Legal
Privacy Policy
Last updated 1 July 2026
This policy explains what personal data Alphacroft collects, why, on what legal basis, and what rights you have over it. It is written to be read, not skimmed past.
1.Who we are
Alphacroft ('we') is the data controller for personal data processed through this website and our client platform. Contact for all privacy matters: hello@alphacroft.com.
2.What we collect, and why
Inquiry and project-intake data (name, work email, company, phone if provided, your project description, budget band, and files you attach): processed to respond to your inquiry and prepare proposals. Legal basis: pre-contractual steps taken at your request (GDPR Art. 6(1)(b)).
Client platform data (account details, project content, approvals, messages, invoices): processed to deliver contracted services. Legal basis: performance of contract (Art. 6(1)(b)); invoice records are additionally retained under legal obligation (Art. 6(1)(c)).
Job application data (CV, contact details, links, notes you provide): processed to evaluate your application. Legal basis: pre-contractual steps and legitimate interest in recruitment (Art. 6(1)(b), (f)). Declined applications are anonymized after 6 months unless you consent to a longer talent-pool retention.
Newsletter data (email address, confirmation and unsubscribe timestamps): processed only after double opt-in. Legal basis: consent (Art. 6(1)(a)), withdrawable in one click from any email.
Website analytics: we use privacy-focused, cookieless analytics that do not identify individuals or track you across sites.
3.What we deliberately don't do
We do not sell or rent personal data. We do not run third-party advertising trackers. We do not use your data to train machine-learning models. We do not send marketing to inquiry contacts without separate consent.
4.Processors we use
Hosting and infrastructure: Vercel (application), Neon (database), Cloudflare R2 (file storage). Email delivery: Resend. Payments: Stripe (card data is handled by Stripe and never touches our systems). Error monitoring: Sentry. Each processes data under a data-processing agreement, with EU residency selected where the provider offers it.
5.Retention
Inquiries and form submissions: up to 24 months, then anonymized. Declined job applications: 6 months, then anonymized (longer only with consent). Client project data: retained through the engagement, its warranty period, and 12 months after closure. Financial records: 10 years, as required by law. Audit and security logs: at least 24 months.
6.Your rights
You can request access to, correction of, or deletion of your personal data; restriction of or objection to processing; and a portable copy of data you provided. Write to hello@alphacroft.com. We respond within 30 days. Deletion requests are honored except where law requires retention (e.g. issued invoices), in which case we tell you exactly what remains and why. You also have the right to complain to your supervisory authority.
7.Status of this document
This policy is maintained in our version-controlled repository like the rest of the platform; the date above changes whenever the substance does. It is scheduled for external counsel review before commercial launch, and this line will be updated when that review completes. We don't claim reviews that haven't happened.
