1. Who we are
FirmSignal is operated by Chimarok Amaike. We provide a lead monitoring service for UK accounting firms. For questions about this policy, contact us at admin@firmsignal.kemja.co.uk.
2. What data we collect
- Account data: Your name, email address, and password (hashed) when you register.
- Filter preferences: Your postcode, search radius, and SIC code preferences used to generate your lead feed.
- Lead pipeline data: Status labels you apply to leads (contacted, converted, dismissed) and any notes you add.
- Usage data: Pages visited, features used, and digest email open/click events. Used to improve the product.
- Payment data: Processed by Stripe. We store only your Stripe customer ID and subscription status — no card details.
- Companies House data: Publicly available filing and company information sourced from the Companies House API. We do not collect personal data about company directors beyond what is publicly available.
2b. Email OAuth data
If you connect Gmail or Outlook to send outreach emails, we store OAuth access and refresh tokens to act on your behalf. We use these tokens only to send emails you explicitly initiate and to check for replies to those emails. We do not read, store, or analyse any other emails in your inbox. You can disconnect your email account at any time from Settings, which revokes our access.
3. Legal basis for processing
We process your data on the following bases under UK GDPR:
- Contract performance — to provide the service you signed up for.
- Legitimate interests — to improve the product, prevent fraud, and ensure security.
- Legal obligation — to comply with applicable law.
4. How we use your data
- Deliver your daily lead digest email.
- Filter and display leads matching your postcode and SIC preferences.
- Manage your subscription and billing via Stripe.
- Send transactional emails (account confirmation, password reset).
- Improve the product based on usage patterns.
5. Data sharing
We share your data only with the following processors:
SupabaseDatabase and authenticationEU / US (SCCs)
StripePayment processingUS (SCCs)
ResendTransactional emailUS (SCCs)
VercelApplication hostingUS (SCCs)
We do not sell your data to third parties.
6. Data retention
We retain your account data for as long as your account is active. When you delete your account, your personal data (email, filters, pipeline status) is deleted within 30 days. Anonymised usage data may be retained for analytics.
7. Your rights (UK GDPR)
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request deletion of your data ("right to be forgotten").
- Object to processing based on legitimate interests.
- Data portability — receive your data in a machine-readable format.
- Lodge a complaint with the ICO — ico.org.uk/concerns.
To exercise any right, email admin@firmsignal.kemja.co.uk. We will respond within 30 days.
8. Cookies
We use only essential session cookies required for authentication. No advertising or tracking cookies are used.
9. Changes to this policy
We may update this policy from time to time. Significant changes will be notified by email. Continued use of the service after changes constitutes acceptance.