Privacy Policy

1. Information We Collect

• Account Information: Email address, name, business name, billing address, country
• Authentication Data: Password (hashed and salted), 2FA settings, session tokens
• Payment Information: Processed securely through Stripe. We store only payment status, subscription ID, and customer ID. We never store credit card numbers.
• API Usage Data: API key IDs (hashed), request counts, rate limit metrics, IP addresses, timestamps
• Security Logs: Login attempts, IP addresses, failed authentication attempts, suspicious activity detection
• Device & Browser Data: User agent, browser type, operating system, device fingerprints (for security)
• IP Address Tracking: We collect and store IP addresses for security purposes, including:
  • • Preventing unauthorized access and account takeovers
  • • Detecting fraudulent activity and bot attacks
  • • Rate limiting to prevent brute force attempts
  • • Enabling multi-device session management
  • • IP addresses in session logs are retained for 90 days and then automatically deleted

2. How We Use Your Information

• Service Delivery: To provide access to trading signals, APIs, and dashboard features
• Authentication & Security: To verify your identity, prevent fraud, and protect against unauthorized access
• Billing & Payments: To process subscriptions and manage your account billing status
• Rate Limiting & Abuse Prevention: To enforce fair usage policies and prevent data theft
• Analytics & Improvements: To analyze usage patterns and improve our Services (aggregated data only)
• Legal Compliance: To comply with legal obligations, enforce our Terms, and protect our rights

3. Data Security & Protection

• Encryption: All data transmitted via HTTPS/TLS. Passwords are hashed using bcrypt with unique salts.
• API Key Security: API keys are hashed and salted before storage. We cannot recover your original API key.
• Watermarking & Fingerprinting: All trading data is uniquely watermarked per API key to detect and prevent unauthorized sharing or leaks.
• Access Controls: Admin access requires database-backed authentication, session verification, and IP allowlisting.
• Audit Logging: All admin actions and security events are logged for forensic analysis.
• Session Security: Sessions expire after 14 days. Multi-device tracking prevents unauthorized access.

4. Data Sharing & Third Parties

• Payment Processing: Stripe (PCI DSS compliant) processes all payments. See Stripe Privacy Policy.
• Email Services: Resend.com for transactional emails (password resets, verification). See Resend Privacy Policy.
• No Data Selling: We NEVER sell, rent, or share your personal information with third parties for marketing purposes.
• Legal Requirements: We may disclose information if required by law, court order, or to protect our legal rights.

5. Data Retention

• Active Accounts: Your data is retained as long as your account is active.
• Deleted Accounts: Upon account deletion, personal data is permanently removed within 30 days, except where retention is required by law.
• Security Logs: Security and audit logs may be retained for up to 90 days for fraud prevention and legal compliance.
• Billing Records: Payment records retained for 7 years to comply with tax and accounting regulations.

6. Your Privacy Rights

• Access: Request a copy of your personal data by contacting alphanetworksai@gmail.com
• Correction: Update your account information from your dashboard settings
• Deletion: Request account deletion by emailing alphanetworksai@gmail.com (subject to legal retention requirements)
• Data Portability: Request export of your data in machine-readable format (JSON/CSV)
• Opt-Out: Unsubscribe from marketing emails via the link in any email footer

Note: Beta users acknowledge that account deletion requests may take up to 30 days to process and that some data may be retained for legal, security, or fraud prevention purposes.

7. GDPR & International Users

• Data Controller: Alpha Networks LLC (Oregon, USA)
• Legal Basis: We process data based on contract performance, legitimate interests, and legal obligations
• International Transfers: Your data may be transferred to and stored in the United States. By using our Services, you consent to such transfers.
• EU/UK Rights: EU/UK users have additional rights under GDPR, including the right to object, restrict processing, and lodge complaints with supervisory authorities.

8. Cookies & Tracking

• Essential Cookies: Session authentication, security tokens (required for service operation)
• Security Cookies: Device fingerprinting for fraud detection and unauthorized access prevention
• No Analytics Cookies: We do not use third-party analytics or advertising cookies

9. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us immediately at alphanetworksai@gmail.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or dashboard notification. Continued use of the Services after changes constitutes acceptance of the updated policy.

11. Contact Us