Privacy Policy

1. Introduction

AltoaX Limited ("we," "us," "our," or "AltoaX") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Platform. Please read this carefully. If you do not agree with our policies, please do not use our Platform.

2. Information We Collect

We collect information you voluntarily provide, such as name, email address, company, job title, telephone number, and billing information during registration and account setup. We also collect information you upload to the Platform, including documents, data files, and reports. Automatically collected information includes IP address, browser type, operating system, device identifiers, access times, pages visited, referring URLs, and usage patterns.

3. Use of Your Information

We use your information to: provide, maintain, and improve the Platform; process transactions and send related information; send administrative and marketing communications (with your consent); analyse usage patterns and improve features; comply with legal obligations; detect, investigate, and prevent fraud and security issues; enforce these Terms and our agreements; and protect our legal rights.

4. Data Processing and Lawful Basis

Under GDPR, we process your personal data based on: contract (to provide Platform services); legitimate interests (to improve services and prevent fraud); compliance with legal obligations; and consent (for marketing communications). For sensitive data, we rely on explicit consent or legal obligations. You may withdraw consent at any time by contacting contact@altoax.com.

5. Data Security and Protection

We implement industry-standard technical and organisational security measures to protect your data, including encryption (TLS/SSL), access controls, firewalls, and intrusion detection. Our infrastructure is hosted on secure cloud servers with redundancy. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain personal data for as long as necessary to provide the Platform and fulfil the purposes outlined in this Policy. Customer data is retained during the subscription period and for 30 days after termination (allowing data export). We retain usage logs for 90 days, marketing data until you unsubscribe, and legal/compliance data as required by law (typically 7 years). You may request data deletion subject to legal retention requirements.

7. Third-Party Sharing

We do not sell your personal data to third parties. We may share information with: service providers (cloud hosting, payment processing, analytics) who are contractually bound by confidentiality; legal authorities when required by law; and professional advisors (legal, audit, tax). All third parties are required to maintain data protection standards equal to or exceeding our own.

8. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to enhance your experience, analyse usage patterns, deliver personalised content, and improve security. Essential cookies are required for Platform functionality. Analytical cookies help us understand how users interact with the Platform. Marketing cookies enable targeted advertising. You can control cookie preferences through your browser settings, though this may affect Platform functionality. We respect "Do Not Track" signals where applicable.

9. Your Rights Under GDPR

If you are in the EU/EEA, you have the right to: access your personal data; correct inaccurate data; delete data ("right to be forgotten"); restrict processing; object to processing; data portability; withdraw consent; and lodge complaints with supervisory authorities. To exercise these rights, contact contact@altoax.com. We will respond within 30 days.

10. International Data Transfers

Your information may be transferred to, stored in, and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) with service providers. By using the Platform, you consent to such transfers.

11. Sub-processors and Cloud Hosting

We use cloud infrastructure providers to host the Platform and process data. These sub-processors are contractually obligated to maintain data protection standards. A list of current sub-processors is available at contact@altoax.com. We notify customers of any material changes to sub-processors.

12. Data Processing Agreement (DPA)

For enterprise customers in the EU/EEA, we provide a Data Processing Agreement (DPA) that governs how we process personal data on your behalf. The DPA includes Standard Contractual Clauses and complies fully with GDPR Article 28. Request a DPA by emailing contact@altoax.com.

13. Third-Party Links

The Platform may contain links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party sites before providing personal information.

14. Children's Privacy

The Platform is not intended for users under 18 years old. We do not knowingly collect personal information from children. If we become aware that a child has provided information, we will delete such data promptly and comply with applicable laws.

15. Changes to Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or prominent notice on the Platform at least 30 days before taking effect. Your continued use of the Platform indicates acceptance of the revised Policy.

16. Contact and Data Protection Officer

If you have privacy questions or wish to exercise your rights, contact us at contact@altoax.com. For GDPR-related inquiries, you may also contact our Data Protection Officer at contact@altoax.com. See our company details in the footer for full contact information and registered office address.