AlphaLens

Legal

Privacy Notice for AlphaLens

Last updated: May 8, 2026

Deckmatch, Inc. DBA AlphaLens ("AlphaLens," "we," "us," or "our") will, as part of our business, process personal data.

We are committed to processing personal data in a safe, reassuring, and trustworthy manner. Our processing as the controller of personal data is based on our activities and the purpose of our business. Information about the personal data we process about you, the legal basis for the processing, the purpose of the processing, how long we process the personal data, and related matters is set out below.

For residents of California, please refer to our Privacy Notice for California Residents. For residents of other US states with comprehensive consumer-privacy laws, please see Section 11 below.

If you have questions about how we process your personal data, please contact us using the details in Section 1.

1. Responsible for the Processing of Personal Data

AlphaLens is responsible for processing the personal data described in this notice, meaning we decide why and how the personal data is processed (the data controller). We may also process personal data in other ways referred to below; in those cases we will tell you what role we play.

We operate two principal lines of activity that bear on personal data:

The AlphaLens platform and database. We provide the AlphaLens competitive intelligence platform and we maintain a database of companies, products, and individuals associated with companies, compiled and curated from publicly available and licensed sources. With respect to the database and the operation of the platform itself, we are the data controller.

Data processor services. We provide pitch deck and document processing, custom research, and CRM and business-tool integrations to our customers. With respect to personal data we process when delivering these services, our customers are the data controller and we are the data processor, acting on their documented instructions and pursuant to a written data processing agreement.

The remainder of this notice describes both roles. Section 4 sets out our data processor activities in more detail. Section 5 explains our notice to individuals whose data appears in the AlphaLens database without their having provided it to us directly.

Contact details for AlphaLens as data controller:

  • Entity name: Deckmatch, Inc. DBA AlphaLens
  • Email: contact@alphalens.ai
  • Postal address: 470 Ramona St, Palo Alto, CA 94301-1707, USA

2. Why and What Kind of Personal Data Do We Collect and Use

We collect and use your personal data for different purposes depending on who you are and how we get in touch with you.

All processing of personal data will be in accordance with this Privacy Notice, the privacy regulation in force at any given time, including local privacy regulation and the General Data Protection Regulation ("GDPR").

You will find information on the personal data we process about you, the purpose and legal basis of the processing, how long we process the personal data, and related matters in this section.

"Personal data" is any information related to a natural person. "Processing" means anything that is done with personal data, such as collection, registration, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, alignment, restriction, deletion, or destruction.

If we are a data processor, meaning we process personal data on behalf of others (who are the data controller), such as our customers, you may request information about the processing from the data controller. You can still contact us about the processing of your personal data, and we will refer you to the data controller. See Section 4.

2.1 Communication and Contact

We process personal data about those who contact us in order to answer and document the communication, as well as to contact others not covered by the processing described elsewhere in this notice. This applies to all forms of communication, physical and digital, written and oral.

We process the name, telephone number, email address, and any personal data that may result from the communication, including history and logs about the inquiry.

The processing is based on our legitimate interest in handling and documenting our communications (GDPR Art. 6(1)(f)). We have assessed that this processing is necessary for us to handle inquiries we receive and that the data subjects' privacy does not override these interests.

It is voluntary to provide us with personal data, but it will be necessary for us to receive certain information in order to answer inquiries.

We process the personal data until we expect that there will be no further follow-up of the contact, typically for two years.

2.2 Email and Other Business Solutions

We use email as a communication solution and other business solutions, such as document storage and collaboration tools, that will contain personal data. The processing is based on our legitimate interest in operating our business with appropriate work tools (GDPR Art. 6(1)(f)) and we have assessed that the data subjects' privacy does not override these interests. Personal data processed depends on the purpose of the email and what is included in it. Emails and other information are deleted when they are no longer needed, and we have measures in place to ensure regular deletion.

2.3 The AlphaLens Platform - Customer Account and Usage Data

We collect and process personal data in order to provide the AlphaLens platform. AlphaLens is an AI-native competitive intelligence platform that provides semantic search across companies and products and that enables users to conduct sourcing, screening, market research, competitive analysis, and related activities.

Access to the AlphaLens platform is provided through subscription agreements with our customers. In connection with delivering the platform we collect and process the following personal data:

  • Account and contact information of our customers' users, including name, work email address, employer information, role, and account credentials.
  • User activity within the platform, including search queries, natural language research questions, product and company lookups, saved searches, exports, and API usage logs.
  • Technical logs and security logging on the website and in connection with the services for security, service-development, and statistical purposes, including IP addresses, device information, browser type, and access times.

For account and usage data, our customer is typically the data controller and we process the data on the customer's behalf as data processor. The customer's processing is typically based on its legitimate interest in providing the platform to its personnel (GDPR Art. 6(1)(f)) or on the necessity of the processing for the performance of a contract (GDPR Art. 6(1)(b)).

We are the data controller for technical logs and security logging, which we maintain to operate, secure, develop, and produce statistics about the service. The legal basis for that processing is our duty to comply with the privacy regulation, including the obligation to secure personal data (GDPR Art. 6(1)(c) read together with Art. 32) and our legitimate interest in operating a secure and reliable platform (GDPR Art. 6(1)(f)).

2.4 The AlphaLens Database - Public-Source Company and Individual Profiles

Independent of any individual customer engagement, we collect, structure, and maintain a database of companies, products, and individuals associated with companies, such as founders, executives, board members, and other individuals identified in connection with a company. Customers query this database through the AlphaLens platform and we use it to provide enrichment and context for data customers themselves provide to us. With respect to this database we are the data controller.

Categories of personal data. The database typically contains the following categories of personal data about individuals acting in a professional capacity:

  • Name
  • Current and prior employer(s) and job titles
  • Public professional biography or descriptive text
  • Links to public professional profiles, for example a LinkedIn URL
  • Public business contact information where available
  • Founder, executive, board, advisor, or similar role attributions
  • Publicly reported activities such as company formations, fundraising rounds, product launches, and similar events

We do not deliberately collect special categories of personal data, such as data revealing racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, health, sex life, or sexual orientation, for the database, and we do not seek to infer any such categories from the data we hold.

Sources. Data in the database is compiled from publicly available sources, including company websites, professional networking sites such as LinkedIn, public business and regulatory registries, regulatory filings, press releases, news articles, public datasets, and similar publicly accessible sources. We may also receive data from licensed third-party data providers under contract.

Purpose and legal basis. The purpose of the processing is to maintain a comprehensive, accurate professional intelligence resource for our customers' lawful business activities, including sourcing, due diligence, screening, market research, and competitive analysis. The legal basis under the GDPR is our legitimate interest, and our customers' legitimate interest, in providing and using a professional intelligence resource (GDPR Art. 6(1)(f)).

We have conducted a balancing test and concluded that this interest is not overridden by data subjects' fundamental rights and freedoms, in particular because the processing concerns publicly available business and professional information of identified individuals acting in a professional capacity, the data is processed for the limited purpose of professional intelligence, no special-category data or inferences are processed, and we provide an accessible mechanism for individuals to exercise their rights.

Data minimisation and accuracy. We periodically review and refresh records against current public sources to maintain accuracy and timeliness in line with GDPR Art. 5(1)(d).

Retention. We retain database records for as long as the underlying public information remains accurate and relevant to professional-intelligence purposes. Records, fields, or specific entries are removed, anonymised, or updated where they are no longer accurate or relevant, where a valid right-to-erasure or right-to-object request is granted, or where required by law.

Notice to data subjects. Where we collect personal data from sources other than the data subject, GDPR Art. 14 may require us to provide notice to the data subject. We rely on the publication of this Privacy Notice, in particular Section 5, and on the rights mechanism described in Section 9 to satisfy this obligation. Where direct notification of each individual would involve disproportionate effort, we rely on Art. 14(5)(b) and have implemented appropriate measures to protect individuals' rights, freedoms, and legitimate interests, including making this Privacy Notice publicly available and providing a rights-request channel.

2.5 Data Processor Services - Pitch Decks, Custom Research, and CRM Integrations

In addition to our role as data controller, we act as a data processor on behalf of our customers in providing certain services. When acting as a data processor, our customers are the data controller and we process personal data on their behalf, on the basis of their documented instructions, and pursuant to a written data processing agreement.

The principal data processor services are:

Pitch deck and document processing. When customers upload pitch decks, executive summaries, teasers, information memorandums, business plans, or similar documents to the AlphaLens platform, we extract structured information from those documents, index the document, store it on the customer's behalf, and may enrich it against our database for the customer's exclusive benefit.

Custom research. Customers may submit natural-language research queries which may contain personal data of individuals identified in the query, for example the name of an executive or a target company contact. We process such queries on the customer's instructions to return responsive results.

CRM and business-tool integrations. We integrate with customer-controlled CRM, file-storage, communications, and other business tools and we read, write, and synchronise data on the customer's instructions. The personal data processed is whatever the customer chooses to expose through the integration.

Categories of data subjects. When we act as a data processor, the data subjects whose personal data we process include individuals named in customer-uploaded documents, individuals identified in customer-submitted research questions, and individuals whose data is held in the customer's connected systems.

Customer responsibility for lawful basis. Our customers are responsible for ensuring that they have a valid legal basis under the GDPR and any other applicable law for processing personal data through our platform, for providing required notice to data subjects, and for the lawfulness of any document, query, or system access they place under our control. Customers are also responsible for not submitting special categories of personal data unless they have an appropriate legal basis to do so.

Use of artificial intelligence and sub-processors. Pitch deck processing, custom research, and certain platform features rely on automated extraction, classification, and generative AI techniques and use sub-processors, including large-language-model providers and other infrastructure providers. See Section 6 for our position on the use of customer content for model training and for our approach to sub-processor transparency.

Data processing agreements and instructions. A written data processing agreement is in place with each customer using these services and governs our processing in detail, including instructions, sub-processor authorisation and notification, security measures, audit rights, return and deletion of data on termination, and assistance with data subject rights and incident response. If you wish to exercise your rights with respect to data processed through these services, please contact the relevant customer in the first instance; see Section 9.

Retention. Personal data we process as a data processor is retained for as long as instructed by the customer and is returned or deleted on termination of the customer agreement, subject to retention required by law.

2.6 Service Communications

We may send transactional or service-related information about the services that you or your organisation have purchased or are using, such as technical conditions, upgrades, new functionality, security advisories, billing information, and other service-related updates. This includes emails that may be automatically generated by our services. This information forms part of the services we provide and may be important to you or your organisation.

This information is sent regardless of whether you have consented to marketing because it is our legitimate interest, and our customers', to communicate about the services in use (GDPR Art. 6(1)(f)). The purpose of the processing is to keep you informed about the services. Consequently, you may not be able to unsubscribe from transactional or service-related communications while you remain a user of the service.

We process only the personal data necessary to send these communications, such as your name, email address, and, where applicable, telephone number. We will not use this information for any purpose other than sending these communications and we will not share, transfer, or otherwise make this information available outside what is described in this notice. The personal data is processed for as long as you use our services.

2.7 Newsletter and Marketing

If you request information from us or sign up for our newsletter, we may send you marketing about our products and services, partner products, and similar information. In that case we will process your name and email address.

The processing is based on your consent (GDPR Art. 6(1)(a)) where the communication is marketing. For service-related communications, see Section 2.6. You can withdraw your consent at any time by using the unsubscribe link in the relevant email or by contacting us using the details in Section 1.

We process the personal data until you have received the requested information, withdraw your consent, or otherwise object. Your personal data will then be deleted from our marketing lists.

2.8 Business Customers, Suppliers, Partners, and Prospects

We process personal data about contact persons of existing and potential business customers, suppliers, and other partners in order to manage our relationship with them, prepare, implement, and document services, and evaluate the use of services. In these cases we will process names, contact information, employer name, job title, and information related to the contact with the company in which the person works.

The processing is based on our legitimate interest (GDPR Art. 6(1)(f)) in managing the relationship with our customers, partners, and suppliers, and we have assessed that our interest is not overridden by the data subjects' privacy.

We also store and disclose information where we have a legal obligation to do so, for example under accounting and tax legislation. We may store information for as long as we believe it may be necessary to document matters relating to services. In many cases it will be necessary for us to obtain personal data to enter into agreements with customers and suppliers, including to document that an agreement has been entered into. If we do not receive the information we need, we will not be able to enter into agreements.

It is voluntary for contact persons to provide us with personal data. If we collect personal data from others it will mainly be contact information, position, function, employer, and any competence and references where relevant. The source for such information will be the contact person, the employer, publicly available sources, or other legitimate means.

We store the personal data until the relationship with the customer, supplier, or partner ceases or until the contact person is no longer the contact person, with the exceptions mentioned above.

2.9 Recruitment

When recruiting for new positions with us, we process CVs, applications, certificates, and references. The processing of personal data takes place on the basis of consent that you have given if processing takes place through a recruitment solution, or on the basis that it is necessary and within our legitimate interest to recruit new employees.

The basis for processing personal data when recruiting is that the processing is necessary to make assessments of possible job seekers prior to entering into a possible employment agreement (GDPR Art. 6(1)(b)). If assessments are made, for example contacting persons who are not listed as a reference or examining backgrounds, personal data is processed on the basis of our legitimate interest in finding the right candidate for the position (GDPR Art. 6(1)(f)). We have considered that the data subject's privacy does not override our legitimate interest in recruiting new employees.

We recommend that you do not enter special categories of personal data, such as health, religion, political opinion, union membership, or similar information, in your application.

Information in the recruitment process is deleted as soon as the recruitment is completed unless you have agreed to further storage.

2.10 Social Media

We have contact with stakeholders and others through social media. We operate a LinkedIn page and may operate accounts on other social media platforms. Where we operate a social media presence we are responsible for processing personal data in connection with that page.

Personal data will be processed through our social media presences if you publish posts, comment, or like or follow our pages. Our purpose for processing personal data through social media is to communicate with people who wish to communicate with us or interact with us on social media.

In this context, your name and link to other information that you have posted on the relevant platform are processed. In addition, everything you share through posts and comments on our social media pages, and the fact that you have liked or followed our pages, is processed. What you share is up to you and voluntary.

We ask you not to share personal information in posts or comments on our pages, and especially not to share personal information about others, for example by tagging or mentioning people.

We process personal data on social media because we have a legitimate interest in communicating with the public through social media and want to process personal data in this context (GDPR Art. 6(1)(f)). We have assessed that this is necessary in order for us to communicate with the public and handle inquiries we receive, and that the data subjects' privacy does not override these interests.

The data will be processed as long as posts and comments are available on the relevant platform; you can delete your posts and comments at any time.

2.11 Use of Websites, Cookies, and Similar Technologies

We use cookies or similar technologies to collect information when you visit or interact with our website. We use the information collected to improve the customer experience on the website and the services, to adapt and develop the website, and to offer functionality in the services. We also use the information to provide visitors with recommendations and service adjustments that are as relevant to you as possible.

The information collected will be your IP address, the type of browser you use, your internet provider, operating system, date and time of website visits, and similar technical information. The information is stored in your browser's internal memory or related to a series of numbers or digits that can identify your browser or device that uses the website. The information is then related to other information collected.

You have the ability to prevent us from placing non-essential cookies in your browser. Many browsers or devices are set to accept cookies automatically, but you can choose to change the settings yourself so that cookies are not accepted. The disadvantage of disabling cookies in your browser is that the web pages will not work optimally; the purpose of most cookies we use is to provide functionality on the services.

Personal data is also used to improve our website, compile statistics, and understand the use of the pages. As far as practicable, we try to do this with anonymous information without knowing that the information is specifically related to the individual visitor.

We process the personal data on the basis of your consent (GDPR Art. 6(1)(a)) for non-essential cookies. The information will be processed until you withdraw your consent, which may be done by adjusting your cookie preferences or by contacting us using the details in Section 1.

We process the personal data on the basis of our legitimate interest (GDPR Art. 6(1)(f)) for essential cookies necessary to provide website functionality, and we have assessed that this interest is not overridden by the data subject's privacy. We safeguard the privacy of visitors to the website by only using the information for statistics where individuals are not identified. The information will be processed for as long as it is necessary for the purposes mentioned above.

The cookies and similar technologies we use are listed in the attachment at the end of this Privacy Notice.

3. Retention and Deletion of Personal Data

We keep and store personal data for as long as is necessary for the purpose for which the personal data was collected, and we delete the data under requirements in regulations. The retention period for individual categories of data is set out under each subsection of Section 2.

Instead of deleting personal data, it may be appropriate in some cases to anonymise it. By anonymisation, all data that may identify or potentially identify data subjects is removed from data sets.

This means, for example, that personal data that we process based on your consent will be deleted if you withdraw your consent. Personal data that we process in connection with subscription agreements you have with us is deleted when the agreement is terminated and all obligations arising from the contractual relationship have been fulfilled, including legal obligations related to accounting and follow-up of customer-related matters. We retain certain data for a period following the end of the subscription for legal-compliance purposes, typically five years. Personal data related to our fulfilment of legal obligations is deleted as soon as the legal obligations have been fulfilled.

For database records, see the retention statement in Section 2.4. For personal data processed as a data processor, retention is governed by the customer's instructions and the relevant data processing agreement.

4. Processing Personal Data as a Data Processor

Customers who use our services are data controllers for certain personal data processed through the services and are responsible for the processing of that personal data when using the services. This includes personal data contained in pitch decks, custom research questions, and CRM data that customers provide to us or instruct us to access. We process such personal data on behalf of the customer and we are the data processor. A data processing agreement is in place between our customers and us to regulate our processing of personal data on the customer's behalf.

As our customers are responsible for the processing (data controller), you must contact our customer to enforce your rights regarding such data. See Section 9 for more information about your rights.

The information in this Privacy Notice will also apply to our processing of personal data about our customers' data subjects with regard to the disclosure and transfer of personal data and to security and technical matters. For deletion of personal data processed as a data processor, the timing depends on when our customer chooses to delete the information or instructs us to delete it. We will not use information processed as a data processor without our customer's instruction or approval.

We send out emails to contact persons at users of our services and our customers in order to provide information about the services, such as technical conditions, upgrades, new functionality, and similar matters, in addition to emails that are automatically generated by our services.

5. Notice to Individuals Whose Data Appears in the AlphaLens Database

If you are not a customer of AlphaLens but believe that information about you is included in the AlphaLens database described in Section 2.4, this section applies to you.

We collect publicly available professional and business information about individuals from sources such as company websites, professional networking sites, public registries and filings, news articles, and licensed data providers. We do not collect this information from you directly. We process this information for the purposes described in Section 2.4 and on the legal basis set out there. The categories of personal data we typically hold are listed in Section 2.4.

You have the rights described in Section 9. To exercise those rights with respect to the database, including the right to access your personal data, to correct inaccurate data, to request erasure, and to object to our processing on the basis of legitimate interest under GDPR Art. 21, you can contact us at contact@alphalens.ai. We will respond within 30 days, subject to our right to verify your identity and any limitations under applicable law.

In particular, if you object under GDPR Art. 21 to our processing of your personal data on the basis of legitimate interest, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

6. Disclosure, Transfer, and Sub-Processors

We do not disclose or transfer personal data to others except as described in this notice or where there is a legal basis for such disclosure or transfer. Examples of such a basis are an agreement with the data subject, the consent of the data subject, or a legal basis that requires us to disclose the information, such as tax-reporting, accountant or auditor requirements, or banking services.

6.1 Sub-processors

We use sub-processors to process personal data on our behalf in connection with both our controller activities and our data processor activities. We have entered into written data processing agreements or equivalent contractual arrangements with each sub-processor to safeguard data subjects' rights and the security of personal data at all stages of the processing.

Our principal categories of sub-processors are:

  • Cloud hosting and infrastructure - hosting of the AlphaLens platform, the database, customer-uploaded documents, and operational telemetry.
  • Large-language-model and other AI providers - extraction, classification, summarisation, semantic search, and related generative-AI processing in support of pitch deck processing, custom research, and platform features.
  • Document parsing and OCR providers - parsing of pitch decks and other documents into structured form.
  • Customer-relationship and business-tool integrations - APIs that connect AlphaLens to customer-controlled CRMs, file-storage, and communications platforms.
  • Operational tools - error monitoring, product analytics, customer support, billing, and email delivery.

A current list of named sub-processors is available to customers on request via contact@alphalens.ai. Where we engage a new sub-processor or replace an existing sub-processor for our data processor services, we provide notice to affected customers in accordance with the relevant data processing agreement and offer customers an opportunity to object as agreed in that agreement.

6.2 Use of Customer Content for AI Model Training

We do not use customer-uploaded pitch decks, customer-submitted research questions, customer CRM data, or any other content that we process as a data processor on a customer's behalf to train our own foundation models or to train models for the benefit of any third party. Where we use third-party large-language-model or AI providers as sub-processors, we contract for service tiers and configurations under which the provider is prohibited from using customer inputs and outputs to train the provider's own or any third party's models.

We may use de-identified, aggregated, or otherwise non-personal usage signals, such as feature-usage metrics, to operate, secure, and improve the services. We may also use information drawn from publicly available sources, independently of customer-submitted content, to train or evaluate models that support our services.

6.3 Other Disclosures

If it is required by law, or if there is a suspicion that a crime has been committed in connection with the use of our services, personal data may be disclosed to public authorities.

If personal data may be subject to transfer to another organisation in connection with a merger, financing, reorganisation, or dissolution transaction of all or part of our business, we will only do so if the parties involved have entered into an agreement under which the collection, use, and sharing of personal data is limited to the purposes of the transaction, and the personal data is used by the parties only to complete the transaction. If another company buys our business or assets, that company will have access to the personal data collected by us and will assume the rights and obligations regarding your personal data as described in this Privacy Notice.

7. Transfer of Personal Data to Recipients in Countries Outside the EEA

It is our objective that all processing of personal data shall be carried out within the EEA, but we may use suppliers or process personal data outside the EEA, including in the United States. Where we transfer personal data outside the EEA, the transfer will take place to countries approved by the European Commission as providing adequate protection or under another valid legal basis under GDPR Chapter V. Where transfer to an adequacy-decision country does not apply, the transfer will take place under appropriate safeguards under GDPR Art. 46(2), such as the European Commission's Standard Contractual Clauses, supplemented where necessary with additional technical and organisational measures. You can obtain information about the lawful basis used for the transfer, and a copy of the relevant safeguard, by contacting us using the details in Section 1.

For transfers to or from the United Kingdom, we rely on the UK Addendum to the Standard Contractual Clauses or any other valid mechanism under the UK GDPR.

8. Security of Processing

We prioritise the security of personal data in our business and we implement technical and organisational measures appropriate to the risk to secure your personal data. Where possible, processing is encrypted in transit and at rest, and access is limited to those who need the personal data to perform their tasks (the "need-to-know" principle).

We endeavour to ensure that the personal data we hold is correct, accessible, and handled according to the degree of sensitivity of the information. We use a variety of security technologies and information-security procedures to protect your personal data from unauthorised access, use, or disclosure. Where appropriate, we conduct risk assessments.

We have entered into data processing agreements with our suppliers who process personal data on our behalf, in which the suppliers commit to a level of security at least equivalent to ours.

We restrict access to personal data to staff and third parties who process the personal data on our behalf, and these parties are subject to a duty of confidentiality.

We have established procedures for handling information-security breaches. If there is a breach that poses a risk to personal data, we will notify the relevant supervisory authority no later than 72 hours after the breach has been discovered. Where the breach entails a high risk to the rights and freedoms of affected data subjects, we will also notify the data subjects. Where the breach concerns personal data for which we are a data processor, the data controller, such as our customer, is responsible for notifying, and we will assist them in doing so as required by the relevant data processing agreement.

9. Your Rights When We Process Personal Data About You

A description of your rights when we process personal data about you appears below. To exercise your rights you can contact us using the details in Section 1, or as otherwise described below.

We strive to respond to your inquiry as soon as possible and no later than 30 days. If a response will take longer than 30 days, we will let you know.

In some cases we will ask you to confirm your identity or provide additional information before we act on your request, in order to ensure that we only give access to your personal data to you and not to someone who pretends to be you.

The rights set out below apply where we are responsible for the processing as data controller. If we are a data processor for our customers and you use a service provided to one of our customers or your data is processed through services provided to our customers, the customer is responsible for the processing and you should contact the relevant customer to exercise your rights.

9.1 Information

You have the right to be informed about how we process your personal data. This Privacy Notice is the principal way we provide that information. You can also contact us if you want more information.

9.2 Access

You have the right to request a copy of the personal data we process about you. Contact us if you want such access.

9.3 Correction and Erasure

You have the right to ask us to correct inaccurate personal data and to erase personal data. We will accommodate such a request as far as possible, but we cannot do so where the data is necessary for us to retain for legal or contractual reasons.

9.4 Withdrawal of Consent

Where we process personal data based on your consent, you can withdraw that consent at any time. The easiest way to withdraw your consent is as informed at the point you give your consent, for example via the unsubscribe link in marketing emails, or by contacting us.

9.5 Right to Object and to Restrict Processing

You have the right to object to processing carried out on the basis of legitimate interest, and to request restriction of processing in certain cases, in accordance with GDPR Arts. 18 and 21. If you are an individual whose personal data appears in our database, see Section 5 for the dedicated objection mechanism.

9.6 Data Portability

For personal data that you have provided to us, that is necessary to carry out an agreement with us, and that is processed in an automated manner, you can request that the personal data be disclosed or transferred to another provider in a structured, commonly used, and machine-readable format.

9.7 Automated Decision-Making

We do not make decisions based solely on automated processing of personal data, including profiling, that produce legal effects concerning you or that similarly significantly affect you within the meaning of GDPR Art. 22. Our services involve automated processing of information about companies and individuals acting in a professional capacity, for example the extraction, classification, scoring, and ranking of company and product information, but those outputs are intended to inform our customers' decisions and are not, by themselves, decisions producing legal or similarly significant effects on the individuals concerned.

10. Children's Data

The AlphaLens services are intended for business use and are not directed to children. We do not knowingly collect personal data from children. If you believe that we have collected personal data of a child, please contact us at contact@alphalens.ai and we will take steps to delete the information.

11. US State Privacy Rights

Residents of California should refer to our Privacy Notice for California Residents for the disclosures and rights provided under the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA").

Residents of other US states with comprehensive privacy laws, including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others, may have rights similar to those described in Section 9, including the right to access, correct, delete, and obtain a portable copy of their personal data, and to opt out of the sale of personal data, the sharing of personal data for cross-context behavioural advertising, and certain forms of profiling.

To exercise these rights, please contact us at contact@alphalens.ai. We will not discriminate against you for exercising your privacy rights.

We do not sell personal data for monetary consideration, and we do not knowingly engage in "sharing" of personal data for cross-context behavioural advertising as those terms are defined under the CCPA.

12. Complaints

If you suspect that our processing of personal data is not in accordance with what we have described here, or that we are otherwise in breach of privacy legislation, you can file a complaint with the relevant supervisory authority. We ask you to contact us first so that we can address the matter as soon as possible.

For residents of the European Union, the European Economic Area, or the United Kingdom, you may contact your local Data Protection Authority. For residents of California, you may file a complaint with the California Attorney General's office. For residents of other US states, please refer to your state's relevant data-protection authority or Attorney General.

You will find information about your rights and how to contact the relevant supervisory authority on its respective website.

13. Changes

If there is a change in our services or in the regulation governing the processing of personal data, the information in this notice may be updated. We will post any changes at https://alphalens.ai/privacy-notice, and significant changes will take effect upon posting. Where we are required to do so, we will notify you of material changes in advance.

Attachment: Cookies and Similar Technologies Used

We use the following cookies or similar technologies on our website:

  • Sentry.io - error monitoring
  • PostHog - website analytics and product usage statistics