Effective date: 10 July 2026
This Privacy Policy explains how Intel Desk ("we", "us", "our"), operated by Chris Woodward, collects, uses, and protects your personal information when you use our service at inteldesk.app.
| Data Type | What | Why |
|---|---|---|
| Account info | Email address, name | To create and manage your account, send service communications |
| Optional pilot application | Selected pilot type, role, approximate team size, workflow note, contact consent, and request timestamps | To assess and reply to a requested Desk or Team pilot using the existing account email |
| Usage data | Pages visited, features used, timestamps, session duration | To improve the Service, diagnose issues, and understand usage patterns |
| Technical data | IP address, browser type, device info | For security, fraud prevention, and service optimisation |
| Native app alert data | iOS push device token, app version, anonymous install identifier, alert preferences | To deliver critical Intel Desk notifications to devices you enable |
| Optional Trading 212 data | Position and instrument identifiers, quantities, values, cost basis, profit or loss, account-level totals, and recent account activity returned for your own read-only request | To provide the read-only live book and portfolio analysis when the connection is enabled |
| Processing Activity | Legal Basis |
|---|---|
| Account creation and management | Performance of contract (Article 6(1)(b) UK GDPR) |
| Service communications and updates | Legitimate interest (Article 6(1)(f) UK GDPR) |
| Usage analytics and service improvement | Legitimate interest (Article 6(1)(f) UK GDPR) |
| Security and fraud prevention | Legitimate interest (Article 6(1)(f) UK GDPR) |
| Optional read-only Trading 212 connection | Performance of contract (Article 6(1)(b) UK GDPR) |
| Optional pilot application and follow-up | Consent (Article 6(1)(a) UK GDPR); you can update or withdraw the request by contacting support |
| Legal compliance | Legal obligation (Article 6(1)(c) UK GDPR) |
The Service integrates with the following third-party services. Each interaction is limited to the minimum data necessary to deliver the Service:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Supabase | Authentication, user accounts, session management | Email, hashed password, session tokens, user metadata (watchlist tickers, alert preferences, native push device tokens) | United States (AWS us-east-1) |
| Trading 212 | Optional read-only brokerage API for live-book and protected portfolio analysis | Broker API credentials and server-side requests for the connected account's positions, values, profit or loss, totals, and recent activity. No unrelated Intel Desk user data is sent. | Depends on the Trading 212 entity serving the connected account |
| Apple Push Notification service | Native iOS push notification delivery | Device push token and notification payload needed to deliver alerts you enable | Apple infrastructure |
| Render | Application hosting | Server logs (IP addresses, request timestamps, user agent strings). Logs are retained for 7 days. | United States (Oregon, us-west-2) |
| Twilio SendGrid | Transactional email (welcome emails, account notifications) | Email address only | United States |
| Finnhub | Real-time market data streaming | No user data shared. Server-to-server connection only. | United States |
| Seeking Alpha (via RapidAPI) | Quantitative ratings and analyst consensus | No user data shared. Server-to-server API calls only. | United States |
| RSS Feed Publishers | News and intelligence aggregation | No user data shared. Server fetches publicly available RSS feeds. | Various |
Market data providers, RSS feeds, and OSINT sources are queried server-side only. No user data, watchlist contents, or account information is transmitted to those providers. Trading 212 is different: a signed-in user enters their own read-only credentials in the browser, and the browser sends them over TLS only for that user’s request to the user-scoped endpoint.
We use cookies strictly for:
We do not use advertising or third-party tracking cookies.
When you create a custom watchlist of tickers and instruments, this data is stored in your Supabase user profile as account metadata. Your watchlist is:
When you enable the optional Trading 212 connection, Intel Desk uses Trading 212's read-only API to process position identifiers, values, cost basis, profit or loss, account totals, and recent activity for your request:
We do not sell, rent, or trade your personal data to third parties. Data is shared only with the processors listed in Section 4 above, and with legal authorities when required by law. Your watchlist contents and browsing patterns are never disclosed to market data providers or publishers. The optional Trading 212 connection exchanges only the credentials and connected-account data needed for the read-only feature. If you enable native push notifications, Apple receives the device token and alert payload required to deliver that notification.
Some of our service providers are based in the United States. When we transfer your personal data outside the United Kingdom, we ensure appropriate safeguards are in place, including:
You may request further details about the safeguards we have in place by contacting us at support@inteldesk.app.
| Data Category | Retention Period |
|---|---|
| Account data (email, metadata, watchlist) | Duration of active account + 30 days after deletion request |
| Authentication sessions | 7 days (auto-expired by Supabase) |
| Native push device tokens | Duration of active account or until you disable notifications/delete the account. |
| Server logs (IP, user agent, timestamps) | 7 days (auto-purged by Render) |
| WebSocket connection data | Not stored. In-memory only during active session. |
| Watchlist/portfolio configuration | Duration of active account. Deleted with account. |
| Pilot application | Duration of active account or until you withdraw the request or delete the account. |
| Trading 212 API responses and derived analysis | Held only for the duration of the authenticated request. Broker credentials remain in the user’s browser session and are cleared when disconnected or when the session ends. |
| Email delivery records | 30 days (retained by SendGrid) |
If you request account deletion, we will delete your personal data within 30 days, except where we are required by law to retain certain records.
If you are located in the UK or European Economic Area, you have the following rights under GDPR:
To exercise any of these rights, contact us at support@inteldesk.app. You may also use the in-app account deletion control from the dashboard settings when signed in. We will respond within 30 days.
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
We implement appropriate technical and organisational measures to protect your data:
No method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@inteldesk.app.
The Service is not directed at individuals under 18. We do not knowingly collect data from children. If we become aware that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The "Effective date" at the top of this page indicates when the policy was last revised.
The data controller for the purposes of UK GDPR is Chris Woodward, trading as Intel Desk. Intel Desk is in the process of completing registration with the Information Commissioner's Office (ICO) as a data controller. Registration reference will be published here upon confirmation. In the interim, all data subject rights and obligations described in this policy are fully honoured.
For any privacy-related questions or requests, contact us at:
Chris Woodward
121 Belgrave Road
London, E17 8QF
United Kingdom
support@inteldesk.app