Alfera Inc. ("Alfera," "we," "us," or "our") operates the Alfera platform and related services (collectively, the "Services"). This Privacy Notice explains how we collect, use, disclose, and protect your personal data when you use our Services, including our website at https://alfera.ai. We are committed to transparency and compliance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the EU-U.S. Data Privacy Framework (DPF).
1. What personal data does Alfera collect and why?
We collect personal data to provide, secure, and improve our Services. The table below summarizes the broad categories of personal data we collect and the purposes for which we use them.
| Broad Category | Examples | Purposes |
|---|---|---|
| Account and profile information | Name, email address, company name, job title | Account creation, authentication, support, product personalization |
| Usage and product data | Feature usage, logs, session data, interactions with AI employees | Service delivery, analytics, product improvement, security |
| Payment and billing information | Billing address, payment method details (processed by payment providers) | Billing, invoicing, fraud prevention |
| Communications | Support tickets, emails, chat transcripts | Customer support, quality assurance |
| Device and technical data | IP address, browser type, device identifiers | Security, analytics, compatibility |
Voluntary information
You provide personal data voluntarily when you create an account, fill out forms, contact support, or otherwise interact with our Services. This includes information such as your name, email address, company details, and any content you submit.
Automatic information
We automatically collect certain information when you use our Services, including IP address, browser type, operating system, referring URLs, pages visited, and timestamps. We use this data for security, analytics, and to improve our Services.
Third-party sources
We may receive personal data from third parties, such as identity providers (e.g., Google, Microsoft) when you sign in with SSO, marketing partners, or publicly available sources. We use this information to enrich your profile and improve our Services.
Sensitive data
We do not intentionally collect sensitive personal data (e.g., health information, racial or ethnic origin, political opinions, religious beliefs) unless you provide it in the course of using our Services (e.g., in support tickets or content processed by AI employees). Where we process sensitive data, we do so only with your explicit consent or as permitted by law.
2. Who does Alfera share my personal data with?
We share personal data only as necessary to operate our Services and as described in this Privacy Notice. We do not sell your personal data for monetary consideration.
Business purpose sharing
| Category of recipient | Purpose |
|---|---|
| Cloud and infrastructure providers | Hosting, storage, and delivery of our Services |
| Payment processors | Processing payments and subscriptions |
| Analytics and monitoring providers | Understanding usage, performance, and security |
| Customer support tools | Managing support requests and communications |
| AI and machine learning providers | Powering AI employee capabilities |
Commercial purpose sharing (CCPA)
| Category of recipient | Commercial purpose |
|---|---|
| Advertising and marketing partners | Delivering relevant ads and measuring campaign effectiveness (where applicable) |
| Data analytics providers | Aggregated insights and product improvement (data typically de-identified) |
We require our service providers to use personal data only for the purposes we specify and in accordance with our instructions and applicable law.
3. Legal basis for processing personal data
Where the GDPR applies, we process personal data on the following legal bases:
- Contract: To perform our contract with you (e.g., providing the Services you have subscribed to).
- Legitimate interests: To operate, secure, and improve our Services, prevent fraud, and communicate with you, where our interests are not overridden by your rights.
- Consent: Where we have obtained your consent for specific processing (e.g., marketing communications, optional features).
- Legal obligation: To comply with applicable laws, regulations, or legal processes.
4. Cookies and similar tracking technology
What are cookies?
Cookies are small text files stored on your device when you visit our website. They help us recognize you, remember your preferences, and understand how you use our Services.
Why do we use cookies?
We use cookies for essential functions (e.g., authentication, security), to remember your settings, to analyze how our website is used, and to deliver relevant content. Some cookies are set by us; others may be set by third-party services we use.
What about other tracking technologies?
In addition to cookies, we may use similar technologies such as local storage, session storage, pixel tags, and SDKs. These serve similar purposes and are subject to the same controls described in this section.
How can you control cookies?
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that blocking certain cookies may affect the functionality of our Services. You can also use our cookie preference center (where available) to manage your preferences.
5. How does Alfera keep my personal data secure?
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption in transit and at rest, access controls, regular security assessments, and employee training. We also require our service providers to maintain appropriate security measures.
6. International data transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. Data Privacy Framework, Standard Contractual Clauses, or other mechanisms approved by applicable data protection authorities.
7. Data retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law. When we no longer need the data, we securely delete or anonymize it. Account data is typically retained for the duration of your account plus a reasonable period thereafter for legal and operational purposes.
8. Your data protection rights
Depending on your location, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete personal data.
- Erasure: Request deletion of your personal data, subject to certain exceptions.
- Restriction: Request that we limit processing of your personal data in certain circumstances.
- Portability: Request a copy of your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests or for direct marketing.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
- Opt-out of sale/sharing (CCPA): California residents may opt out of the "sale" or "sharing" of personal information (as defined under CCPA).
- Non-discrimination (CCPA): We will not discriminate against you for exercising your privacy rights.
To exercise these rights, contact us at privacy@alfera.ai. You may also have the right to lodge a complaint with a supervisory authority in your country.
9. Data Privacy Framework Participation
Alfera Inc. participates in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF). We adhere to the DPF Principles with respect to personal data received from the European Union, United Kingdom, and Switzerland.
9.1 Scope
Our DPF participation covers personal data transferred from the EEA, UK, and Switzerland to the United States in connection with our Services.
9.2 Principles
We comply with the DPF Principles: Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability.
9.3 Notice
We provide notice about our data practices through this Privacy Notice and at the point of collection.
9.4 Choice
We offer choice regarding the use and disclosure of personal data for purposes incompatible with those for which it was originally collected, where required by the DPF.
9.5 Accountability for onward transfer
When we transfer personal data to third parties, we ensure they provide the same level of protection as required by the DPF, or we use a valid transfer mechanism.
9.6 Security
We implement appropriate measures to protect personal data against loss, misuse, and unauthorized access.
9.7 Data integrity and purpose limitation
We collect personal data only for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
9.8 Access
Individuals have the right to access their personal data and correct, amend, or delete it where inaccurate.
9.9 Recourse
Individuals may submit complaints to us at dpo@alfera.ai. We will investigate and respond within 45 days.
9.10 Independent dispute resolution
We have committed to refer unresolved complaints to an independent dispute resolution mechanism. EU, UK, and Swiss individuals may contact their local data protection authority for assistance.
9.11 Binding arbitration
Under certain conditions, you may be entitled to invoke binding arbitration for unresolved complaints, as provided in Annex I of the DPF Principles.
9.12 U.S. Federal Trade Commission enforcement
Our compliance with the DPF is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
9.13 Liability
In cases of onward transfer to third parties, we remain liable under the DPF Principles if our agents process personal data in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.
9.14 Supplemental principles
We adhere to any supplemental principles adopted by the U.S. Department of Commerce in connection with the DPF.
10. Updates to this Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in our practices, legal requirements, or the Services. We will notify you of material changes by posting the updated notice on our website and updating the "Last updated" date. We encourage you to review this notice periodically.
11. How to contact us
If you have questions about this Privacy Notice or our data practices, please contact us:
- Alfera Inc.
- Address: 2611, 1007 N Orange St. 4th Floor, Wilmington, DE, New Castle, USA, 19801
- Privacy: privacy@alfera.ai
- Data Protection Officer: dpo@alfera.ai
- General inquiries: hello@alfera.ai