Data security and privacy statement

Overview

The aim of this documentation is to cover all of the relevant information about the Data Security & Privacy Statement of Alpha Serve to help our customers see clearly what we do and really don't do with their data.

In this Statement, Alpha Serve refers to any of the company's entities, including Alpha Serve PE, a Ukrainian entity, and acSoft Inc, a US entity.

Introduction

Protecting your data and your privacy is our highest priority and is very important for us. Alpha Serve adheres to a strict policy for ensuring the security and privacy of your data, in particular, your personal information (such as full name, address, email address, and/or other identifiable information, collectively such personally identifiable information Personal Data).

This Data Security and Privacy Statement will provide you with an overview of the collection and processing of your data for Applications by Alpha Serve.

In the following, all data created by an Application end-user and stored within the Parent Product (which is monday.com instance for the purposes of this Policy) are defined as Customer Data.

Data Security and Privacy of Our Apps

We support the latest technical and organizational measures to ensure data security, in particular, to protect your Personal Data. These measures are updated on a regular basis to stay up to date. We would like to draw your attention to the fact that security gaps are possible when transmitting data on the Internet, and it is impossible to ensure complete protection of data from unauthorized or malicious access by third parties. If you are interested in our data protection concept, please contact us.

For several applications, we use the option to include YouTube videos to the marketplace product pages, which is allowed. All the videos used on the mentioned pages are stored on www.YouTube.com. In general, this means that some of your user data can be transmitted when you are playing these videos. We are not able to influence or prevent this data transfer. If you don’t want this data transfer, avoid playing the videos.

We may use the option of Google Analytics integration to our Marketplace product pages. Please, note that all such information is anonymized, no personal data can be received or identified. We may use this information to analyze user experience for continuous Application improvement.

 

Data Access

Alpha Serve may access information from you when you use the Application. This information may include:

  1. Personal Information: We may collect your name, email address, and other information that you voluntarily provide to us when you sign up for the Application, OR when you express an interest in obtaining information about us or our products or otherwise when you contact us;

  2. Technical Information: We may request technical information about your device and internet connection, such as your IP address, operating system, browser type, and mobile device identifiers during the process of customer support.

This information may be used to:

  • collect reviews and/or testimonials

  • request feedback

  • provide customer support services

  • inform about new features, improvements or material changes in the Application functionality.

For the purposes of this Policy, we note Customer Data as all the data generated, created, stored and managed by the Customer inside their monday.com instance (Parent product).

We draw your attention to the fact that we do not collect, access to, store or process any of such Customer data with our Application, nor do we collect, store or process any analytical or tracking data, but nor do we place cookies or tracking beacons in any Applications.

Some of our Applications depend on the use of personal data, such as usernames and email addresses. All this information is used by the application for internal functional purposes only and, if at all used, is stored in the local database of your product.

Data Storage

Unless otherwise stated below our Applications do not store Customer Data locally, but store Customer Data in the corresponding monday.com Product.

Exceptions applying:

  • Account Data: Our Applications may only store data provided and generated by monday.com, that are required for license validation, contract administration, and communication with the customer instance.

  • Session Data: Our Applications store data resulting from the customer's use of the service and distinguished from Customer Uploaded Data. This includes, for example, the use of statistics of service functions such as the total number of exports per day. This data is anonymized. Therefore, we cannot identify the end user this data relates to. It is exclusively used in order to improve our service. It does not contain any Customer Uploaded Data or Operation Data.

  • Support Data: Our Applications may offer a problem report functionality which can be triggered in the respective Apps. If an App offers such functionality, it allows you to automatically report the error to our support team. This functionality will collect relevant support data (e.g. Account Data, Operation Data, Customer Uploaded Data) from our systems and will create a support ticket in our support system on behalf of your users' email address. This data will be stored in the same data location that executed the operation but also downloaded to our own IT-system by a member of our support team. The data is usually saved in our hosts (see below section End of Subscription). Please pay special attention that data transfer on the internet can have security gaps and it is not possible to provide the complete protection of data against unauthorized or malicious access of third parties.

  • Real-time Error Tracking Data: Our Applications track errors of our Apps' resources executed in the end-users' browsers in real-time. This includes, for example, error messages and information about the environment such as browser type, browser version, and operating system. It is exclusively used in order to improve our service.

  • User-Account Data: We may collect account ID, user ID, API token at the Application installation. This information is fully anonimyzed. API token is stored encrypted. Thus, in no way these data can be used to retrieve or access any of the Customer Data. It is deleted automatically upon the de-installation of the Application.

  • Logs Data: We may store API request data, de-bug logs and error logs. This information is stored anonimyzed, while the API request itself is stored in the encrypted mode for 60 days, together with error information. Please, note: the request reply is NOT stored in any means, and in no way this data can be used to retrieve or access any of the Customer Data. It is exclusively used in order to improve our service.

Data Location

Alpha Serve uses Amazon for hosting Applications to comply with all local laws. Amazon's physical infrastructure is hosted and managed within Amazon’s secure data centres and utilizes the Amazon Web Service (AWS) technology. 

Status information about the Amazon cloud platform can be found here: https://status.aws.amazon.com/.

Amazon has published security statements that can be found at the following link: https://aws.amazon.com/security/

For check of add-ons licenses, we need to store instance and license information. These are stored on Amazon servers in Oregon, USA.

Our hosting region is the United States.

Data Sharing

Alpha Serve does not share the information described in this Policy in any ways.

Process Email Addresses Terms

We do not store user email addresses and always retrieve current user data at the time of use. We do not use email addresses in the UI. Backups

This section explains our backup and recovery policy for customer data:

  • Our backup data is securely stored, unauthorized access to backup data is not possible.

  • We back up at least once a day, and we keep the backups.

Billing Data Storage Terms

We may store your billing information (company name, tax codes, bank details, country, contacts of the involved monday.com partner) to fulfil the requirements of the local tax legislation. We are not able to influence this data storage.

Application and Infrastructure Security

This section explains the security measures we've taken in our application and infrastructure:

Customers of Our Apps

By purchasing the Application license, our customers accept the following:

  • Alpha Serve will receive personal information of the purchasing account from monday.com.

  • Alpha Serve will retain personal information during the active maintenance period and after the expiration of the last maintenance period.

  • Alpha Serve may send emails containing product news, tips, best practices, webinar or training details, event-related information. To comply with GDPR regulations, customers can request the removal, rectification or review of their own personal information stored in the support system by sending an email to support@alpha-serve.com or by clicking the unsubscribe link in the emails received.

Access to Customer Data

Only authorized Alpha Serve employees and subcontractors from our support and development teams have access to Customer Data. Such subcontractors are contractually bound to the same data security and privacy standards that apply to Alpha Serve.

Subcontractors

Our subcontractors are:

  • Amazon (Amazon.com, Inc.), is an American multinational technology company based in Seattle, Washington. Our Cloud Apps are hosted on Amazon Platform in Oregon, USA. The Amazon privacy statement can be found here.

  • Sentry (Sentry is a registered trademark of Functional Software, Inc.), San Francisco, USA: We use Sentry for real-time error tracking of our Cloud Apps' resources executed in the end-users' browsers to reproduce and fix crashes. The Sentry privacy statement can be found here.

End of subscription

If a customer unsubscribes from our Application we mark stored Customer Data for deletion. However, the customer can contact us to ask for immediate manual deletion.