Privacy Policy

Last updated July 1st 2026

1. Introduction

Welcome to Alps ("Service," "Platform," "we," "us," or "our"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and process your personal data. This Privacy Policy explains our practices regarding data collection and your rights under applicable privacy laws, particularly the Nigeria Data Protection Regulation (NDPR) and other applicable Nigerian and international data protection frameworks.

This Privacy Policy applies to:

  • Users who create and manage support desks on our platform
  • Customers/visitors who interact with public support widgets
  • Team members invited to workspaces
  • Any individual whose data is processed by Alps

By accessing or using Alps, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

2. Data Controller & Contact Information

Data Controller & Company

Lagos, Nigeria

Email: info@tryalps.com

Compliance Officer (Data Protection)

Email: info@tryalps.com

For privacy inquiries, data subject requests, or to exercise your rights under the NDPR, contact us at info@tryalps.com. We aim to respond to all inquiries within 14 days.

3. What Personal Data We Collect

3.1 Account Creation & User Profile Data

When you sign up for Alps, we collect:

  • Identity Information: First name, last name, email address
  • Authentication: Password (stored securely via Firebase Auth)
  • Profile Details: Display name, profile picture, company name
  • Contact Information: Phone number, city, state, country

Legal Basis: Contract; Legitimate Interest

3.2 Workspace & Team Data

  • Workspace Members: Email addresses, names, roles (owner/admin/member), permissions, join date
  • Workspace Settings: Branding (logo, colors, fonts), help center customization
  • Invitations: Email addresses of invited users, invitation tokens

Legal Basis: Contract; Legitimate Interest

3.3 Customer Conversation Data

When customers interact with your support desk:

  • Customer Identity: Name, email address, phone number
  • Conversation Metadata: Status, priority, assigned agent, labels/tags, timestamps
  • Messages: Message content, sender type, direction, timestamps, attachments
  • Notes: Agent-only internal notes with timestamps and author information

Legal Basis: Contract; Legitimate Interest

3.4 Contact Data

We store detailed contact records for customers and leads:

  • Contact Identity: Full name, email address, phone number, company name
  • Professional Information: Job title, job role, department
  • Address Information: Street address, city, state/province, country, postal code, website
  • Custom Attributes: Flexible custom fields defined by you

Legal Basis: Contract; Legitimate Interest

3.5 Billing & Payment Data

  • Account Owner Information: Email address, workspace owner name
  • Subscription Information: Plan tier, number of seats, subscription status, trial end date
  • Payment Records: Transaction amounts, currency, payment status, invoice PDFs

Legal Basis: Contract; Legal Obligation

4. Cookies & Browser Storage

4.1 How We Use Cookies & Storage

Alps uses browser storage to enhance your experience:

Local Storage (Persistent):

  • alpsToken – Firebase ID token for session management
  • alpsUser – Cached user profile data
  • userData – Cached workspace/profile information

Session Storage (Tab-Specific):

  • alps-session-{widgetKey} – Session marker

4.2 Your Cookie Choices

Most browsers allow you to refuse cookies. Please note:

  • Refusing essential cookies may prevent the Service from functioning
  • We recommend keeping cookies enabled for optimal experience
  • Disabling localStorage will limit widget persistence features

5. How We Use Your Personal Data

5.1 Service Delivery

  • Create and manage your account
  • Route and deliver customer support messages
  • Process payments and manage subscriptions
  • Provision and customize your workspace/help center

5.2 Communication

  • Send account verification emails
  • Send workspace invitations
  • Send billing notifications
  • Send service updates and announcements

5.3 Analytics & Improvement

  • Analyze usage patterns to improve the platform
  • Monitor system performance and uptime
  • Identify technical issues and bugs

6. Who We Share Your Data With

6.1 Third-Party Service Providers

We share data with trusted service providers under Data Processing Agreements:

  • Google Firebase – Database, authentication, cloud storage
  • Amazon Web Services (AWS SES) – Email delivery
  • Paystack – Payment processing
  • Cloudinary – File upload & CDN storage
  • Pusher – Real-time message delivery

6.2 User-Initiated Integrations

When you connect integrations, we share data as necessary:

  • Meta/WhatsApp – Send/receive messages
  • Asana – Create tasks from conversations
  • Trello – Create cards from conversations
  • Email (IMAP) – Sync inbound emails

7. Data Retention

7.1 Retention Periods

Data TypeRetention Period
Account/User ProfileUntil account deletion
Conversations & MessagesUntil manually deleted
Payment/Invoice Records7 years (legal requirement)
Email Logs90 days
Deleted Account Data30 days (backup retention)

7.2 Account Deletion

When you delete your workspace or account:

  • All workspace data is marked for deletion
  • Payment records are retained for 7 years (legal requirement)
  • Backup copies may persist for up to 30 days
  • All OAuth integrations are disconnected

8. Your Rights Under the NDPR

Right to Access

You can request a copy of the personal data we hold about you.

Email info@tryalps.com with subject "Access Request (NDPR)" • Response: 14 days

Right to Rectification

You can correct inaccurate, incomplete, or misleading data.

Log into Alps and update your profile, or email info@tryalps.com • Response: 14 days

Right to Erasure (Right to Be Forgotten)

Under certain conditions, you can request deletion of your data.

Email info@tryalps.com with subject "Erasure Request (NDPR)" • Response: 14 days

Right to Data Portability

You can request your data in a portable, commonly-used format (CSV/JSON).

Email info@tryalps.com with subject "Data Export Request (NDPR)" • Response: 14 days

Right to Object

You can object to processing for marketing, profiling, or legitimate interest purposes.

Unsubscribe links in emails, or email info@tryalps.com to opt out

9. Data Location & Cross-Border Transfers

9.1 Where Your Data Is Stored

  • Primary Infrastructure: Google Cloud (Firebase Firestore) - globally distributed
  • Email Service: Amazon Web Services (AWS SES) - us-east-2 region (USA)
  • Payment Processing: Paystack - Lagos, Nigeria
  • File Storage: Cloudinary - global CDN

9.2 Data Transfers Outside Nigeria

When your data is transferred outside Nigeria:

  • We ensure transfers are lawful under the NDPR
  • We implement appropriate safeguards (encryption, agreements)
  • We prioritize keeping sensitive data within Nigeria where possible

10. Security Measures

10.1 Technical Security

  • Encryption in Transit: HTTPS/TLS 1.2+ for all connections
  • Encryption at Rest: Firebase Firestore provides Google-managed encryption
  • Authentication: Firebase Auth with email/password and Google OAuth
  • Authorization: Role-based access control (Owner/Admin/Member)
  • Rate Limiting: Protection against brute-force attacks
  • Security Headers: CSP, HSTS, X-Frame-Options via Helmet.js

10.2 Limitations

No security measure is 100% secure. While we work to protect your data, we cannot guarantee absolute security against all possible attacks.

11. Children's Privacy

Alps is not intended for children under 13 years old. We do not knowingly collect personal data from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.

Parents/guardians who believe their child's data was collected should contact info@tryalps.com immediately.

12. Privacy Updates & Changes

12.1 Updates to This Policy

We may update this Privacy Policy to reflect:

  • Changes to our data practices
  • New features or integrations
  • Legal or regulatory requirements
  • Other operational changes

Notice of Changes

We will provide 30 days' notice of material changes by:

  • Updating the "Last Updated" date at the top
  • Sending email notification to your registered email
  • Posting a notice on the Alps website

Your Acceptance: Continuing to use Alps after changes are effective means you accept the updated policy.

13. Privacy Laws in Other Jurisdictions

13.1 Multi-Jurisdictional Compliance

If your customers or data subjects are located outside Nigeria, we comply with applicable privacy laws:

  • NDPR (Nigeria): Our primary compliance framework
  • POPIA (South Africa): Protection of Personal Information Act
  • GDPR (EU/EEA): General Data Protection Regulation
  • CCPA/CPRA (California, USA): California Consumer Privacy Act
  • LGPD (Brazil): Lei Geral de Proteção de Dados
  • Other African Frameworks: We work to comply with data protection requirements across African jurisdictions

We aim to comply with all applicable laws where your data subjects are located. Specific accommodations for your jurisdiction available upon request.

14. Contact Information

Alps

Lagos, Nigeria

For General Inquiries:

Email: support@alps.com

For Privacy Concerns:

Email: info@tryalps.com

Regulatory Contacts

Nigeria - National Data Protection Bureau (NDPB):

Federal Ministry of Communications and Digital Economy, Abuja, Nigeria

If you're unsatisfied with our response, you have the right to lodge a complaint with the National Data Protection Bureau or pursue legal remedies through Nigerian courts.