Intel Deskest. 2026

Privacy Policy

Effective date: 10 July 2026

This Privacy Policy explains how Intel Desk ("we", "us", "our"), operated by Chris Woodward, collects, uses, and protects your personal information when you use our service at inteldesk.app.

Summary: We collect only what we need to run the service. An optional Trading 212 connection is read-only, user-scoped, and does not persist broker credentials or personal holdings on Intel Desk servers. We never sell your data to third parties. We comply with GDPR.

1. Data We Collect

Data Type What Why
Account info Email address, name To create and manage your account, send service communications
Optional pilot application Selected pilot type, role, approximate team size, workflow note, contact consent, and request timestamps To assess and reply to a requested Desk or Team pilot using the existing account email
Usage data Pages visited, features used, timestamps, session duration To improve the Service, diagnose issues, and understand usage patterns
Technical data IP address, browser type, device info For security, fraud prevention, and service optimisation
Native app alert data iOS push device token, app version, anonymous install identifier, alert preferences To deliver critical Intel Desk notifications to devices you enable
Optional Trading 212 data Position and instrument identifiers, quantities, values, cost basis, profit or loss, account-level totals, and recent account activity returned for your own read-only request To provide the read-only live book and portfolio analysis when the connection is enabled

2. How We Use Your Data

3. Legal Basis for Processing

Processing Activity Legal Basis
Account creation and management Performance of contract (Article 6(1)(b) UK GDPR)
Service communications and updates Legitimate interest (Article 6(1)(f) UK GDPR)
Usage analytics and service improvement Legitimate interest (Article 6(1)(f) UK GDPR)
Security and fraud prevention Legitimate interest (Article 6(1)(f) UK GDPR)
Optional read-only Trading 212 connection Performance of contract (Article 6(1)(b) UK GDPR)
Optional pilot application and follow-up Consent (Article 6(1)(a) UK GDPR); you can update or withdraw the request by contacting support
Legal compliance Legal obligation (Article 6(1)(c) UK GDPR)

4. Third-Party Data Processors and API Interactions

The Service integrates with the following third-party services. Each interaction is limited to the minimum data necessary to deliver the Service:

Provider Purpose Data Shared Location
Supabase Authentication, user accounts, session management Email, hashed password, session tokens, user metadata (watchlist tickers, alert preferences, native push device tokens) United States (AWS us-east-1)
Trading 212 Optional read-only brokerage API for live-book and protected portfolio analysis Broker API credentials and server-side requests for the connected account's positions, values, profit or loss, totals, and recent activity. No unrelated Intel Desk user data is sent. Depends on the Trading 212 entity serving the connected account
Apple Push Notification service Native iOS push notification delivery Device push token and notification payload needed to deliver alerts you enable Apple infrastructure
Render Application hosting Server logs (IP addresses, request timestamps, user agent strings). Logs are retained for 7 days. United States (Oregon, us-west-2)
Twilio SendGrid Transactional email (welcome emails, account notifications) Email address only United States
Finnhub Real-time market data streaming No user data shared. Server-to-server connection only. United States
Seeking Alpha (via RapidAPI) Quantitative ratings and analyst consensus No user data shared. Server-to-server API calls only. United States
RSS Feed Publishers News and intelligence aggregation No user data shared. Server fetches publicly available RSS feeds. Various

Market data providers, RSS feeds, and OSINT sources are queried server-side only. No user data, watchlist contents, or account information is transmitted to those providers. Trading 212 is different: a signed-in user enters their own read-only credentials in the browser, and the browser sends them over TLS only for that user’s request to the user-scoped endpoint.

5. Cookies

We use cookies strictly for:

We do not use advertising or third-party tracking cookies.

6. Watchlist, Configuration, and Optional Broker Data

When you create a custom watchlist of tickers and instruments, this data is stored in your Supabase user profile as account metadata. Your watchlist is:

When you enable the optional Trading 212 connection, Intel Desk uses Trading 212's read-only API to process position identifiers, values, cost basis, profit or loss, account totals, and recent activity for your request:

7. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Data is shared only with the processors listed in Section 4 above, and with legal authorities when required by law. Your watchlist contents and browsing patterns are never disclosed to market data providers or publishers. The optional Trading 212 connection exchanges only the credentials and connected-account data needed for the read-only feature. If you enable native push notifications, Apple receives the device token and alert payload required to deliver that notification.

8. International Data Transfers

Some of our service providers are based in the United States. When we transfer your personal data outside the United Kingdom, we ensure appropriate safeguards are in place, including:

You may request further details about the safeguards we have in place by contacting us at support@inteldesk.app.

9. Data Retention

Data Category Retention Period
Account data (email, metadata, watchlist) Duration of active account + 30 days after deletion request
Authentication sessions 7 days (auto-expired by Supabase)
Native push device tokens Duration of active account or until you disable notifications/delete the account.
Server logs (IP, user agent, timestamps) 7 days (auto-purged by Render)
WebSocket connection data Not stored. In-memory only during active session.
Watchlist/portfolio configuration Duration of active account. Deleted with account.
Pilot application Duration of active account or until you withdraw the request or delete the account.
Trading 212 API responses and derived analysis Held only for the duration of the authenticated request. Broker credentials remain in the user’s browser session and are cleared when disconnected or when the session ends.
Email delivery records 30 days (retained by SendGrid)

If you request account deletion, we will delete your personal data within 30 days, except where we are required by law to retain certain records.

10. Your Rights (UK GDPR)

If you are located in the UK or European Economic Area, you have the following rights under GDPR:

To exercise any of these rights, contact us at support@inteldesk.app. You may also use the in-app account deletion control from the dashboard settings when signed in. We will respond within 30 days.

If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

11. Data Security

We implement appropriate technical and organisational measures to protect your data:

No method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@inteldesk.app.

12. Children

The Service is not directed at individuals under 18. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Effective date" at the top of this page indicates when the policy was last revised.

14. Data Controller and ICO Registration

The data controller for the purposes of UK GDPR is Chris Woodward, trading as Intel Desk. Intel Desk is in the process of completing registration with the Information Commissioner's Office (ICO) as a data controller. Registration reference will be published here upon confirmation. In the interim, all data subject rights and obligations described in this policy are fully honoured.

15. Contact

For any privacy-related questions or requests, contact us at:

Chris Woodward
121 Belgrave Road
London, E17 8QF
United Kingdom
support@inteldesk.app