Privacy Policy

This Privacy Policy explains how Vanberra Limited ("Vanberra", "we", "us", "our") collects, uses, shares, and protects personal data in connection with the Signal platform ("Signal" or "the Platform").

It should be read alongside our Terms & Conditions. Capitalised terms not defined here have the meaning given in the Terms.

This Policy covers two categories of individual:

• –Users — people who register for and use Signal (our customers and their authorised users).
• –Profiled individuals — senior professionals (C-suite and equivalent) whose professional information appears within Signal's company intelligence, drawn from publicly available sources.

For the purposes of the UK GDPR, the EU GDPR, and the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the data controller is:

Vanberra Limited

Room 13a, Man Lok Building 89-93 Bonham Strand East, Sheung Wan, Western District, Hong Kong Island

Email: privacy@vanberra.com

3.1 Data about Users (our customers)

• –Account data: name, work email, password (stored hashed), and company/organisation.
• –Billing data: handled by Stripe. We do not store full card numbers; we receive limited transaction and subscription metadata from Stripe.
• –Usage data: log-ins, searches, features used, downloads, and interactions with the Platform.
• –Communications: messages you send us (support, sales, enquiries).
• –Technical data: IP address, browser type, device and session information, and cookies (see Section 9).

3.2 Data about Profiled individuals

• –Professional information only: name, role/job title, current and former employers, career history, education, and publicly listed professional profile links.
• –Sourced exclusively from publicly available or licensed sources, including company registries, company websites, professional networking platforms, published conference materials, financial filings, and news sources.
• –We do not knowingly collect special category data (e.g. health, ethnicity, political opinions) about profiled individuals.

Where the UK GDPR or EU GDPR applies, we rely on the following lawful bases:

• –Providing and operating the Platform for Users — lawful basis: performance of a contract (Article 6(1)(b)).
• –Processing professional data of profiled individuals to deliver business intelligence — lawful basis: legitimate interests (Article 6(1)(f)), namely providing business-to-business market and competitor intelligence. We have carried out a Legitimate Interests Assessment balancing this against the rights and freedoms of the individuals concerned.
• –Billing and payments — lawful basis: performance of a contract and compliance with legal/accounting obligations (Article 6(1)(b) and 6(1)(c)).
• –Service emails (e.g. account, security, billing notices) — lawful basis: performance of a contract / legitimate interests.
• –Marketing communications — lawful basis: consent where required, or legitimate interests for existing customers (soft opt-in). You can opt out at any time.
• –Security, fraud prevention, and legal compliance — lawful basis: legitimate interests and legal obligation.

Under the Hong Kong PDPO, we collect and use personal data for purposes directly related to those above and in line with the PDPO's data protection principles.

We do not sell personal data. We share it only with:

• –Service providers (processors) acting on our instructions, including: Stripe (payments), and other hosting, email, and analytics providers operating under data processing agreements.
• –Professional advisers (legal, accounting) where necessary.
• –Authorities or third parties where required by law, regulation, or to protect our rights or users.
• –A successor entity in the event of a merger, acquisition, or asset sale.

Vanberra is established in Hong Kong, and personal data may be processed outside the United Kingdom and the European Economic Area (EEA), including in Hong Kong and in countries where our service providers operate.

Where we transfer personal data of UK or EU data subjects to a country that has not been granted an adequacy decision, we put appropriate safeguards in place as required by the UK and EU GDPR, such as the UK International Data Transfer Agreement (IDTA) / the UK Addendum, or the European Commission's Standard Contractual Clauses (SCCs). A copy of the relevant safeguards is available on request from privacy@vanberra.com.

• –User account data: retained for the duration of the subscription and for 2 years after account closure, then deleted or anonymised, subject to legal retention requirements.
• –Billing records: retained for 7 years as required by applicable tax and accounting law.
• –Profiled individuals' professional data: retained while it remains relevant to our intelligence service and is supported by a current public source; removed or corrected on a valid request (see Section 8).
• –Usage and technical logs: retained for 12 months.

8.1 Users and profiled individuals in the UK / EU

Where the UK GDPR or EU GDPR applies, you have the right to:

• –Access the personal data we hold about you;
• –Rectification of inaccurate or incomplete data;
• –Erasure ("right to be forgotten");
• –Restrict or object to processing, including objecting to processing based on legitimate interests and to direct marketing at any time;
• –Data portability;
• –Not be subject to solely automated decision-making producing legal or similarly significant effects;
• –Withdraw consent at any time where processing is based on consent (without affecting prior lawful processing).

To exercise any right, contact privacy@vanberra.com. We will respond within the time required by law (generally one month under the UK/EU GDPR). We may need to verify your identity first.

You also have the right to lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO, ico.org.uk); in the EU, your local supervisory authority. We would, however, appreciate the chance to address your concerns first.

8.2 Individuals in Hong Kong

Under the PDPO, you have the right to request access to and correction of your personal data. Requests should be sent to privacy@vanberra.com.

8.3 Profiled individuals — removal requests

If you are a professional listed on the Platform and wish to request access to, correction of, or removal of your information, email privacy@vanberra.com. We will review and action valid requests in line with applicable law.

Signal uses cookies and similar technologies for essential functionality (e.g. authentication and security), and for analytics and performance measurement. You can manage non-essential cookies via your browser settings or our cookie consent tool.

We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and hosting with reputable providers. No system is completely secure, and we cannot guarantee absolute security. We will notify affected individuals and relevant authorities of a personal data breach where required by law.

Signal is a business product not directed at children. Users must be 18 or over. We do not knowingly collect personal data from children.

We may update this Policy from time to time. Material changes will be notified via email or in-platform notice. The "Last updated" date at the top reflects the latest version.

For any privacy questions or to exercise your rights:

Vanberra Limited

Room 13a, Man Lok Building 89-93 Bonham Strand East, Sheung Wan, Western District, Hong Kong Island

Email: privacy@vanberra.com