Legal Documents
Privacy Policy
Last updated July 1st 2026
1. Introduction
Welcome to Alps ("Service," "Platform," "we," "us," or "our"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and process your personal data. This Privacy Policy explains our practices regarding data collection and your rights under applicable privacy laws, particularly the Nigeria Data Protection Regulation (NDPR) and other applicable Nigerian and international data protection frameworks.
This Privacy Policy applies to:
- Users who create and manage support desks on our platform
- Customers/visitors who interact with public support widgets
- Team members invited to workspaces
- Any individual whose data is processed by Alps
By accessing or using Alps, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
2. Data Controller & Contact Information
Compliance Officer (Data Protection)
Email: info@tryalps.com
For privacy inquiries, data subject requests, or to exercise your rights under the NDPR, contact us at info@tryalps.com. We aim to respond to all inquiries within 14 days.
3. What Personal Data We Collect
3.1 Account Creation & User Profile Data
When you sign up for Alps, we collect:
- Identity Information: First name, last name, email address
- Authentication: Password (stored securely via Firebase Auth)
- Profile Details: Display name, profile picture, company name
- Contact Information: Phone number, city, state, country
Legal Basis: Contract; Legitimate Interest
3.2 Workspace & Team Data
- Workspace Members: Email addresses, names, roles (owner/admin/member), permissions, join date
- Workspace Settings: Branding (logo, colors, fonts), help center customization
- Invitations: Email addresses of invited users, invitation tokens
Legal Basis: Contract; Legitimate Interest
3.3 Customer Conversation Data
When customers interact with your support desk:
- Customer Identity: Name, email address, phone number
- Conversation Metadata: Status, priority, assigned agent, labels/tags, timestamps
- Messages: Message content, sender type, direction, timestamps, attachments
- Notes: Agent-only internal notes with timestamps and author information
Legal Basis: Contract; Legitimate Interest
3.4 Contact Data
We store detailed contact records for customers and leads:
- Contact Identity: Full name, email address, phone number, company name
- Professional Information: Job title, job role, department
- Address Information: Street address, city, state/province, country, postal code, website
- Custom Attributes: Flexible custom fields defined by you
Legal Basis: Contract; Legitimate Interest
3.5 Billing & Payment Data
- Account Owner Information: Email address, workspace owner name
- Subscription Information: Plan tier, number of seats, subscription status, trial end date
- Payment Records: Transaction amounts, currency, payment status, invoice PDFs
Legal Basis: Contract; Legal Obligation
5. How We Use Your Personal Data
5.1 Service Delivery
- Create and manage your account
- Route and deliver customer support messages
- Process payments and manage subscriptions
- Provision and customize your workspace/help center
5.2 Communication
- Send account verification emails
- Send workspace invitations
- Send billing notifications
- Send service updates and announcements
5.3 Analytics & Improvement
- Analyze usage patterns to improve the platform
- Monitor system performance and uptime
- Identify technical issues and bugs
6. Who We Share Your Data With
6.1 Third-Party Service Providers
We share data with trusted service providers under Data Processing Agreements:
- Google Firebase – Database, authentication, cloud storage
- Amazon Web Services (AWS SES) – Email delivery
- Paystack – Payment processing
- Cloudinary – File upload & CDN storage
- Pusher – Real-time message delivery
6.2 User-Initiated Integrations
When you connect integrations, we share data as necessary:
- Meta/WhatsApp – Send/receive messages
- Asana – Create tasks from conversations
- Trello – Create cards from conversations
- Email (IMAP) – Sync inbound emails
7. Data Retention
7.1 Retention Periods
| Data Type | Retention Period |
|---|---|
| Account/User Profile | Until account deletion |
| Conversations & Messages | Until manually deleted |
| Payment/Invoice Records | 7 years (legal requirement) |
| Email Logs | 90 days |
| Deleted Account Data | 30 days (backup retention) |
7.2 Account Deletion
When you delete your workspace or account:
- All workspace data is marked for deletion
- Payment records are retained for 7 years (legal requirement)
- Backup copies may persist for up to 30 days
- All OAuth integrations are disconnected
8. Your Rights Under the NDPR
Right to Access
You can request a copy of the personal data we hold about you.
Email info@tryalps.com with subject "Access Request (NDPR)" • Response: 14 days
Right to Rectification
You can correct inaccurate, incomplete, or misleading data.
Log into Alps and update your profile, or email info@tryalps.com • Response: 14 days
Right to Erasure (Right to Be Forgotten)
Under certain conditions, you can request deletion of your data.
Email info@tryalps.com with subject "Erasure Request (NDPR)" • Response: 14 days
Right to Data Portability
You can request your data in a portable, commonly-used format (CSV/JSON).
Email info@tryalps.com with subject "Data Export Request (NDPR)" • Response: 14 days
Right to Object
You can object to processing for marketing, profiling, or legitimate interest purposes.
Unsubscribe links in emails, or email info@tryalps.com to opt out
9. Data Location & Cross-Border Transfers
9.1 Where Your Data Is Stored
- Primary Infrastructure: Google Cloud (Firebase Firestore) - globally distributed
- Email Service: Amazon Web Services (AWS SES) - us-east-2 region (USA)
- Payment Processing: Paystack - Lagos, Nigeria
- File Storage: Cloudinary - global CDN
9.2 Data Transfers Outside Nigeria
When your data is transferred outside Nigeria:
- We ensure transfers are lawful under the NDPR
- We implement appropriate safeguards (encryption, agreements)
- We prioritize keeping sensitive data within Nigeria where possible
10. Security Measures
10.1 Technical Security
- Encryption in Transit: HTTPS/TLS 1.2+ for all connections
- Encryption at Rest: Firebase Firestore provides Google-managed encryption
- Authentication: Firebase Auth with email/password and Google OAuth
- Authorization: Role-based access control (Owner/Admin/Member)
- Rate Limiting: Protection against brute-force attacks
- Security Headers: CSP, HSTS, X-Frame-Options via Helmet.js
10.2 Limitations
No security measure is 100% secure. While we work to protect your data, we cannot guarantee absolute security against all possible attacks.
11. Children's Privacy
Alps is not intended for children under 13 years old. We do not knowingly collect personal data from children under 13. If we learn we have collected data from a child under 13, we will delete it promptly.
Parents/guardians who believe their child's data was collected should contact info@tryalps.com immediately.
12. Privacy Updates & Changes
12.1 Updates to This Policy
We may update this Privacy Policy to reflect:
- Changes to our data practices
- New features or integrations
- Legal or regulatory requirements
- Other operational changes
Notice of Changes
We will provide 30 days' notice of material changes by:
- Updating the "Last Updated" date at the top
- Sending email notification to your registered email
- Posting a notice on the Alps website
Your Acceptance: Continuing to use Alps after changes are effective means you accept the updated policy.
13. Privacy Laws in Other Jurisdictions
13.1 Multi-Jurisdictional Compliance
If your customers or data subjects are located outside Nigeria, we comply with applicable privacy laws:
- NDPR (Nigeria): Our primary compliance framework
- POPIA (South Africa): Protection of Personal Information Act
- GDPR (EU/EEA): General Data Protection Regulation
- CCPA/CPRA (California, USA): California Consumer Privacy Act
- LGPD (Brazil): Lei Geral de Proteção de Dados
- Other African Frameworks: We work to comply with data protection requirements across African jurisdictions
We aim to comply with all applicable laws where your data subjects are located. Specific accommodations for your jurisdiction available upon request.
14. Contact Information
Alps
Lagos, Nigeria
For General Inquiries:
Email: support@alps.com
For Privacy Concerns:
Email: info@tryalps.com
Regulatory Contacts
Nigeria - National Data Protection Bureau (NDPB):
Federal Ministry of Communications and Digital Economy, Abuja, Nigeria
If you're unsatisfied with our response, you have the right to lodge a complaint with the National Data Protection Bureau or pursue legal remedies through Nigerian courts.
Table of Contents: