details.

3. How We Use Information

Operate, maintain, and improve the Site and its features, including the Signal Pro dashboard
Authenticate subscribers via OTP (one-time passcode) verification
Deliver geo-targeted SMS and email alerts to subscribers based on their location preferences
Process and manage subscriptions and billing through Paddle
Respond to contact form inquiries, tips, and corrections
Analyze traffic patterns to improve content and user experience
Detect and prevent fraudulent, unauthorized, or illegal activity
Comply with applicable legal obligations
Serve contextually relevant advertising (see Section 12)

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

4. SMS Alert Service & TCPA Compliance

4.1 Consent

By providing your phone number and completing our two-step OTP verification process, you expressly consent to receive recurring automated SMS messages from CNY Signal regarding local incidents, weather, traffic, and community alerts. Consent is not a condition of any purchase.

4.2 Message Frequency & Rates

Message frequency varies based on local activity. On a typical day you may receive 2–15 messages; during active weather or emergency events, frequency may increase. Standard message and data rates apply. Your carrier may charge per-message fees.

4.3 Opt-Out

You may opt out at any time by replying STOP to any message from CNY Signal. You will receive a single confirmation message and no further texts. You may also text HELP for assistance or contact us at the address below.

4.4 Data Collected for SMS

We store your phone number, OTP verification status, consent timestamp, location preferences (address, coordinates, radius), alert preferences, and a log of messages sent for rate-limiting and compliance auditing. Phone numbers are shared only with our SMS delivery provider (Twilio) for the sole purpose of message delivery.

4.5 TCPA Compliance

CNY Signal complies with the Telephone Consumer Protection Act (47 U.S.C. § 227). We maintain timestamped records of consent, honor all opt-out requests immediately, and do not send messages to numbers on the National Do Not Call Registry without prior express consent.

5. Cookies & Tracking Technologies

Strictly Necessary: Session security, load balancing, CSRF protection, OTP authentication state.
Functional: Remembering your ZIP code, alert filter preferences, dashboard layout preferences, scanner audio volume, and newsletter dismissal state (localStorage/sessionStorage).
Analytics: Google Analytics (GA4) collects anonymized usage data. You may opt out via browser settings or the Google Analytics opt-out browser add-on.
Advertising: Third-party ad partners may set cookies. See Section 12 for opt-out information.

You may configure your browser to refuse cookies. Disabling cookies may affect Site functionality, including the ability to access your Signal Pro dashboard.

6. Third-Party Services

The Site and Service integrate with the following third-party providers, each governed by its own privacy policy:

Service	Purpose	Data Shared
Twilio	SMS delivery & OTP verification	Phone number, message content, verification codes
Paddle	Subscription billing & payment processing (Merchant of Record)	Email, payment method (processed directly by Paddle — CNY Signal never receives full card numbers)
Mailchimp	Email newsletters	Email address, ZIP code, preferences
Google Analytics	Website analytics	Anonymized usage data
Google Maps / Geocoding	Location display & address lookup	Coordinates, search queries
OpenAI	AI-assisted content generation	Public RSS feed data (no subscriber PII)
OpenAI Whisper	Radio scanner audio transcription	Audio segments from public radio (no subscriber PII)
WP Engine	WordPress hosting infrastructure	Server logs, IP addresses
Neon (PostgreSQL)	Database hosting	Subscriber records (encrypted in transit via TLS)
Facebook / Meta	Social auto-publishing	Incident summaries (public data only, no subscriber PII)
X (Twitter)	Social auto-publishing	Incident summaries (public data only, no subscriber PII)
Short.io	Link shortening	URLs only

We are not responsible for the privacy practices of these third parties. We encourage you to review their respective policies.

7. Payment & Subscription Data

Signal Pro subscription billing is handled entirely by Paddle (Paddle.com Market Limited), which serves as the Merchant of Record for all transactions.

7.1 What Paddle Collects

When you subscribe, Paddle collects your payment method (credit card, debit card, PayPal, or other supported methods), billing address, and email address directly through their checkout overlay. Paddle processes, stores, and secures this payment data in compliance with PCI-DSS standards.

7.2 What CNY Signal Receives from Paddle

CNY Signal receives the following data from Paddle via webhook notifications:

Paddle subscription ID and customer ID
Email address associated with the Paddle account
Subscription plan, status (active, canceled, past due), and billing dates
Transaction amounts and currency
Country of the subscriber (for tax purposes)

CNY Signal does NOT receive: Full credit card numbers, debit card numbers, CVV/CVC codes, bank account numbers, or other raw payment credentials. We cannot charge your payment method directly; all billing actions flow through Paddle.

7.3 Billing Data Retention

Subscription records (plan, status, transaction history) are retained for the duration of your subscription and for 7 years after cancellation to comply with tax record-keeping requirements. You may request that Paddle delete your payment data directly by contacting Paddle support.

8. AI-Assisted Content & Transcription Data

8.1 AI Content Generation

CNY Signal uses artificial intelligence (OpenAI GPT models) to assist with researching, drafting, and editing newsroom articles. All AI-generated content is reviewed and refined through our editorial pipeline before publication.

What AI processes: Publicly available RSS feeds, government data, weather data, and incident summaries. No subscriber personal information is sent to AI content generation services.

What AI does not do: AI does not make editorial decisions about which stories to publish, does not access subscriber data, and does not control alert delivery.

8.2 AI Radio Transcription (Whisper)

Signal Pro uses OpenAI Whisper, a speech-to-text AI model, to generate automated transcriptions of scanner audio. The following data practices apply to transcription:

Input data: Audio segments from publicly broadcast, unencrypted P25 radio channels are sent to the Whisper model for processing. These audio segments contain public safety dispatch communications, not subscriber data.
Output data: The model returns text transcriptions, which are then processed through our automated redaction pipeline to remove personally identifiable information (names, addresses, dates of birth, phone numbers) before display.
Subscriber PII isolation: Subscriber personal information (phone numbers, email addresses, locations) is never sent to Whisper or any AI transcription service. The transcription pipeline operates on audio data only, completely separate from subscriber data stores.
Retention: Raw transcription output is retained for up to 30 days for quality assurance and error correction, then automatically purged. Redacted, processed summaries displayed on the dashboard may be retained as part of the incident history archive.

8.3 AI Transparency

Articles produced with AI assistance may be identified by the byline "CNY Signal Newsroom." Transcriptions generated by Whisper are labeled as AI-generated content. We are committed to transparency about our use of AI tools.

9. Radio Scanner & Public Safety Data

CNY Signal sources incident data from unencrypted public safety radio communications and government data feeds (e.g., Onondaga County CAD, National Weather Service, 511NY). We do not intercept, monitor, or decode encrypted communications.

9.1 PII Redaction

All radio-sourced data is processed through automated redaction pipelines to remove personally identifiable information (names, addresses, dates of birth, phone numbers, Social Security numbers) before publication. Sensitive categories (juvenile records, mental health crisis calls, sexual assault reports per NY Civil Rights Law § 50-b, domestic violence victim information, and sealed records) are suppressed entirely.

9.2 Location Generalization

Location data derived from radio communications is generalized to the municipality, neighborhood, or block level. Exact residential addresses of victims, patients, or callers are not intentionally published.

9.3 Scanner Audio Retention

Live scanner audio streams are not permanently stored by CNY Signal. Audio is streamed in real time and buffered temporarily (up to 60 minutes) for the live playback feature. Audio segments processed by the AI transcription pipeline are retained for up to 30 days for quality assurance, then permanently deleted. CNY Signal does not maintain a permanent archive of raw scanner audio recordings.

9.4 Content Removal

If you believe any content derived from scanner data contains information that should be removed, including residual personally identifiable information that was not caught by automated redaction, please contact us immediately at [email protected]. We will review and respond to all such requests promptly.

10. Location Data

CNY Signal collects and uses location data from subscribers for the specific purposes described below. We take your location privacy seriously and apply the principle of data minimization.

10.1 What Location Data We Collect

Street address and/or ZIP code: Provided by you during signup or in your account settings for geo-targeted alert delivery.
Geographic coordinates (latitude/longitude): Derived from the address you provide via geocoding services (Google Maps), or provided directly by you.
Alert radius: Your preferred alert range (e.g., 5 miles, 10 miles) for proximity-based notifications.
IP-based location: Approximate city/region-level location derived from your IP address, used for analytics only.

10.2 How Location Data Is Used

Proximity-based alerts: Your address and coordinates are used solely to determine which incidents fall within your alert zone, so we can send you relevant SMS notifications and display relevant content on your dashboard.
Map features: Incident map displays use general location data to show approximate incident locations. Your personal location is not displayed to other users.

10.3 How Location Data Is NOT Used

We do NOT sell, rent, or share your location data with third parties for marketing, advertising, or profiling purposes
We do NOT track your real-time device location or movement patterns
We do NOT use browser geolocation APIs without your explicit permission
We do NOT provide your personal location data to any law enforcement agency, government entity, or data broker

10.4 Location Data Retention

Your location data is retained while your subscription is active and for 90 days after account deactivation or opt-out, after which it is permanently deleted. IP-based location data collected via analytics is retained for up to 26 months in anonymized form.

10.5 Location Data Controls

You may update or remove your location data at any time through your Signal Pro dashboard settings or by contacting [email protected]. Removing location data may affect the relevance of alerts you receive.

11. Data Retention

We retain data only as long as necessary for the purposes described in this Policy or as required by law:

Analytics data: Retained for up to 26 months, then automatically purged.
Email subscribers: Retained until you unsubscribe. Records removed from Mailchimp upon opt-out.
SMS subscribers: Active records retained while subscribed. After opt-out, records are deactivated and personally identifiable fields are purged within 90 days. TCPA compliance logs (consent timestamps, opt-out records) are retained for 5 years as required by law.
SMS send logs: Retained for 2 years for compliance auditing, then archived.
Signal Pro subscription records: Retained for the duration of subscription plus 7 years for tax compliance.
Contact form submissions: Retained for up to 24 months.
Chat messages: Retained for up to 12 months, then automatically purged (see Section 16).
Raw AI transcription output: Retained for up to 30 days, then automatically purged.
Scanner audio buffers: Temporary, up to 60 minutes. Not permanently stored.
Location data: Retained while subscribed plus 90 days after deactivation.

You may request deletion of your personal information at any time by contacting us (see Section 20). Deletion requests are processed within 30 days, subject to legal retention obligations.

12. Advertising

CNY Signal may display advertising served by third-party advertising networks. These networks may use cookies to serve ads relevant to your interests. CNY Signal does not control the data practices of advertising partners and does not share subscriber personal information with advertisers.

To opt out of interest-based advertising, visit optout.aboutads.info or optout.networkadvertising.org.

13. Children's Privacy

The Site and Service are not directed to children under 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501-6506.

Signal Pro subscriptions require the subscriber to be at least 18 years of age. SMS alert subscriptions require the subscriber to be at least 18 years of age.

If we become aware that we have inadvertently collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please contact us immediately at [email protected].

14. Security & NY SHIELD Act Compliance

14.1 Security Measures

We implement industry-standard technical and organizational measures to protect your personal information, including:

HTTPS/TLS encryption for all data transmitted between your browser and our servers
Encrypted database connections (TLS) between application servers and database
Role-based access controls limiting personnel access to subscriber data
Firewall protection and intrusion detection on server infrastructure
Regular security reviews and vulnerability assessments
Fail2ban and rate limiting to prevent brute-force access attempts
OTP-based authentication (no static passwords stored for subscribers)

However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

14.2 NY SHIELD Act Compliance

CNY Signal maintains reasonable administrative, technical, and physical safeguards to protect the private information of New York residents in compliance with the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), NY General Business Law § 899-aa and § 899-bb.

Administrative safeguards: Designated individuals responsible for security program coordination; risk assessment of data handling practices; employee and contractor training on data security.

Technical safeguards: Assessment of risks in network and software design; detection, prevention, and response to system failures and attacks; regular testing and monitoring of security controls.

Physical safeguards: Infrastructure hosted in professionally managed data centers (WP Engine, Neon) with physical access controls. On-premises equipment (SDR hardware) secured with restricted physical access.

14.3 Breach Notification

In the event of a security breach involving private information of New York residents, CNY Signal will:

Notify affected individuals in the most expedient time possible and without unreasonable delay
Provide notification via the method most likely to reach the affected individual (email, SMS, postal mail, or website posting as appropriate)
Notify the New York Attorney General, Department of State, and Division of State Police if the breach affects more than 500 residents
Include in the notification: a description of the incident, the types of information involved, and contact information for the individual to learn more

15. Web Push Notifications

CNY Signal may offer browser-based push notifications for real-time incident alerts. If you opt in through your browser's permission prompt:

We store a push subscription token (endpoint URL and encryption keys) associated with your device
Push notifications are sent via the Web Push protocol through your browser vendor's push service (e.g., Google FCM, Apple APNs, Mozilla autopush)
We do not collect additional personal information through push notifications
You may revoke push notification permission at any time through your browser settings
Push subscription tokens are deleted from our systems when you unsubscribe or revoke permission

16. Chat & Community Data

If you use CNY Signal's community chat or tip submission features (available to Signal Pro subscribers):

Messages: Chat messages and submissions are stored on our servers and associated with your subscriber profile
Retention: Chat messages are retained for up to 12 months, then automatically purged. Messages removed by moderators are deleted within 30 days
Visibility: Chat messages posted in public channels are visible to other subscribers. Do not share personal information in chat
Moderation: CNY Signal may review chat content for compliance with our Terms of Service. Automated and manual moderation tools may be used
No PII in chat: You must not post personally identifiable information about any individual (including yourself or others) in community chat. This includes names, addresses, and phone numbers derived from scanner data.

You may request deletion of your chat history by contacting us (see Section 20).

17. Your Rights

Depending on applicable law (including the New York SHIELD Act), you may have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Opt-out: Opt out of certain data uses, including SMS, email, push notifications, and analytics tracking
Portability: Receive a copy of your data in a portable, machine-readable format
Location data removal: Remove your location data while retaining your subscription (alerts will no longer be geo-targeted)

To exercise these rights, contact us via our contact page or email [email protected]. We will verify your identity and respond within 30 days.

18. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it
Right to Delete: You may request deletion of personal information we have collected from you, subject to certain legal exceptions (e.g., TCPA compliance records, tax records)
Right to Opt-Out of Sale or Sharing: CNY Signal does not sell or share personal information as those terms are defined under the CCPA/CPRA. We do not sell, rent, or trade your personal data to third parties for monetary or other valuable consideration, nor do we share it for cross-context behavioral advertising
Authorized Agent: You may designate an authorized agent to submit a request on your behalf. The agent must provide signed written authorization and we may require you to verify your identity directly with us before processing the request
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, service quality, or access levels as a result of making a privacy request

To exercise your CCPA rights, contact us at [email protected] or through our contact page. We will verify your identity before processing any request and respond within 45 days as required by law.

In the preceding 12 months, we have collected the following categories of personal information: identifiers (phone number, email, IP address), geolocation data (street address, ZIP code, coordinates), internet activity (browsing data, usage patterns, dashboard interactions), and commercial information (subscription plan, billing status). These are disclosed to the service providers listed in Section 6 solely for the purposes described in Section 3.

19. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be indicated by an updated effective date and, for active subscribers, we will make reasonable efforts to provide notice via email or prominent website posting. Your continued use of the Site or Service following any change constitutes acceptance of the revised Policy.

20. Contact

If you have questions about this Privacy Policy or our data practices:

Online: Contact page
Email: [email protected]
SMS: Text HELP to (315) 743-5288
Billing: [email protected]
Content Removal: [email protected]