Legal
Privacy Policy
Last updated: 13 May 2026
This privacy notice explains how Deep Tech Signals ("we", "us", "our") collects and processes personal data when you visit deeptechsignals.com, register for our community, apply for membership, or contact us. We are committed to protecting your personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are (Data Controller)
Deep Tech Signals is operated by Cambridge Future Tech Ltd, a company registered in England & Wales, based in Cambridge, United Kingdom. Cambridge Future Tech is the data controller for personal data collected through this site.
Contact for privacy matters: privacy@deeptechsignals.com
General contact: hello@deeptechsignals.com
2. What personal data we collect
Depending on how you interact with us, we may collect:
- Account & authentication data: email address, password hash (managed by our authentication provider), session tokens.
- Community signup data: name, email, LinkedIn URL, the category that best describes you (e.g. angel investor, other investor, academic, founder, service provider, other), and any optional note you provide in support of your application.
- Membership application data: full name, country, LinkedIn URL, investor category (high net worth / sophisticated / restricted), your self-certification statement, risk acknowledgement, appropriateness quiz answers and score, and the timestamps of those certifications.
- Contact form data: name, email, and the content of your message.
- Technical data: IP address, browser type, device type, pages visited, and timestamps, collected only as needed for security, abuse prevention, and service operation.
We do not collect special category data and we do not knowingly collect data from children under 18.
3. Why we use your data and the lawful basis
| Purpose | Lawful basis (UK GDPR Art. 6) |
|---|---|
| Provide accounts and members-only access | Performance of a contract |
| Process and review membership applications | Performance of a contract; legal obligation (UK financial promotion rules) |
| Maintain investor self-certification records | Legal obligation (Financial Services and Markets Act 2000; Financial Promotion Order) |
| Respond to community signups and contact messages | Legitimate interests (responding to enquiries) |
| Site security, fraud and abuse prevention | Legitimate interests |
| Sending optional updates (only if you opt in) | Consent |
4. Who we share your data with
We do not sell your personal data. We share it only with the processors needed to run the service:
- Supabase (database, authentication, storage), hosted in the EU.
- Resend (transactional email delivery).
- Lovable / Cloudflare (web hosting and edge runtime).
- Cambridge Future Tech staff and contractors with a need-to-know, bound by confidentiality.
- Regulators, law enforcement, or professional advisers where we are legally required to do so.
5. International data transfers
Some of our processors are located outside the UK. Where personal data is transferred outside the UK, we rely on UK adequacy regulations or the UK International Data Transfer Addendum to the EU Standard Contractual Clauses to ensure an equivalent level of protection.
6. How long we keep your data
- Community signups: retained while you remain in the community and for up to 24 months after your last interaction, unless you ask us to delete sooner.
- Membership applications & certifications: retained for at least 6 years after the certification expires, to comply with UK financial-promotion record-keeping obligations.
- Contact submissions: retained for up to 24 months after the matter is closed.
- Account & authentication data: retained while your account is active; deleted on request, subject to the legal hold above.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request erasure (subject to legal retention obligations)
- Restrict or object to processing based on legitimate interests
- Data portability for data you provided
- Withdraw consent at any time, where processing is based on consent
- Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk
To exercise any of these rights, email privacy@deeptechsignals.com. We will respond within one month.
8. Security
We use Row-Level Security on our database, encrypted connections (TLS), salted password hashing handled by our authentication provider, role-based access controls, and audit logging. No system is perfectly secure; if you suspect a security incident, please contact us immediately.
9. Cookies
We use only strictly necessary cookies required to keep you signed in and to secure the site. We do not use advertising or analytics cookies. See our Cookie Policy for details.
10. Changes to this notice
We may update this notice from time to time. The "Last updated" date at the top of this page indicates when it was last revised. Material changes will be notified to active members by email.