Last updated: April 12, 2026
Privacy Policy
Altacee Digital Solutions ("Altacee", "we", "us", "our") respects your privacy and is committed to transparency about how we handle personal data. This policy explains what data we collect, the purposes for which we collect it, how we use and share it, and how you can exercise your rights.
1. Scope
This policy applies to all services operated by Altacee Digital Solutions, including the public marketing website (altacee.com), the product application (app.altacee.com), the administrator console, and the data-subject rights portal (rights.altacee.com). It covers personal data collected directly from visitors, prospective customers, and registered users.
For customers who have deployed Altacee to process data on behalf of their own end-users, Altacee acts as a data processor and the customer is the data controller. In those cases, the customer's own privacy notices govern how their end-users' data is handled, and Altacee's obligations are set out in the Data Processing Agreement (DPA). This policy does not apply to data processed in the processor capacity.
2. Data we collect
We collect personal data in three broad categories:
Account and identity data
When you register for a trial, subscribe, or contact us, we collect your name, work email address, employer name, job title, and (if you complete a purchase) billing contact details. We do not store full payment card numbers; card processing is handled by a PCI-DSS-compliant payment processor under their own security controls.
Usage and telemetry data
As you interact with our website and product, we automatically collect technical data including your IP address, approximate geolocation derived from IP, browser type and version, operating system, referring URL, pages viewed, and session duration. Within the product, we collect event data about feature usage — for example, which journeys you create, which dashboards you view, and errors that occur — to power product analytics and detect abuse. Where possible, this data is pseudonymised or aggregated before storage.
Customer data (processor capacity)
If you are a paying customer, the data you configure Altacee to ingest, process, and act on (for example, end-user profiles, behavioural events, email addresses for campaign delivery) is customer data. Altacee processes this data only on your documented instructions and does not use it for its own commercial purposes. This category is governed by the DPA rather than this policy.
3. How we use it
We use personal data for the following purposes:
- Service delivery — provisioning accounts, authenticating users, sending transactional communications (receipts, onboarding emails, security alerts).
- Product improvement — analysing aggregated usage patterns to prioritise features and fix reliability issues.
- Marketing communications — where you have opted in or where we have a legitimate interest, sending product updates, webinar invitations, and industry content. You may unsubscribe at any time.
- Security and fraud prevention — detecting brute-force attacks, unusual access patterns, and abuse of free-tier resources.
- Legal and regulatory compliance — responding to lawful requests from public authorities, meeting our tax and audit obligations, and enforcing our Terms of Service.
- Customer support — diagnosing issues you report and providing resolution.
We do not sell personal data to third parties. We do not use personal data to make automated decisions with legal or similarly significant effects without human review.
4. Legal bases (GDPR Art. 6)
For individuals in the European Economic Area, the United Kingdom, and Switzerland, we rely on the following legal bases:
- Contract (Art. 6(1)(b)) — processing necessary to perform our contract with you, including account management, service delivery, and billing.
- Legitimate interests (Art. 6(1)(f)) — product analytics, security monitoring, and direct marketing to existing customers, where our interests are not overridden by your rights. You may object at any time.
- Consent (Art. 6(1)(a)) — placing non-essential cookies and sending marketing communications to prospects. You may withdraw consent at any time without affecting the lawfulness of prior processing.
- Legal obligation (Art. 6(1)(c)) — tax, audit, and anti-money-laundering requirements.
For special-category data (Art. 9), we do not intentionally collect such data. If any is inadvertently included in customer data, it is processed under the customer's legal basis as controller.
5. Data sharing
We share personal data only in the following circumstances:
- Sub-processors — cloud infrastructure, CDN, billing, error monitoring, and email delivery providers listed on our Sub-processors page. Each sub-processor is bound by data processing agreements and standard contractual clauses where required.
- Professional advisers — lawyers, auditors, and accountants under confidentiality obligations.
- Law enforcement and regulators — when required by applicable law, court order, or to protect the rights or safety of persons. Where permitted, we will notify you before complying.
- Business transfers — in the event of a merger, acquisition, or sale of assets, personal data may be transferred to a successor entity under equivalent protections.
6. Data retention
We retain personal data for as long as necessary to fulfil the purposes above, unless a longer period is required by law.
| Data category | Retention period |
|---|---|
| Account data (active) | Duration of account |
| Account data (post-closure) | 90 days, then deleted |
| Financial and billing records | 7 years (legal minimum) |
| Security and audit logs | 12 months |
| Marketing preferences | Until unsubscribe or 3 years of inactivity |
Customer data in the processor capacity is retained according to the DPA and deleted or returned within 30 days of contract termination, unless a different period is agreed in writing.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, restrict, or port your personal data, to object to processing based on legitimate interests, and to withdraw consent where processing relies on consent. EEA/UK residents have these rights under GDPR/UK GDPR. California residents have rights under CCPA including the right to opt out of sale (we do not sell data). Indian residents have rights under the DPDP Act 2023.
To exercise any right, visit our Data Rights Portal or email [email protected]. We will respond within 30 days (GDPR), 45 days (CCPA), or the period required by applicable law. We will not charge a fee for reasonable requests.
8. International transfers
Altacee is headquartered in Bangalore, India, with infrastructure in the European Union and the United States. Personal data may be transferred to, and processed in, countries other than where you are located. Where transfers from the EEA or UK occur to countries without an adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission (2021/914) and, where required, the UK International Data Transfer Agreement (IDTA). Copies of applicable SCCs are available on request via [email protected].
9. Security
We implement technical and organisational measures commensurate with the risk, including TLS 1.3 encryption in transit, AES-256 encryption at rest, role-based access controls, mandatory multi-factor authentication for all staff, and regular third-party penetration testing. We hold SOC 2 Type II certification and are pursuing ISO 27001. Full details are on our Security page.
Despite these measures, no system is completely secure. If you believe your data has been compromised, please contact [email protected] immediately.
10. Changes to this policy
We may update this policy to reflect changes to our practices or applicable law. Material changes will be communicated to registered users by email at least 30 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of our services after the effective date constitutes acceptance of the revised policy.
11. Contact
Our Data Protection Officer can be reached at [email protected]. For formal correspondence: Altacee Digital Solutions, [Registered Address], Bangalore 560001, India. If you are dissatisfied with our response to a rights request, you have the right to lodge a complaint with your local supervisory authority (for EEA residents, the lead supervisory authority is determined by our EU establishment).