alpha
Docs Open the app
← Back to Legal

Legal

Privacy Policy

Effective May 25, 2026

1. Overview

This Privacy Policy explains how [Legal Entity Name] ("we", "us", "our") collects, uses, shares, and protects personal information in connection with the Alpha service (the "Service"). It applies to information we process when an organization subscribes to the Service and when individual users access the Service on behalf of that organization.

Alpha is a business-to-business product. The Service is intended for use by personnel of subscribing organizations (our "Customers"), and we generally process information at our Customers' direction. If you interact with the Service as an employee, contractor, or authorized user of a Customer, the Customer is the "controller" or "business" of your information and you should direct privacy inquiries to them in the first instance; this Policy describes our own practices.

2. Information we collect

Account and identity

When a Customer creates an organization and invites users, we collect names, work email addresses, role assignments, and authentication identifiers issued by our identity provider.

Customer Content

The Service is designed to let our Customers record information about their own operations. This may include records of their customers, locations, projects, job site visits (including check-in / check-out timestamps and geolocation when a user chooses to share it), comments, attachments uploaded to the Service, and data synced from connected third-party services (such as QuickBooks Online or Google Drive). We refer to this collectively as "Customer Content."

Usage data

We collect technical information automatically when users access the Service, including IP address, device and browser type, pages and features used, and timestamps. This information helps us operate, secure, and improve the Service.

Communications

When you contact us by email or through a support form, we receive the content of your message, your email address, and any other information you choose to provide.

3. How we use information

  • To provide, maintain, and improve the Service;
  • To authenticate users and protect accounts;
  • To respond to support requests and communicate about the Service;
  • To monitor and improve performance, detect and prevent abuse, fraud, or security incidents;
  • To comply with legal obligations and enforce our agreements; and
  • For any other purpose disclosed to you at the time of collection or with your consent.

We do not sell personal information, and we do not "share" personal information for cross-context behavioral advertising as those terms are defined under California law. We do not use Customer Content to train artificial-intelligence models for use outside of the Service.

4. How we share information

Service providers (sub-processors)

We use a small set of vendors to operate the Service. They process information on our behalf, under written contracts that require confidentiality and limit them to processing for the purposes we specify:

  • Amazon Web Services (AWS) — cloud infrastructure, including compute, storage, database, identity (Cognito), and content delivery. Hosts the Service and stores Customer Content.
  • QuickBooks Online (Intuit) — when a Customer connects QuickBooks, we exchange data with QuickBooks to read and link records the Customer designates.
  • Google Drive — when a Customer connects Google Drive, we read and write files within the scope authorized by the Customer.

We may engage additional sub-processors from time to time to support, secure, or improve the Service. When we do, we will update this Policy and, on request, provide Customers with the current sub-processor list. Sub-processors are bound by contractual obligations consistent with those described here.

At our Customers' direction

Customers control their own organizations within the Service and may share Customer Content with users they invite, with connected third-party services, or with parties they otherwise direct us to share with.

Legal and protective

We may disclose information when we believe in good faith that disclosure is required by law, subpoena, court order, or other legal process; necessary to investigate or prevent fraud, security incidents, or other harm; or appropriate to protect the rights, property, or safety of [Legal Entity Name], our Customers, or others.

Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction, subject to the commitments in this Policy.

5. Data retention

We retain account information and Customer Content while a Customer's subscription is active. When a subscription ends, we retain Customer Content for a limited transition period and then delete it from active systems. Residual copies may persist in routine backups for a further limited period before being overwritten in the ordinary course of backup rotation. We retain limited records (such as billing and transaction history) for longer where required to comply with tax, accounting, or other legal obligations. The specific transition and backup-rotation periods in effect from time to time are described in our Data Processing Addendum or made available on request.

6. Security

We use industry-standard administrative, technical, and physical safeguards to protect information against loss, misuse, and unauthorized access. Examples include encryption in transit (TLS), encryption at rest for stored Customer Content, role-based access controls, and continuous monitoring. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.

If we become aware of a personal-data breach affecting Customer Content, we will notify the affected Customer without undue delay and cooperate with the Customer to investigate and mitigate the incident, as further described in our Data Processing Addendum.

7. Your choices and rights

You may access and update most of your account information from within the Service. To request access to, correction of, or deletion of personal information we hold about you, contact us at legal@alpha.example. Where you are a user of a Customer's organization, we will typically refer deletion or access requests to that Customer.

8. California residents

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), provides you with the rights described below with respect to personal information we collect about you as a "business."

Categories of personal information collected

In the twelve months preceding the Effective date above, we have collected the following categories of personal information about California residents:

  • Identifiers — name, work email, authentication identifiers, IP address. Collected from the user or the Customer; used to provide and secure the Service; shared with the sub-processors listed in Section 4.
  • Commercial information — records of subscriptions and billing history. Collected from the Customer; used to administer the subscription; retained for legal and accounting purposes.
  • Internet or network activity — device and browser type, pages and features used, timestamps. Collected automatically through the Service; used to operate, secure, and improve the Service.
  • Geolocation data — when a user voluntarily checks in to a job site, the approximate location associated with that check-in. Collected from the user's device with the user's permission; used to provide the field- operations features the Customer has configured; visible only within the Customer's organization. Precise geolocation is treated as sensitive personal information; we do not use or disclose it for any purpose beyond providing the Service the Customer has configured.
  • Professional or employment-related information — role assignments and work-related content uploaded by the user or the Customer. Collected from the user or the Customer; used to operate the Service.
  • Inferences — none drawn for profiling purposes.

We do not sell personal information and do not share it for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA without notice.

Your rights

  • Right to know. You may request the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
  • Right to correct. You may request that we correct inaccurate personal information we maintain about you.
  • Right to delete. You may request that we delete personal information we have collected from you, subject to certain exceptions.
  • Right to limit use of sensitive information. We do not use or disclose sensitive personal information beyond the purposes permitted under the CCPA/CPRA without notice.
  • Right to opt out of sale or sharing. We do not sell personal information or share it for cross-context behavioral advertising, so there is nothing to opt out of.
  • Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise a right, email legal@alpha.example. We may need to verify your identity before responding. You may also designate an authorized agent to make a request on your behalf, subject to verification.

9. Workforce monitoring and Customer responsibilities

The Service includes features (such as check-in, check-out, and worksite presence) that may be used by a Customer to monitor employees, contractors, or other workforce members. When a Customer uses these features, the Customer is the "controller" or "business" of the resulting personal information and is solely responsible for:

  • Determining the legality and proportionality of workforce monitoring in the Customer's jurisdiction;
  • Providing all notices required by applicable employment, labor, or privacy law (including, where applicable, written notice of electronic monitoring under state laws such as New York Labor Law §52-c, Connecticut General Statutes §31-48d, and the Illinois Biometric Information Privacy Act);
  • Obtaining any consent required by applicable law from workforce members before enabling monitoring features; and
  • Configuring the Service in a manner consistent with the Customer's notices, consents, and applicable law.

The Service may not be used for covert surveillance, off-duty tracking, or any other use prohibited by applicable law. [Legal Entity Name] provides the Service as a tool; the Customer determines how and for what purposes the tool is used.

10. Children

The Service is not directed to anyone under the age of 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a person under 18, contact us and we will delete it.

11. International users

The Service is operated from the United States and is intended for use within the United States. If you access the Service from outside the United States, you do so on your own initiative and are responsible for compliance with local law. By using the Service, you consent to the transfer of your information to the United States.

12. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will update the "Effective" date above and, where appropriate, provide notice through the Service or by email. The updated Policy will apply to your use of the Service from the new Effective date forward.

13. Contact us

[Legal Entity Name]
[Mailing Address]
legal@alpha.example