Privacy Policy

Our privacy policy and how we use your data

Last updated: December 2024

1. Introduction

Welcome to ALTYAA ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered reputation management platform and related services (collectively, the "Service"). We are committed to protecting your privacy and ensuring transparency about our data practices. By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information in several ways to provide and improve our Service:

2.1 Account Information

When you create an account, we collect:

  • Full name and display name
  • Email address
  • Password (encrypted and hashed)
  • Business name, address, and contact information
  • Payment and billing information (processed securely via Stripe)

2.2 Third-Party Platform Data

When you connect your business profiles, we access data from these platforms with your authorization:

  • Google Business Profile: Business information, reviews, ratings, and responses
  • Meta (Facebook/Instagram): Page information, reviews, recommendations, messages, comments, and page insights
  • TikTok: Business account information, comments, and mentions

2.3 Usage and Technical Data

We automatically collect certain information when you use our Service, including IP address, browser type and version, device information, operating system, pages visited and features used, date and time of access, and referral URLs. This data helps us improve our Service and ensure security.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain our reputation management Service, including monitoring reviews, generating AI-powered responses, and providing analytics
  • To process payments and manage your subscription
  • To communicate with you about your account, service updates, and respond to your inquiries
  • To analyze usage patterns and improve our Service, including training and improving our AI models
  • To detect, prevent, and address technical issues, fraud, and security threats
  • To comply with legal obligations and enforce our terms of service

4. Third-Party Platform Integrations

Our Service integrates with third-party platforms to provide reputation management features. Each integration is subject to that platform's terms of service and privacy policy.

4.1 Google Business Profile

We use Google's APIs to access your business profile data. Our use of Google user data is limited to the practices explicitly disclosed in this privacy policy. We comply with Google API Services User Data Policy, including the Limited Use requirements.

Data accessed includes:

  • Business profile information (name, address, categories)
  • Customer reviews and ratings
  • Your review responses

4.2 Meta (Facebook/Instagram)

We access your Meta Business Profile data through Meta's Graph API. We comply with Meta's Platform Terms and Developer Policies.

Data accessed includes:

  • Facebook Pages and Instagram Business accounts you manage
  • Reviews, recommendations, and ratings
  • Messages and comments (only with your explicit consent)
  • Page insights and analytics

When using Page Insights, ALTYAA and Meta act as joint data controllers. You can review Meta's Page Controller Addendum for more information about this arrangement.

4.3 TikTok

We integrate with TikTok's Business API to monitor and manage your TikTok business presence. We access business account information, comments, and mentions in accordance with TikTok's API Terms of Service.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: We share data with trusted third-party service providers who assist us in operating our Service (e.g., cloud hosting, payment processing, analytics). These providers are contractually obligated to protect your data.
  • Connected Platforms: When you use our Service to respond to reviews or post content, that data is shared with the respective platform (Google, Meta, TikTok).
  • Legal Requirements: We may disclose your information if required by law, court order, or government request, or to protect the rights, property, or safety of ALTYAA, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes described in this policy. Specific retention periods include:

Data TypeRetention Period
Account DataWhile active + 30 days
Platform DataSubscription duration + 90 days
Usage LogsUp to 12 months
Billing RecordsUp to 7 years (legal requirement)

7. Data Security

We implement industry-standard security measures to protect your information:

Encryption

TLS 1.3 in transit, AES-256 at rest

Access Controls

RBAC and Row-Level Security

Monitoring

24/7 security monitoring

MFA

Multi-factor authentication available

8. Your Privacy Rights

8.1 Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request that we limit how we use your data
  • Right to Data Portability: Request your data in a machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your data

8.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, used, disclosed, and sold
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale or sharing of your personal information. Note: We do not sell your personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

We do not sell personal information as defined by the CCPA/CPRA. We do not share personal information for cross-context behavioral advertising.

9. Data Deletion

You may request deletion of your personal data at any time by contacting us at privacy@altyaa.com or through your account settings. Upon receiving a valid deletion request, we will delete or anonymize your personal data within 30 days, unless we are legally required to retain it.

For users who connected via Meta (Facebook/Instagram), we implement Meta's Data Deletion Request Callback. When you request deletion through Meta's app settings, we will automatically receive and process your deletion request, providing you with a confirmation code and status URL.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience, analyze usage, and serve targeted advertisements. You can control cookie preferences through your browser settings or our cookie consent banner.

For detailed information about the cookies we use, please see our Cookie Policy.

11. Children's Privacy

Our Service is not intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@altyaa.com, and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your data remains protected.

15. Legal Basis for Processing (GDPR)

Under the GDPR, we process your personal data based on the following legal bases:

  • Contract Performance: Processing necessary to provide our Service to you as agreed in our Terms of Service
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, connecting third-party platforms)
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our Service, fraud prevention, and security, provided these interests are not overridden by your rights
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date. For significant changes, we may also send you an email notification. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: privacy@altyaa.com

Address: [Your Business Address]