How we source intelligence, handle data, and maintain enterprise-grade standards across every engagement. Last updated: May 2026.
Kairos Intelligence is committed to the responsible handling of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation. GDPR obligations extend to the processing of personal data relating to individuals in the European Economic Area.
We process personal data under the following lawful bases: legitimate interests, where processing is necessary for our intelligence services and does not override the fundamental rights of data subjects; contract performance, where processing is required to deliver intelligence reports to clients; and legal obligation, where applicable law requires processing.
You have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, object to processing based on legitimate interests, request restriction of processing, and request data portability where technically feasible. To exercise any of these rights, contact: hello@kairosintel.co. We respond to verified requests within 30 days.
Personal data is retained only for as long as necessary to deliver contracted services. Client engagement data is deleted within 90 days of contract termination unless a longer retention period is required by applicable law.
Kairos Intelligence constructs buyer signal profiles exclusively from publicly available and legitimately sourced data. We do not purchase private personal data, access protected systems, or collect data through non-public channels.
We do not collect private or confidential communications, data obtained through unauthorised access to protected systems, personally purchased data used to profile private individuals, or any information obtained through misrepresentation. All signal data is processed to identify organisational buying activity — not to surveil private individuals. Decision-maker information in reports is sourced exclusively from publicly stated roles and responsibilities.
A Data Processing Agreement (DPA) is available to enterprise clients upon request. The DPA documents the categories of personal data processed on behalf of the client, the purposes and duration of processing, sub-processors engaged in service delivery, data subject rights procedures, security measures and incident notification obligations, and cross-border data transfer mechanisms where applicable.
To request a DPA, contact: hello@kairosintel.co. Standard DPA turnaround is five business days from a verified request. The DPA is provided at no additional charge to qualifying enterprise clients.
All data in transit is encrypted via TLS 1.2 or higher. Platform infrastructure is managed by Vercel, which maintains SOC 2 Type II certification. Email communications are secured with DKIM, SPF, and DMARC authentication. Internal communications use Google Workspace, which is ISO 27001 certified.
The principle of least privilege is applied across all internal systems. Client report data is delivered via encrypted channels. Client data is segregated by engagement — no cross-client data is shared or referenced.
In the event of a data incident affecting client data, Kairos Intelligence will notify affected clients within 72 hours of becoming aware of the incident, consistent with GDPR notification requirements. A post-incident summary is provided upon request.
A list of sub-processors engaged in service delivery is available upon request alongside the Data Processing Agreement. All sub-processors are selected for their enterprise-grade security standards.
Kairos Intelligence operates according to a set of core principles governing how intelligence is gathered, processed, and delivered.
Every signal we monitor is drawn from public sources. We do not surveil individuals or track private behaviour. Our intelligence concerns organisational buying activity, not personal profiling.
We prioritise signal accuracy over signal quantity. Reports are verified against multiple corroborating sources before delivery. A signal that cannot be corroborated does not enter a report.
We do not engage in social engineering, impersonation, or deceptive information gathering of any kind. All intelligence is gathered from sources that are publicly accessible and legally permissible.
Intelligence delivered to clients is treated as confidential. We do not reference, share, or repurpose client engagement data across separate engagements.
Any organisation that contacts us requesting removal from our intelligence monitoring is removed within five business days. Contact: hello@kairosintel.co.
Signals are accepted into a report only when they meet a minimum corroboration threshold. Typically, three independent signals pointing to the same buying behaviour are required before a target is classified as active. A single data point — a job posting, a news article — is not sufficient to trigger a report entry.
Each target in a Kairos report is assigned a confidence score reflecting the strength and recency of the underlying signals. Scores account for signal count, signal recency, signal type weighting, and corroboration depth. Confidence scores are visible in every report.
Every report is reviewed before delivery to verify signal accuracy, remove false positives, and ensure the recommended outreach angle reflects the actual intelligence rather than an inference. We do not dispatch reports that have not passed a quality review.
Reports are delivered within 48 hours of target finalisation. Targets that do not meet confidence thresholds are excluded rather than included to reach a volume target. Report quality is prioritised over target count.
For GDPR rights requests, DPA enquiries, security documentation, or any data responsibility question, contact our team directly.
hello@kairosintel.co