The operating entity, how we handle data, and what we agree when you subscribe. Last updated 11 May 2026.
The team reads the open record on behalf of subscribed clients and briefs them on what is material. We don't represent you. We don't act on your behalf. Our reading and briefs are information services, not advice.
Kerem Albayrak is not authorised or regulated by the Financial Conduct Authority. Not a regulated investment firm. Not a law firm. Not a tax advisor. Not a custodian, broker, exchange, or fiduciary. We do not give regulated financial, legal, or tax advice.
For legal, tax, structuring, regulatory, custody, and investment decisions, you should consult appropriately qualified professionals. Our reading informs those conversations. It does not replace them.
This section is how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. EU residents are covered by equivalent rights under the EU GDPR.
Kerem Albayrak, registered office 10 Brock Street, London, NW1 3FG, United Kingdom, company number 16809819, is the data controller of personal data collected through this service. Registered with the UK Information Commissioner's Office (ICO), registration number [pending registration]. You can reach our data protection contact at applications@keremalbayrak.com.
We collect only what you choose to share with us. This may include: name (or chosen handle), preferred form of address, date of birth, nationality, country and city of residence, contact email, contact telephone number, public online profile URLs, past usernames or aliases. Where you opt to share it, we may also hold information about your banking and custodial relationships, structures, businesses, family, properties, travel, threat context, and the categories of risk you would like the watch to cover.
We do not collect government identifiers, bank account numbers, passwords, signing keys, or copies of identity documents through this site. Where formal identity verification is required, it is handled by an external regulated KYC provider and we receive a binary verification result.
For information you provide through the application or onboarding form, the lawful basis is your consent (Art. 6(1)(a) UK GDPR) and the performance of a contract (Art. 6(1)(b)) where a paid engagement is in place. For administrative records (invoices, contracts, audit trails) the basis is our legal obligations (Art. 6(1)(c)) and our legitimate interests (Art. 6(1)(f)) in running a properly governed business. For sanctions and identity screening required by anti-money-laundering law, the basis is legal obligation.
Where the information you share constitutes special category data under Art. 9 UK GDPR, including information about political exposure (PEP status), trade union membership, or threats received against you, we process it only where you have given explicit consent (Art. 9(2)(a)) for the purpose of providing the service.
Active client files are retained for the duration of the engagement and a further six years after termination, in line with UK statutory record-keeping obligations (Companies Act 2006, HMRC requirements, Money Laundering Regulations). Unsuccessful applications are deleted after twelve months unless you ask us to keep them. Anonymous draft applications saved in your browser are held only on your device and may be deleted by you at any time. Operational logs (dispatch records, source-feed alerts referencing your file) are retained for 24 months from the relevant brief, then anonymised.
Personal data may be processed by the following sub-processors, each bound by data processing agreements and to GDPR-equivalent standards:
Payment processing, Stripe Payments Europe Ltd (Ireland), payment details and minimal client data necessary for billing. Email delivery, Resend, Inc. (United States, Standard Contractual Clauses), email addresses and message content. Hosting and infrastructure, providers within the UK or EEA. Identity verification, an external regulated KYC provider, on request and only where ID verification is required for an engagement. Professional advisors, our auditors, lawyers, and accountants where strictly necessary.
We do not sell, lease, or trade personal data with anyone. We do not run advertising trackers or analytics that profile you. We do not transfer personal data outside the UK or EEA other than through the safeguards above.
Under UK GDPR you have the right to: access the data we hold about you, ask us to correct it, ask us to erase it, ask us to restrict or object to certain processing, ask for a portable copy of data you provided, and withdraw consent at any time where consent is the basis we relied on. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. We respond to verified rights requests within thirty days. Write to applications@keremalbayrak.com or to the registered office above.
The watch uses automated classification and confidence scoring to decide which open-source signals are routed to your file. No solely-automated decision produces legal or similarly significant effects on you. Every routine briefing is reviewed by a named team member before delivery. Real-time sanctions-match alerts may be auto-dispatched on high-confidence signals, these are clearly labelled as auto-dispatched in the brief, and a human review follows within four working hours. You can ask for a human review of any classification.
The service is intended for adults. We do not knowingly collect data from anyone under 18. If you believe we have, write to us and we will delete it.
We follow standard practice. Encryption in transit (TLS) for all submitted data. Encryption at rest for sensitive fields. Access to live data restricted to named personnel. Logged audit trail for administrative actions. No shared credentials. Backups encrypted and access-controlled. We have a written incident response process. We notify you and the ICO within 72 hours of any qualifying breach.
This site uses strictly necessary cookies only. We do not run advertising trackers, fingerprinting scripts, social media pixels, or analytics that profile you across the internet. We use browser local storage to save your in-progress application form on your device so you can come back to it. Cookies we set: ka_session, anonymous session for in-progress form state, 30 days. ka_consent, your cookie-consent choice, 1 year.
If you proceed to Stripe Checkout, Stripe will set cookies necessary to process your payment. These are governed by Stripe's own cookie and privacy policy. We do not embed Stripe widgets on any other page.
These terms apply to all paid engagements. They form the agreement between you and Kerem Albayrak when you subscribe.
An engagement begins when both sides agree to it in writing and the first fee is paid through Stripe or by invoice. Submitting an application creates no contractual relationship. We may decline an application without reason.
Subscription fees are listed on the Subscriptions page and are billed in advance, monthly, in pounds sterling unless otherwise agreed. The Spot Check is a one-time fee. Family member additions are billed alongside the principal subscription. All fees are exclusive of VAT where applicable; VAT is added at the prevailing rate at point of sale. Payment is by card or other Stripe-supported method.
Price changes. We may change subscription prices with 30 days' written notice to your email of record. Price changes take effect at your next billing cycle. You may cancel before the new price takes effect without penalty.
Monthly subscriptions renew monthly until cancelled. The Spot Check is a single engagement with no renewal. We may choose to enter into a fixed annual commitment with you, in which case the terms of that commitment govern over these clauses.
You may cancel any time with effect from the end of your current billing period. We do not pro-rate refunds for partial periods unless required by law. You can cancel through the Stripe Customer Portal at any time, access it through any payment receipt email, or by replying to any brief or writing to applications@keremalbayrak.com. We may also terminate, with thirty days' written notice, where continuing the engagement would create regulatory, reputational, or operational difficulties. We will refund any prepaid fees covering periods after termination.
We expect a working relationship of mutual respect. We may terminate immediately, without refund, in the case of unlawful instructions, harassment of personnel, or material misrepresentation in your application. We will document the basis for any such termination in writing.
Under the Consumer Contracts Regulations 2013 (UK) and equivalent EU rules, if you contract with us as a consumer (not as a business) you have a fourteen-day cancellation right from the date the engagement begins. By accepting the engagement and asking us to begin the watch immediately, you acknowledge that you may lose this right once we have started delivering the service. The Spot Check, by its nature, is fully delivered within the engagement window, so the cancellation right ends on first delivery of the written summary.
For monthly subscriptions, we generally do not refund the current month after services have been delivered. We have discretion to issue partial refunds where the service quality has materially fallen short. Disputes about refunds are handled on the basis of these terms and English law.
Our briefs are information services drawn from open-record signals. They are not, and must not be relied on as, legal, financial, tax, or investment advice. Any action you take in response to a brief is your own decision, taken on your own responsibility and with your own counsel.
To the maximum extent allowed by law, our total liability to you under or in connection with any engagement is limited to the greater of (a) £25,000 or (b) the fees paid by you in the twelve months preceding the event giving rise to the claim. We are not liable for indirect or consequential loss, loss of profit, opportunity cost, reputational loss, or third-party claims. Nothing in these terms limits liability for death or personal injury caused by negligence, for fraud, or for anything else that cannot be limited by English law.
Both sides treat the engagement, the file, and all correspondence as confidential. Neither side names the other publicly without express written permission. We do not publish client lists. We do not publish case studies. We do not refer to specific client situations in any external material.
Permitted disclosures. We may disclose engagement information where required by law or court order, to our auditors and professional advisors under their own confidentiality duty, or where you have given written permission.
We follow risk-based KYC procedures consistent with the UK Money Laundering Regulations 2017. Identity verification at engagement uses an external regulated provider. We do not handle client funds and are not subject to MLR obligations as a principal, but we apply proportionate diligence as part of engagement intake.
These terms and any engagement governed by them are governed by the laws of England and Wales. The courts of England and Wales have exclusive jurisdiction over any dispute, claim, or matter arising out of or in connection with these terms.
Consumer rights. If you are contracting with us as a consumer (not for business purposes), you have the right to bring proceedings in the courts of the country in which you are habitually resident. This does not affect our right to bring proceedings in England and Wales.
Write to applications@keremalbayrak.com. We acknowledge complaints within 5 working days and aim to resolve within 30 days. Unresolved complaints can be escalated to the ICO (for data matters) or pursued through the courts (for contractual disputes).
For applications, data rights requests, and legal correspondence, write to applications@keremalbayrak.com or to Kerem Albayrak, 10 Brock Street, London, NW1 3FG, United Kingdom. We respond within five working days. Urgent issues are escalated promptly.