Torch Collective

Privacy Policy

Last updated: June 15, 2026

This Privacy Policy explains how Torch Collective (“Torch,” “we,” “us”) handles personal information when you use the Torch Signals Exchange (“Service”) at signals.torchcollective.com. The Service is private and available only to active members of Torch Collective.

Information we collect

We collect the information you give us and the information your browser sends when you use the Service:

  • Account information. Your name and email address, provided when you sign in with Google or a magic link.
  • Profile information. Company, title, bio, LinkedIn URL, industries of interest, check-size preferences, investment thesis, and other details you add to your Torch profile.
  • Activity data. Signals you submit, signals you respond to, forwards you send, intros you accept, and similar in-product actions. We use this to match you with relevant signals.
  • Device and log data. IP address, browser type, operating system, referrer, and timestamps of requests. Collected automatically for security, rate limiting, and debugging.
  • Cookies. Authentication cookies to keep you signed in. We do not use third-party advertising cookies.

How we use it

  • Operate and improve the Service
  • Match you with relevant signals, people, and opportunities
  • Send transactional notifications (email)
  • Transaction management
  • Verify your active Torch Collective membership and billing status
  • Respond to support requests
  • Marketing future events and opportunities
  • Business and internal operations support
  • Protect the Service from abuse and fraud
  • Comply with legal obligations

Who we share information with

Service Providers and Vendors. We share personal information with service providers that help us operate the Service, under contracts that restrict how they can use it, including without limitation:

  • Supabase— database, authentication, and file storage
  • Vercel— application hosting
  • Google— OAuth sign-in
  • Resend— transactional email delivery
  • Stripe— membership billing (where applicable)
  • Circle— Torch Collective community membership verification
  • Sentry— error monitoring
  • Upstash— rate limiting

Members. We also share information with other Torch Collective members you interact with through the Service (e.g., when you respond to a signal or accept an introduction).

AI Providers.We use third-party artificial intelligence services to power certain features of the Service, including matching members, identifying and signaling relevant referral opportunities, facilitating introductions, and summarizing or organizing content you provide. When we use these services, we share only the minimum content necessary to fulfill the request — for example, the relevant portions of a profile, signal, or message rather than your entire account. Our current AI providers are:

  • Anthropic— AI-assisted matching, signal and referral suggestions, and summarization
  • OpenAI— AI-assisted matching, signal and referral suggestions, and summarization

Joint Marketing and Co-Sponsored Programs. We may partner with other organizations, sponsors, service providers, or community partners to offer events, programs, educational resources, fundraising initiatives, promotions, or other jointly sponsored activities. In connection with these collaborations, we may collect personal information from or share personal information with our partners as necessary to administer the activity, communicate with participants, evaluate program effectiveness, and, where permitted by applicable law, provide information about related products, services, programs, or opportunities that may be of interest to you.

In Support of Business Transfers. If we or our affiliates are or may be acquired by, merged with, or invested in by another company, or if any of our assets are or may be transferred to another company, whether as part of a bankruptcy or insolvency proceeding or otherwise, we may disclose or transfer the personal information we have collected from you with or to the other company. We may also disclose certain personal information as necessary prior to the completion of such a transaction or other corporate transactions such as a financing or restructuring, to lenders, auditors, and third-party advisors, including attorneys and consultants.

Compliance and Legal Obligations. To comply with our legal and compliance obligations and to respond to the legal process. For example, we may disclose information in response to subpoenas, court orders, and other lawful requests by regulators and law enforcement, including responding to national security or law enforcement disclosure requirements.

Security and Protection of Rights. Where we believe doing so is necessary to protect us, our rights and property, or the rights, property, and safety of others. We may also disclose personal information related to litigation and other legal claims or proceedings in which we are involved, as well as for our internal accounting, auditing, compliance, recordkeeping, and legal functions.

We do not sell your personal information and we do not share it with advertisers.

Google user data

Torch Signals Exchange offers “Sign in with Google” as an authentication method. This section explains exactly what Google user data we access, what we do with it, and who we share it with, as required by the Google API Services User Data Policy.

What we access

When you sign in with Google, we request the following standard OpenID Connect scopes, and nothing else:

  • openid — a unique, opaque Google account identifier that our authentication provider (Supabase Auth) uses internally to link the sign-in session to your Torch account. This identifier is never shown in the product.
  • email — your Google account email address.
  • profile — your basic profile information, of which we read and store only your display name (first + last).

We do not request or access any other Google APIs, including Gmail, Google Drive, Google Calendar, Google Contacts, Google Photos, Google Docs, Google Sheets, or YouTube. We do not request offline access or refresh tokens. We do not read, write, send, or delete any content in your Google account.

How we use it

  • Email address— used as the primary identifier to match you to your Torch Collective member record, verify that your membership is active, and route transactional email notifications (new matches, introductions, and similar).
  • Display name— read once on your first sign-in and stored in your Torch member profile so other members can see who submitted a signal or responded to an introduction. You can edit it at any time from your profile settings.
  • Google account identifier— held by Supabase Auth only, used to recognize returning sessions. Never displayed, never exported, never shared.

How we store and protect it

Email and display name are stored in our application database (hosted on Supabase) alongside the rest of your Torch member profile. Data is encrypted in transit (TLS) and at rest. Access is limited to the minimum set of Torch operators and automated services that need it to run the product.

How we share it

Google user data is only shared with the infrastructure sub-processors listed in the “Who we share information with” section above (Supabase, Vercel, Resend, Sentry, Upstash), strictly to operate the Service on our behalf under contracts that prohibit them from using it for any other purpose. In particular:

  • We do not transfer Google user data to third parties for advertising, analytics profiling, or marketing.
  • We do not sell Google user data.
  • We do not use Google user data to train AI, machine learning, or large language models.
  • We do not allow humans to read your Google user data except (a) with your explicit consent, (b) to comply with applicable law or valid legal process, (c) to investigate a specific security incident, or (d) as necessary to perform support operations you have requested.

How long we keep it

We retain Google-sourced email and display name for as long as your Torch member account is active. You can request deletion at any time by emailing hello@torchcollective.com. You can also revoke Torch Signals Exchange's access to your Google account at any time via your Google Account permissions page; doing so will prevent future sign-ins via Google but will not delete your existing Torch member record.

Limited Use disclosure

Torch Signals Exchange's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data retention

Personal information collected by Torch is retained for no longer than necessary to fulfill the purposes for which it was collected, unless a longer retention period is required (such as under applicable contracts with clients or business partners) or permitted by law (such as tax, accounting, or other legal requirements). You can request deletion of your account and associated personal data at any time by contacting hello@torchcollective.com.

Security

We use industry-standard safeguards (encryption in transit and at rest, access controls, audit logging) to protect your information. No system is perfectly secure, and we can't guarantee absolute protection.

Children

The Service is not directed to children under 18 and we do not knowingly collect information from them. If you believe we have, contact us and we will delete it.

Visiting our website from outside of the United States

If you are visiting our Services from the European Union or other region outside of the United States, or otherwise contacting us from outside of the United States, please be aware that your personal information will be transferred to, stored, or processed in the United States, where our servers are located and our central database is operated. The data protection and other laws of the United States and other countries may differ and may not be as comprehensive as those in your country. We will protect your privacy in accordance with this Privacy Policy. By using our Services, you consent to the transfer of your personal information to our facilities in the United States and to those third parties with whom we share our facilities as described in this Privacy Policy.

Links to other websites

For your convenience, we may provide links to other websites and web pages that we do not control. We are not responsible for the privacy practices of any websites or pages not under our control, and we do not endorse any of these websites or pages, the services or products described or offered on such sites or pages, or any of the content contained on those sites or pages.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify active members by email or in-product notice before the change takes effect. The “Last updated” date at the top of this page reflects the most recent revision.

Contact

Torch Collective
Nashville, Tennessee
hello@torchcollective.com