
Last updated: June 15, 2026
This Privacy Policy explains how Torch Collective (“Torch,” “we,” “us”) handles personal information when you use the Torch Signals Exchange (“Service”) at signals.torchcollective.com. The Service is private and available only to active members of Torch Collective.
We collect the information you give us and the information your browser sends when you use the Service:
Service Providers and Vendors. We share personal information with service providers that help us operate the Service, under contracts that restrict how they can use it, including without limitation:
Members. We also share information with other Torch Collective members you interact with through the Service (e.g., when you respond to a signal or accept an introduction).
AI Providers.We use third-party artificial intelligence services to power certain features of the Service, including matching members, identifying and signaling relevant referral opportunities, facilitating introductions, and summarizing or organizing content you provide. When we use these services, we share only the minimum content necessary to fulfill the request — for example, the relevant portions of a profile, signal, or message rather than your entire account. Our current AI providers are:
Joint Marketing and Co-Sponsored Programs. We may partner with other organizations, sponsors, service providers, or community partners to offer events, programs, educational resources, fundraising initiatives, promotions, or other jointly sponsored activities. In connection with these collaborations, we may collect personal information from or share personal information with our partners as necessary to administer the activity, communicate with participants, evaluate program effectiveness, and, where permitted by applicable law, provide information about related products, services, programs, or opportunities that may be of interest to you.
In Support of Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the personal information we have collected from you with or to the other company. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transactions such as a financing or restructuring, to lenders, auditors, and third-party advisors, including attorneys and consultants.
Compliance and Legal Obligations. To comply with our legal and compliance obligations and to respond to the legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.
Security and Protection of Rights. Where we believe doing so is necessary to protect us, our rights and property, or the rights, property, and safety of others. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.
We do not sell your personal information and we do not share it with advertisers.
Torch Signals Exchange offers “Sign in with Google” as an authentication method. This section explains exactly what Google user data we access, what we do with it, and who we share it with, as required by the Google API Services User Data Policy.
When you sign in with Google, we request the following standard OpenID Connect scopes, and nothing else:
openid — a unique, opaque Google account identifier that our authentication provider (Supabase Auth) uses internally to link the sign-in session to your Torch account. This identifier is never shown in the product.email — your Google account email address.profile — your basic profile information, of which we read and store only your display name (first + last).We do not request or access any other Google APIs, including Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, Google Docs, Google Sheets, or YouTube. We do not request offline access or refresh tokens. We do not read, write, send, or delete any content in your Google account.
Email and display name are stored in our application database (hosted on Supabase) alongside the rest of your Torch member profile. Data is encrypted in transit (TLS) and at rest. Access is limited to the minimum set of Torch operators and automated services that need it to run the product.
Google user data is only shared with the infrastructure sub-processors listed in the “Who we share information with” section above (Supabase, Vercel, Resend, Sentry, Upstash), strictly to operate the Service on our behalf under contracts that prohibit them from using it for any other purpose. In particular:
We retain Google-sourced email and display name for as long as your Torch member account is active. You can request deletion at any time by emailing hello@torchcollective.com. You can also revoke Torch Signals Exchange's access to your Google account at any time via your Google Account permissions page; doing so will prevent future sign-ins via Google but will not delete your existing Torch member record.
Torch Signals Exchange's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Personal information collected by Torch is retained for no longer than necessary to fulfill the purposes for which it was collected, unless a longer retention period is required (such as under applicable contracts with clients or business partners) or permitted by law (such as tax, accounting, or other legal requirements). You can request deletion of your account and associated personal data at any time by contacting hello@torchcollective.com.
We use industry-standard safeguards (encryption in transit and at rest, access controls, audit logging) to protect your information. No system is perfectly secure, and we can't guarantee absolute protection.
The Service is not directed to children under 18 and we do not knowingly collect information from them. If you believe we have, contact us and we will delete it.
If you are visiting our Services from the European Union or other region outside of the United States, or otherwise contacting us from outside of the United States, please be aware that your personal information will be transferred to, stored, or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries may differ and may not be as comprehensive as those in your country. We will protect your privacy in accordance with this Privacy Policy. By using our Services, you consent to the transfer of your personal information to our facilities in the United States and to those third parties with whom we share our facilities as described in this Privacy Policy.
For your convenience, we may provide links to other websites and web pages that we do not control. We are not responsible for the privacy practices of any websites or pages not under our control, and we do not endorse any of these websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages.
We may update this Privacy Policy from time to time. If we make material changes, we will notify active members by email or in-product notice before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision.
Torch Collective
Nashville, Tennessee
hello@torchcollective.com