Privacy Policy
This Privacy Policy explains what information altengine collects, how we use and share it, and the choices and rights you have. It applies to our website and the Search and Channel APIs (the “Services”). altengine (“altengine,” “we,” “us”) is the entity responsible for the personal information described in this policy and is based in Texas, United States.
Our role: controller and processor
For information about your account, billing, and use of the Services, we act as a data controller and decide how and why it is processed. For Your Content — the data you submit through the Search and Channel APIs — we act as a data processor (or “service provider”) that processes it on your behalf and on your documented instructions. You are the controller of Your Content and are responsible for having a lawful basis to collect it and for honoring the rights of the individuals it concerns. If you require a data processing agreement (DPA), contact privacy@altengine.net.
Information we collect
- Account information — your name, email, organization, and authentication details when you sign up.
- Billing information — billing contact and payment details, processed by our payment provider (Stripe). We receive limited transaction and card-metadata information; we do not store full card numbers.
- Your Content — the documents, messages, and configuration you send to the Services in order to use them, including any personal data you choose to include.
- Usage and diagnostics — request metadata, rate and volume metrics, timestamps, and error logs used to operate, secure, meter, and bill the Services.
- Device and connection data — IP address, browser or client type, and similar technical information collected automatically when you use the website or APIs.
How we use information and our legal bases
We use information to provide, maintain, and improve the Services; to meter usage and process billing; to secure the platform and prevent abuse; and to communicate with you about your account and service changes. Where the EU/UK GDPR applies, we rely on the following legal bases:
- Performance of a contract — to create your account and provide the Services you request.
- Legitimate interests — to secure, monitor, and improve the Services and prevent abuse, balanced against your rights.
- Legal obligation — to keep accounting and tax records and comply with law.
- Consent — where required, for example for certain communications; you may withdraw consent at any time.
We do not sell or “share” your personal information, we do not use Your Content to train AI models, and we do not use it for advertising.
Cookies
Our website uses only cookies strictly necessary to keep you signed in, maintain security (such as CSRF protection), and remember basic preferences. We do not use third-party advertising or cross-site tracking cookies.
How we share information
We share information only with service providers (sub-processors) who help us operate the platform, under contracts that require them to protect it and use it only for that purpose. Our current sub-processors include:
- Cloudflare — edge hosting, compute, database storage, and network security.
- Stripe — payment processing and billing.
- Our email provider — transactional and account email.
We may also disclose information when required by law or valid legal process, to enforce our terms, to protect the rights, safety, and security of altengine, our customers, or the public, or in connection with a merger, acquisition, or sale of assets (with notice where required). We do not sell personal data.
International transfers
We and our sub-processors may process data in the United States and other countries, which may have different data-protection laws than yours. Where we transfer personal data from the European Economic Area, the United Kingdom, or Switzerland, we use appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum), together with additional measures where required.
Data retention
We retain account and billing records for as long as your account is active and thereafter as needed to comply with legal, tax, and accounting obligations (generally up to seven years for financial records). Usage and diagnostic logs are retained for a limited period for operational and security purposes. You can delete Your Content through the Services; deleted content is removed from active systems promptly and purged from backups on a rolling schedule, typically within 30–90 days, unless retention is required by law.
Security
We protect data in transit and at rest (including encryption of sensitive credentials), scope access with least-privilege and short-lived credentials, and monitor for abuse. No system is perfectly secure, but security is a first-class part of how the Services are built. If we become aware of a personal-data breach that affects you, we will notify you and the relevant authorities as required by applicable law.
Your privacy rights
Depending on your location, you may have rights to access, correct, delete, export (port), restrict, or object to the processing of your personal information, and to withdraw consent where processing is based on consent. To exercise these rights, email privacy@altengine.net. We will verify your request and respond within the time required by applicable law. You will not be discriminated against for exercising your rights. If your request concerns Your Content that we process on behalf of a customer, we will refer the request to that customer as the controller.
If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data-protection supervisory authority.
California privacy rights
If you are a California resident, the CCPA/CPRA gives you the right to know the categories and specific pieces of personal information we collect, to request deletion or correction, and to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined, and we do not knowingly process the sensitive personal information of consumers for prohibited purposes. To exercise your rights, email privacy@altengine.net; you may use an authorized agent, and we will not discriminate against you for exercising these rights.
Children's privacy
The Services are intended for businesses and developers and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.
Automated decision-making
We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you without human involvement.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected in the “Last updated” date above and, where appropriate, communicated to you directly. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.
Contact
Privacy questions or requests? Email privacy@altengine.net. For EU/UK matters, our representative can be reached at the same address. [If you appoint an Article 27 EU/UK representative, list their name and address here.]
This document is a general template, not legal advice, and contains bracketed placeholders that must be completed. Have qualified counsel review and adapt it — including sub-processor lists, retention periods, and jurisdiction-specific requirements — before relying on it in production.