How we source intelligence, handle data, and maintain enterprise-grade standards across every engagement. Last updated: May 9, 2026.
Kairos Intelligence is committed to the responsible handling of personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection legislation. GDPR obligations extend to the processing of personal data relating to individuals in the European Economic Area.
We process personal data under the following lawful bases: legitimate interests, where processing is necessary for our intelligence services and does not override the fundamental rights of data subjects; contract performance, where processing is required to deliver intelligence reports to clients; and legal obligation, where applicable law requires processing.
You have the right to access the personal data we hold about you, request correction of inaccurate data, request deletion of your data, object to processing based on legitimate interests, request restriction of processing, and request data portability where technically feasible. To exercise any of these rights, contact: hello@kairosintel.co. We respond to verified requests within 30 days.
Personal data is retained only for as long as necessary to deliver contracted services. Client engagement data is deleted within 90 days of contract termination unless a longer retention period is required by applicable law.
California residents have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Kairos Intelligence does not sell personal data as defined under the CCPA. California residents may request disclosure of the categories and specific pieces of personal data we have collected, request deletion of personal data, and opt out of any sale of personal data (though no such sale occurs). To exercise these rights, contact hello@kairosintel.co. We will respond within 45 calendar days of a verified request.
For recipients in Canada, Kairos Intelligence complies with Canada's Anti-Spam Legislation (CASL). Commercial electronic messages are sent only to recipients who have provided express or implied consent as defined by CASL. Every commercial email we send includes an unsubscribe mechanism. Consent can be withdrawn at any time by using the unsubscribe link in any email or by contacting hello@kairosintel.co. Unsubscribe requests are processed within 10 business days.
Kairos Intelligence constructs buyer signal profiles exclusively from publicly available and legitimately sourced data. We do not purchase private personal data, access protected systems, or collect data through non-public channels.
We do not collect private or confidential communications, data obtained through unauthorised access to protected systems, personally purchased data used to profile private individuals, or any information obtained through misrepresentation. All signal data is processed to identify organisational buying activity — not to surveil private individuals. Decision-maker information in reports is sourced exclusively from publicly stated roles and responsibilities.
A Data Processing Agreement (DPA) is available to enterprise clients upon request. The DPA documents the categories of personal data processed on behalf of the client, the purposes and duration of processing, sub-processors engaged in service delivery, data subject rights procedures, security measures and incident notification obligations, and cross-border data transfer mechanisms where applicable.
To request a DPA, contact: hello@kairosintel.co. Standard DPA turnaround is five business days from a verified request. The DPA is provided at no additional charge to qualifying enterprise clients.
All data in transit is encrypted via TLS 1.2 or higher. Platform infrastructure is managed by Vercel, which maintains SOC 2 Type II certification. Email communications are secured with DKIM, SPF, and DMARC authentication. Internal communications use Google Workspace, which is ISO 27001 certified.
The principle of least privilege is applied across all internal systems. Client report data is delivered via encrypted channels. Client data is segregated by engagement — no cross-client data is shared or referenced.
In the event of a data incident affecting client data, Kairos Intelligence will notify affected clients within 72 hours of becoming aware of the incident, consistent with GDPR notification requirements. A post-incident summary is provided upon request.
A list of sub-processors engaged in service delivery is available upon request alongside the Data Processing Agreement. All sub-processors are selected for their enterprise-grade security standards.
Kairos Intelligence operates according to a set of core principles governing how intelligence is gathered, processed, and delivered.
Every signal we monitor is drawn from public sources. We do not surveil individuals or track private behaviour. Our intelligence concerns organisational buying activity, not personal profiling.
We prioritise signal accuracy over signal quantity. Reports are verified against multiple corroborating sources before delivery. A signal that cannot be corroborated does not enter a report.
We do not engage in social engineering, impersonation, or deceptive information gathering of any kind. All intelligence is gathered from sources that are publicly accessible and legally permissible.
Intelligence delivered to clients is treated as confidential. We do not reference, share, or repurpose client engagement data across separate engagements.
Any organisation that contacts us requesting removal from our intelligence monitoring is removed within five business days. Contact: hello@kairosintel.co.
Signals are accepted into a report only when they meet a minimum corroboration threshold. Typically, three independent signals pointing to the same buying behaviour are required before a target is classified as active. A single data point — a job posting, a news article — is not sufficient to trigger a report entry.
Each target in a Kairos report is assigned a confidence score reflecting the strength and recency of the underlying signals. Scores account for signal count, signal recency, signal type weighting, and corroboration depth. Confidence scores are visible in every report.
Every report is reviewed before delivery to verify signal accuracy, remove false positives, and ensure the recommended outreach angle reflects the actual intelligence rather than an inference. We do not dispatch reports that have not passed a quality review.
Reports are delivered within 48 hours of target finalisation. Targets that do not meet confidence thresholds are excluded rather than included to reach a volume target. Report quality is prioritised over target count.
Kairos Intelligence uses AI-assisted tools as part of its signal processing and report drafting workflow. The following disclosures apply.
AI tools assist with signal aggregation, pattern recognition across public data sources, and initial narrative drafting. AI is not the final decision-maker in any report. Every report is reviewed, edited, and approved by a human analyst before delivery. The triggering event, buyer profile, urgency score, and outreach angle in each report reflect human judgement applied to AI-assisted research.
AI does not access private, confidential, or protected systems. All inputs to AI tools are drawn from the same public sources described in the Intelligence Sources section. No client ICP data, target company data, or engagement data is used to train third-party AI models without explicit written consent.
Where third-party AI services are engaged as sub-processors, they are selected for enterprise-grade data handling standards, including data isolation and non-training commitments. Details of AI sub-processors are available alongside the Data Processing Agreement upon request.
For GDPR rights requests, DPA enquiries, security documentation, or any data responsibility question, contact our team directly.
hello@kairosintel.coRelated Documents