Privacy Policy

Last Updated: 15 October 2025

1. Introduction

Alertomate ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email alert service ("the Service"). Please read this Privacy Policy carefully.

This Privacy Policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller

For the purposes of data protection law, the data controller is Alertomate. You can contact us at:

Email: [email protected]

3. Information We Collect

3.1 Information You Provide

We collect information that you provide directly to us:

Account Information: Email address for account creation and authentication
Statement Data: The statements and alert criteria you create and monitor
Payment Information: Payment details processed through Stripe (we do not store full payment card details on our servers)
Communications: Any messages or correspondence you send to us

3.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

Usage Data: Information about how you interact with the Service, including pages visited, features used, and time spent
Device Information: Browser type, operating system, IP address, and device identifiers
Local Storage: We use browser local storage to save information on your device (see Section 9)
Log Data: Server logs that may include IP addresses, browser types, and access times

3.3 AI Processing Data

When processing your statements, our Service uses third-party AI services (including Google's Gemini API). Your statement text may be sent to these services for analysis. Please see Section 7 for more information about third-party data processing.

4. Legal Basis for Processing (UK GDPR)

We process your personal data on the following legal bases:

Contract Performance: Processing necessary to provide the Service you've subscribed to
Legitimate Interests: To improve our Service, prevent fraud, and ensure security
Legal Obligations: To comply with applicable laws and regulations
Consent: Where you have given explicit consent for specific processing activities

5. How We Use Your Information

We use the information we collect to:

Provide, maintain, and improve the Service
Process your statements using AI technology and send email alerts
Process payments
Communicate with you about the Service, including service updates and security alerts
Respond to your comments, questions, and customer service requests
Monitor and analyze usage patterns and trends
Detect, prevent, and address technical issues, fraud, and security vulnerabilities
Comply with legal obligations and enforce our Terms of Service

6. Email Communications

Service Emails: We will send you emails that are necessary for the Service to function, including alert notifications, account security notifications, and important service updates. These emails are transactional and necessary for contract performance.

Marketing Emails: With your explicit consent, we may send you marketing communications about new features or special offers. You can opt out of marketing emails at any time by clicking the unsubscribe link in any marketing email or by contacting us.

7. How We Share Your Information

We may share your information in the following circumstances:

7.1 Service Providers

Payment Processing: Stripe for payment processing (subject to Stripe's privacy policy)
AI Services: Google (Gemini API) for statement analysis and evaluation
Email Delivery: Email service providers for sending alert notifications
Hosting: Cloud infrastructure providers for hosting and data storage

7.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders or government agencies).

7.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your personal data is transferred.

7.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

8. International Data Transfers

Some of our service providers may be located outside the UK. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the UK Information Commissioner's Office
Adequacy decisions recognizing that certain countries provide adequate data protection
Other legally approved transfer mechanisms

9. Local Storage and Similar Technologies

We use browser local storage to store certain information on your device. Local storage is similar to cookies but stores data locally in your browser rather than being sent with every request.

Information Stored Locally:

Email Address: Saved for your convenience so you don't need to re-enter it on subsequent visits. You can clear this at any time by clearing your browser's local storage.
Statement Test Quota: Tracks your remaining statement tests and reset times to enforce rate limits and provide accurate quota information. This is necessary for the Service to function properly.

You can clear local storage data at any time through your browser settings. However, clearing this data may affect your experience using the Service (e.g., you'll need to re-enter your email address).

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption of data in transit using HTTPS/TLS
Encryption of sensitive data at rest
Regular security assessments and updates
Access controls and authentication mechanisms
Secure password hashing

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

11. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Active Accounts: Data retained while your account is active
Deleted Accounts: Most data deleted within 30 days of account deletion
Legal Requirements: Some data may be retained longer to comply with legal obligations
Backup Systems: Data in backup systems may be retained for up to 90 days

12. Your Rights Under UK GDPR

Under UK data protection law, you have the following rights:

Right of Access: Request copies of your personal data
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your personal data in certain circumstances
Right to Restrict Processing: Request that we limit how we use your data
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Rights Related to Automated Decision-Making: Although our Service uses AI, humans are involved in the process and you can request human review of automated decisions

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

13. Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: ico.org.uk

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice on our Service. The "Last Updated" date at the top of this page indicates when the policy was last revised.

15. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Email: [email protected]