1. Controller
Kai-Signals, Unipessoal Lda ("we", "us") is the data controller for personal data processed in connection with the Kai-Signals service. Contact: contact@kai-signals.com.
2. Data We Collect
| Category | Examples | Lawful Basis |
|---|---|---|
| Account data | Email address, hashed password, country code, locale, timezone | Contract (Art. 6(1)(b) GDPR) |
| Consent records | Consent kind, version, timestamp, IP address, user-agent | Legal obligation (Art. 6(1)(c)) |
| Usage logs | Page views, signal views, session data | Legitimate interests (Art. 6(1)(f)) |
| Device data | Push token, platform, device name | Contract |
| Cookie consent | Category flags, version, timestamp | Legal obligation |
We do not collect personal investment data, including risk profiles, investment objectives, financial situation, holdings, or net worth. This is a structural design choice enforced at the technical level.
3. How We Use Your Data
- Providing and improving the service
- Sending subscription-related emails (account confirmation, phase reminders)
- Complying with legal obligations (MAR audit trail, GDPR consent log)
- Fraud prevention and security
We do not use your data for profiling, automated decision-making with legal effect, or personalisation of signals.
4. Retention
| Data | Retention period |
|---|---|
| Account data | Duration of account + 30-day soft-delete grace period |
| Consent and audit logs | 7 years (regulatory requirement) |
| Usage logs | 90 days |
| Cookie consent records | 2 years |
5. Recipients
We share data with:
- Mailgun (EU region) — transactional email delivery
- Expo — push notification delivery (device token only)
- Hosting provider (mycloud.pt, Portugal) — infrastructure
We do not sell personal data.
6. Transfers Outside the EEA
Mailgun and Expo infrastructure may process data in the United States. Transfers are safeguarded by Standard Contractual Clauses (SCCs) under Article 46 GDPR.
7. Your Rights
Under GDPR you have the right to: access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and objection. To exercise any right, email contact@kai-signals.com. We will respond within 30 days.
8. Right to Complain
You may lodge a complaint with the Portuguese data protection authority: CNPD (Comissão Nacional de Proteção de Dados), www.cnpd.pt.
9. Cookies
See our Cookie Policy for details on cookies and tracking technologies.
10. Changes
We will notify you of material changes at least 30 days before they take effect.