Alephic, LLC Privacy Policy

Last Updated: April 22, 2025

Introduction and Scope

Alephic, LLC is committed to protecting personal data and complying with all applicable privacy laws. This Privacy Policy explains how Alephic, LLC (“we”, “us”, “our”) collects, uses, and discloses personal information in the course of providing AI-first technology solutions for enterprise marketing organizations—including engineering and deploying proprietary AI systems that transform unstructured marketing data into actionable insights and automate complex marketing processes. It also describes the rights individuals have regarding their personal data. This Policy is designed to meet international standards, including the EU/UK General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and other applicable laws. We align our practices with industry frameworks such as SOC 2 to ensure robust privacy and security controls.

B2B Services - No Data Sale or Sharing: Alephic, LLC primarily provides business-to-business services (developing and implementing custom AI solutions for enterprise marketing organizations). We act as a service provider/data processor on behalf of our clients in many cases. We do not sell personal information to third parties, and we do not share personal information for cross-context behavioral advertising purposes as defined under U.S. state privacy laws.

We ensure secure handling of client data throughout every phase of development and deployment.

For information on how we design, test, and deploy AI systems responsibly—including fairness, transparency, and human oversight—please see our Responsible AI Policy.

This Policy applies to personal information we collect from clients, website users, and other individuals with whom we interact in the conduct of our business. It does not cover aggregated or de-identified data, or information related to Alephic employees (which is addressed in separate internal policies). By using our website or services, you acknowledge the practices described in this Privacy Policy.


Our Privacy Principles

  1. Lawfulness, Fairness & Transparency
  2. Purpose Limitation
  3. Data Minimization
  4. Accuracy
  5. Storage Limitation
  6. Integrity & Confidentiality (Security)
  7. Accountability / Privacy by Design

Information We Collect and How We Collect It

Sources include: information you give us; corporate clients; automatic collection via cookies or SDKs; limited third-party integrations.

We do not knowingly collect sensitive personal information (“SPI”) as defined by the CPRA, nor data from children under 13. If we ever need to process SPI in the future, we will limit its use to essential service purposes and provide the CPRA “Limit Use of Sensitive Personal Information” mechanism.


Cookies & Tracking Technologies

We use essential cookies that are necessary for our site to function and security cookies that help detect fraud and abuse. Non-essential (analytics) cookies are set only with your consent via our cookie banner. Details of each cookie type and its typical lifespan are summarized below. We will also publish a standalone Cookie Notice at https://www.alephic.com/cookies once it is available. You can manage cookie preferences at any time in your browser or by using the banner's settings link. We also recognize the Global Privacy Control (GPC) browser signal as a valid request to opt-out of any sale or sharing of personal information as defined by the CPRA.


How We Use Personal Data

Purposes (and lawful bases where applicable):


How We Disclose Personal Data

We do not sell or share personal information for advertising. Accordingly, opt-out rights for targeted advertising or profiling under Virginia CDPA, Colorado CPA, Connecticut PA-22-15, and similar laws are satisfied by default. We also do not sell “covered information” as defined by Nevada SB-220.


Sub-processors and Service Providers

We engage a limited number of carefully-vetted third-party service providers (“sub-processors”) to help us deliver and secure our services. Each is bound to process personal data only on our instructions and to apply security measures that meet or exceed Alephic's standards.

Categories of service providers we use include:

Roster available on request (under NDA): Existing or prospective clients may obtain our current sub-processor list by emailing privacy@alephic.com and agreeing to an appropriate non-disclosure agreement. We provide at least 30 days' advance notice before authorizing any new sub-processor so that clients may lodge objections under GDPR Art. 28(2) or equivalent rights.


International Data Transfers

We use EU-approved Standard Contractual Clauses, participate in the EU-U.S. Data Privacy Framework (once certified), and apply equivalent safeguards for transfers from other jurisdictions.


Data Security Measures

Encryption in transit & at rest • Role-based access control • Continuous monitoring • Incident-response plan • Annual SOC 2 Type II audit • Privacy-by-design reviews.


Data Retention and Deletion

We keep personal information only as long as necessary for the purposes described above or as required by law, then securely delete or anonymize it. Retention criteria by category:

CategoryPrimary PurposeTypical RetentionRationale
Identifiers & Contact InfoClient relationship management, supportUp to 3 years after last interaction or project endMaintain contracts & audit trail
Professional / Employment InfoSame as aboveUp to 3 yearsSame
Online Activity DataSecurity & analytics12-24 monthsPattern detection & service optimization
Communication RecordsSupport history, dispute resolution≤ 5 yearsLegal defense & service QA
Client-Provided DataService delivery on client's behalfDuration of contract + 60 days (unless otherwise agreed)Return or delete per DPA

Longer retention may apply where law requires (e.g. tax, accounting) or for legal claims. If deletion is not immediately feasible (e.g. in backups) data is isolated until purge.


Individual Privacy Rights & How to Exercise Them

Submit requests:

We verify identity, respond within legally mandated timeframes, and offer an appeal process where applicable. Exercising any privacy right will not result in discriminatory treatment, pricing, or service quality.


Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect their data. Parents may contact us for deletion of any inadvertent collections.


Changes to This Policy

Material changes will be announced on our site and, where required, we will seek consent. “Last Updated” date appears below.


Contact Us & Data Protection Officer

We prefer to resolve concerns directly; EU/UK residents may also lodge complaints with their supervisory authority. Our lead EU supervisory authority is the Irish Data Protection Commission (www.dataprotection.ie).