Torch Collective

Privacy Policy

Last updated: April 15, 2026

This Privacy Policy explains how Torch Collective (“Torch,” “we,” “us”) handles personal information when you use the Torch Signals Exchange (“Service”) at signals.torchcollective.com. The Service is private and available only to active members of Torch Collective.

Information we collect

We collect the information you give us and the information your browser sends when you use the Service:

  • Account information. Your name and email address, provided when you sign in with Google or a magic link.
  • Profile information. Company, title, bio, LinkedIn URL, industries of interest, check-size preferences, investment thesis, and other details you add to your Torch profile.
  • Activity data. Signals you submit, signals you respond to, forwards you send, intros you accept, and similar in-product actions. We use this to match you with relevant signals.
  • Device and log data. IP address, browser type, operating system, referrer, and timestamps of requests. Collected automatically for security, rate limiting, and debugging.
  • Cookies. Authentication cookies to keep you signed in. We do not use third-party advertising cookies.

How we use it

  • Operate and improve the Service
  • Match you with relevant signals, people, and opportunities
  • Send transactional notifications (email)
  • Verify your active Torch Collective membership and billing status
  • Respond to support requests
  • Protect the Service from abuse and fraud
  • Comply with legal obligations

Who we share information with

We share personal information with service providers that help us operate the Service, under contracts that restrict how they can use it:

  • Supabase — database, authentication, and file storage
  • Vercel — application hosting
  • Google — OAuth sign-in
  • Resend — transactional email delivery
  • Stripe — membership billing (where applicable)
  • Circle — Torch Collective community membership verification
  • Anthropic, OpenAI — AI-assisted matching and summarization (only the minimum content needed for the request)
  • Sentry — error monitoring
  • Upstash — rate limiting

We also share information with other Torch Collective members you interact with through the Service (e.g., when you respond to a signal or accept an introduction). We do not sell your personal information and we do not share it with advertisers.

Google user data

Torch Signals Exchange offers “Sign in with Google” as an authentication method. This section explains exactly what Google user data we access, what we do with it, and who we share it with, as required by the Google API Services User Data Policy.

What we access

When you sign in with Google, we request the following standard OpenID Connect scopes, and nothing else:

  • openid — a unique, opaque Google account identifier that our authentication provider (Supabase Auth) uses internally to link the sign-in session to your Torch account. This identifier is never shown in the product.
  • email — your Google account email address.
  • profile — your basic profile information, of which we read and store only your display name (first + last).

We do not request or access any other Google APIs, including Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, Google Docs, Google Sheets, or YouTube. We do not request offline access or refresh tokens. We do not read, write, send, or delete any content in your Google account.

How we use it

  • Email address — used as the primary identifier to match you to your Torch Collective member record, verify that your membership is active, and route transactional email notifications (new matches, introductions, and similar).
  • Display name — read once on your first sign-in and stored in your Torch member profile so other members can see who submitted a signal or responded to an introduction. You can edit it at any time from your profile settings.
  • Google account identifier — held by Supabase Auth only, used to recognize returning sessions. Never displayed, never exported, never shared.

How we store and protect it

Email and display name are stored in our application database (hosted on Supabase) alongside the rest of your Torch member profile. Data is encrypted in transit (TLS) and at rest. Access is limited to the minimum set of Torch operators and automated services that need it to run the product.

How we share it

Google user data is only shared with the infrastructure sub-processors listed in the “Who we share information with” section above (Supabase, Vercel, Resend, Sentry, Upstash), strictly to operate the Service on our behalf under contracts that prohibit them from using it for any other purpose. In particular:

  • We do not transfer Google user data to third parties for advertising, analytics profiling, or marketing.
  • We do not sell Google user data.
  • We do not use Google user data to train AI, machine learning, or large language models.
  • We do not allow humans to read your Google user data except (a) with your explicit consent, (b) to comply with applicable law or valid legal process, (c) to investigate a specific security incident, or (d) as necessary to perform support operations you have requested.

How long we keep it

We retain Google-sourced email and display name for as long as your Torch member account is active. You can request deletion at any time by emailing hello@torchcollective.com. You can also revoke Torch Signals Exchange's access to your Google account at any time via your Google Account permissions page; doing so will prevent future sign-ins via Google but will not delete your existing Torch member record.

Limited Use disclosure

Torch Signals Exchange's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data retention

We keep your information for as long as your account is active and for a reasonable period afterwards to support disputes, legal obligations, and network-quality analysis. You can request deletion of your account and associated personal data at any time by contacting hello@torchcollective.com.

Your rights

Depending on where you live, you may have rights under applicable privacy laws to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Delete your information
  • Export your information in a portable format
  • Object to or restrict certain processing (including direct marketing — though we don't currently do any)

To exercise any of these rights, email us at hello@torchcollective.com.

Security

We use industry-standard safeguards (encryption in transit and at rest, access controls, audit logging) to protect your information. No system is perfectly secure, and we can't guarantee absolute protection. If we become aware of a breach that affects you, we will notify you as required by law.

Children

The Service is not directed to children under 18 and we do not knowingly collect information from them. If you believe we have, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify active members by email or in-product notice before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Torch Collective
Nashville, Tennessee
hello@torchcollective.com