Last updated: June 2025
This Privacy Policy explains how Alphanomic ("we", "us", "our") collects and uses personal data when you visit our website, contact us, start a trial, or use our workforce management platform and related services (together, the "Services").
We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
Data controller: Alphanomic
Contact email: hello@alphanomic.co.uk
If you use Alphanomic through your employer or another organisation, that organisation is usually the data controller for employee and workforce data processed in the platform. Alphanomic typically acts as a data processor for that customer data under a separate data processing agreement. This Privacy Policy covers data we control directly, for example, website visitors, trial sign-ups, sales enquiries, billing contacts, and account holders who contract with us.
If you have questions about workforce data held by your employer in Alphanomic, contact your employer first.
2. Personal data we collect
Depending on how you use the Services, we may collect:
Website, marketing, and sales enquiries
- Name, work email address, phone number, company name, job title, and message content
- Trial and demo request details (team size, industry, locations, priorities)
- Technical and usage data (IP address, browser type, device information, pages viewed, referral source)
- Communications with our team (email and support messages)
Platform users (customer accounts)
- Account and profile details (name, email, role, site/location assignments)
- Workforce and employment-related data entered by you or your organisation (for example schedules, attendance, leave, documents, training records, and operational notes)
- Log and audit data (sign-in activity, configuration changes, and support interactions)
Billing and payment (paid customers)
- Billing contact name, work email, company name, and VAT or tax registration details where provided
- Subscription plan, seat count, invoice history, and payment status
- Payment method details processed by Polar (for example card type and last four digits). We do not store full payment card numbers on our servers
We do not intentionally collect special category data unless your organisation chooses to store it in the platform and has a lawful basis to do so.
3. How we collect data
- Directly from you: forms on our website, trial or demo requests, emails, and account registration
- From your organisation: when an administrator provisions your account or uploads workforce records
- Automatically: through cookies and similar technologies (see our Cookie Policy)
- From service providers: for example Polar (billing), email delivery status, or security verification (see Section 8)
4. How and why we use personal data
| Purpose | Typical lawful basis (UK GDPR) |
|---|---|
| Process subscriptions, invoices, and payments | Performance of a contract / legal obligation |
| Provide, operate, and support the Services | Performance of a contract / legitimate interests |
| Process trial, demo, and sales enquiries | Legitimate interests / steps prior to contract |
| Send service, security, and account-related communications | Performance of a contract / legitimate interests |
| Improve the website and Services | Legitimate interests |
| Monitor security, prevent abuse, and verify forms | Legitimate interests / legal obligation |
| Comply with law, regulation, or valid legal requests | Legal obligation |
| Marketing about Alphanomic (where permitted) | Consent or legitimate interests |
We will notify you when we rely on consent and explain how to withdraw it. Withdrawing consent does not affect processing already carried out lawfully.
5. Marketing communications
We may send product updates or marketing emails where allowed by law. You can opt out at any time using the unsubscribe link in an email or by contacting hello@alphanomic.co.uk.
6. Who we share personal data with
We share personal data only where necessary:
- Your organisation: if you use Alphanomic as an employee or manager, data is visible to authorised users within your organisation according to its settings
- Service providers (processors): hosting, payment processing, email delivery, analytics, security, and support tools that help us run the Services (see Section 8)
- Professional advisers: lawyers, accountants, or insurers where required
- Regulators and authorities: when required by law or to protect rights, safety, and security
We do not sell personal data.
7. International transfers
Personal data may be accessed or processed by authorised Alphanomic personnel and trusted service providers outside the country where you are located, where necessary to deliver, secure, maintain, and support the Services.
Where transfers are made to countries without an adequacy decision under UK GDPR, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), UK Addendum to EU Standard Contractual Clauses, or EU Standard Contractual Clauses (SCCs), together with transfer risk assessments where required.
Payment processing: Subscriptions and card payments are handled by Polar under Polar's privacy policy. Payment details are entered on secure checkout pages operated by Polar. We do not store full payment card numbers on our systems.
You may request more information about transfers relevant to your data by contacting us.
8. Sub-processors and third-party services
We use trusted providers to deliver the Services. These may include:
| Provider | Purpose |
|---|---|
| Cloud hosting | Website and application hosting |
| Polar | Subscription billing, checkout, and payment processing |
| Email delivery | Contact, trial, and transactional messages |
| Security / bot protection | Form verification and abuse prevention |
| Analytics | Website usage measurement (where enabled, consent-based) |
A current list of sub-processors is published on our Sub-processors page. We require processors to protect personal data under written terms consistent with UK GDPR Article 28. A signed Data Processing Agreement (DPA) is available on request, see our DPA overview.
9. Data retention
We keep personal data only as long as necessary for the purposes described in this policy, including:
- Sales and marketing enquiries: typically up to 24 months after last contact, unless a longer period is needed for active discussions or legal claims
- Billing and payment records: for the period required by applicable tax, accounting, and dispute-resolution obligations
- Customer account and platform data: for the subscription term and a reasonable period afterwards for backups, billing, disputes, and legal obligations
- Website logs and security records: typically up to 12 months unless needed for incident investigation
Your organisation may apply its own retention rules to workforce data stored in Alphanomic.
When data is no longer required, we delete or anonymise it securely.
10. Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit, monitoring, and staff confidentiality obligations. No online service can be guaranteed 100% secure. Please use strong passwords and notify us promptly of any suspected unauthorised access.
11. Your rights under UK GDPR
Where Alphanomic is the data controller, you may have the right to:
- Access: request a copy of your personal data
- Rectification: correct inaccurate or incomplete data
- Erasure: request deletion in certain circumstances
- Restriction: limit how we use your data in certain cases
- Object: object to processing based on legitimate interests or direct marketing
- Data portability: receive data you provided in a structured, machine-readable format where applicable
- Withdraw consent: where processing is based on consent
We may need to verify your identity before responding. We aim to respond within one month, as required by UK GDPR.
If your employer controls workforce data in the platform, direct most employment-related requests to your employer. We will assist them where we act as processor.
12. Automated decision-making
We do not use solely automated decision-making that produces legal or similarly significant effects about individuals without appropriate safeguards and notice.
13. Children
The Services are intended for business use and are not directed at children under 18. We do not knowingly collect personal data from children.
14. Cookies
Our website uses cookies and similar technologies. For details, including how to manage preferences, see our Cookie Policy.
15. Complaints
If you are unhappy with how we handle personal data, contact us first at hello@alphanomic.co.uk.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):
- Website: ico.org.uk/make-a-complaint
- Telephone: 0303 123 1113
16. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on this page and change the "Last updated" date. Material changes may also be communicated by email or in-product notice where appropriate.
17. Contact us
Email: hello@alphanomic.co.uk
For data protection enquiries, include "Privacy" in the subject line so we can route your request promptly.