Plain English summary: We collect your name, email, phone, and ID documents to verify who you are and run the platform. We never sell your data. We store it securely and you can ask us to delete it at any time by emailing info@kyros.tech.
1. Who we are
KYROS Technologies Limited ("KYROS", "we", "us", "our") is a company registered in England and Wales under Company Number 17007413. Our registered address is 116 Brooker Road, Waltham Abbey, EN9 1JH.
We operate a digital marketplace that connects independent security professionals with event companies, venues, and agencies across the United Kingdom.
We are the Data Controller for personal data processed on the Platform and are registered with the Information Commissioner's Office (ICO).
Contact us: info@kyros.tech
2. What data we collect
All users
- Full name, email address, and phone number
- Account login credentials (passwords are encrypted — we cannot read them)
- Device information and IP address (for security purposes)
- App usage and interaction data
Security Professionals (Guards)
- Home address
- SIA licence number and licence photo
- Identity selfie (face photo for verification)
- Right-to-work documents (passport, visa, or BRP card)
- CV / résumé (optional)
- Bank account sort code and account number (for payroll only)
- Emergency contact name and phone number
- GPS location at shift check-in (only during active check-in)
- Ratings and reviews received after shifts
Clients (Event Companies)
- Company name and business type
- Event details including venue address and shift times
- Payment information (processed by Stripe — we never store card details)
- Ratings and reviews received after events
3. Why we collect it and our legal basis
- To verify your identity — legal obligation (SIA licence checking, right-to-work verification)
- To run the Platform — performance of a contract (connecting guards with clients, processing bookings)
- To process payments and payroll — performance of a contract (bank details used for guard payouts)
- To comply with UK law — legal obligation (record keeping, anti-fraud, safeguarding)
- To send you relevant notifications — legitimate interest (shift updates, application results)
- To improve the Platform — legitimate interest (usage analytics, bug fixing)
We will never use your data for purposes beyond those listed without your explicit consent.
4. Who we share your data with
We do not sell your data. We share it only with the following trusted third parties, all contractually bound to protect it:
- Supabase — our secure cloud database and authentication provider (data hosted in EU)
- Stripe — payment processing (PCI DSS Level 1 certified)
- The SIA (Security Industry Authority) — for real-time licence verification
- Matched users on the Platform — your name and role type are visible to clients or guards you are matched with. Your bank details, home address, and identity documents are never shared with other users.
We may share data with law enforcement or regulatory bodies if required by law.
5. How long we keep your data
- Active accounts — for as long as your account remains active
- After account deletion — core records retained for 6 years in line with UK financial law
- Identity documents — retained for the period required under right-to-work legislation (2 years after the working relationship ends)
- Payment records — 6 years from the date of the transaction
6. Your rights under UK GDPR
- Access — request a copy of the data we hold on you
- Rectification — ask us to correct inaccurate data
- Erasure — ask us to delete your data ("right to be forgotten")
- Restriction — ask us to limit how we use your data
- Portability — receive your data in a portable format
- Object — object to processing based on legitimate interest
To exercise any of these rights, email info@kyros.tech. We will respond within 30 days.
If you are unhappy with how we handle your data, you may complain to the ICO at ico.org.uk/make-a-complaint.
7. How we protect your data
- All data in transit is encrypted using HTTPS/TLS
- Documents are stored in encrypted cloud storage
- Database row-level security — users can only access their own data
- Stripe handles all card processing — we never see or store card numbers
- Strict internal access controls — only authorised KYROS staff can access personal data
In the event of a data breach affecting your rights, we will notify you and the ICO within 72 hours.
8. Cookies
Our website uses cookies to function and to improve your experience. You can manage or withdraw cookie consent at any time using the banner on our website. For full details see our Terms & Conditions.
9. Children
The KYROS Platform is strictly for users aged 18 and over. We do not knowingly collect data from anyone under 18. If you believe we have received data from a minor, please contact us immediately and we will delete it.
10. Changes to this policy
We may update this Privacy Policy from time to time. We will notify registered users by email at least 14 days before any material changes take effect.
Questions about your data?
We respond to all data requests within 30 days. For urgent matters we aim to reply within 48 hours.
Email info@kyros.tech