Privacy Policy
This Privacy Policy explains how AlphaSOC, Inc. ("AlphaSOC", "we", "us", or "our") collects, uses, and protects personal data when you visit our website at https://alphasoc.com, contact us, request a demo, or otherwise interact with us through this site.
For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, AlphaSOC, Inc. is the data controller for the personal data described in this policy.
Last updated: June 26, 2026
Scope of This Policy
This policy covers personal data we process as a controller in connection with our website and our sales, marketing, and support activities. It applies to website visitors, prospective customers, and anyone who contacts us through the site.
This policy does not cover the telemetry and log data that customers send to the AlphaSOC detection engine to receive the Services. When we process that data to deliver the Services, we act as a data processor on behalf of the customer, and that processing is governed by the customer agreement and an accompanying Data Processing Agreement (DPA), not by this policy. Customers who need a copy of the DPA can contact us at privacy@alphasoc.com.
If you register for a console account at console.alphasoc.net, we collect the email address you use to sign in, which is usually a corporate email address, along with the account credentials needed to access the Services. We use this information to create and secure your account and to provide access to the evaluation or commercial API. We act as a controller for this account information. The telemetry and log data you subsequently send into the detection engine is covered by the customer agreement and DPA, not by this policy.
Information We Collect
Information you provide to us
When you complete a contact or demo request form, book a demo, subscribe to a newsletter, or email us, we collect the information you choose to provide. This typically includes your name, work email address, company name, and the content of your message or enquiry.
If you register for a console account at console.alphasoc.net, we collect the email address you use to sign in, which is usually a corporate email address, along with the account credentials needed to access the Services. We use this information to create and secure your account and to provide access to the evaluation or commercial API. We act as a controller for this account information. The telemetry and log data you subsequently send into the detection engine is covered by the customer agreement and DPA, not by this policy.
Information we collect automatically
When you visit the website, we and our service providers automatically collect certain technical information, including your IP address, device and browser type, referring pages, pages viewed, and the dates and times of your visits. We collect this information using server logs, cookies, and similar technologies described below.
Information we receive from other sources
We may receive information about you or your organization from third parties and combine it with information we hold. For example, we may collect contact details you share with us at conferences and events. We only combine this with our own records where we have a lawful basis to do so.
How We Use Your Information and Our Legal Bases
We process personal data for the following purposes and on the following legal bases under the GDPR and UK GDPR.
| Purpose | Legal basis |
|---|---|
| Respond to your enquiries and demo requests, and provide information about the Services | Performance of, or steps prior to entering into, a contract; or our legitimate interest in responding to you |
| Create and secure console accounts and provide access to the Services | Performance of a contract, or steps prior to entering into one |
| Operate, secure, and maintain the website | Our legitimate interest in keeping the site available and protected from abuse |
| Measure and improve website performance and usability | Your consent |
| Send marketing communications and serve interest-based advertising | Your consent |
| Comply with legal obligations | Compliance with a legal obligation |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You can object to this processing as described under "Your Rights".
Service Providers We Share Data With
We do not sell personal data for money. We share personal data with service providers who process it on our behalf, under contract and only for the purposes described above. These currently include:
| Service provider | Purpose |
|---|---|
| Analytics, Tag Manager, and demo scheduling | |
| Microsoft | Clarity session analytics |
| Advertising and campaign measurement (Insight Tag) |
We may also disclose personal data where required by law, to enforce our terms, or to protect the rights, property, or safety of AlphaSOC, our users, or others.
If AlphaSOC is involved in a merger, acquisition, financing, reorganization, or sale of all or part of its assets, personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data, and of any choices you may have, where required by law.
Interest-Based Advertising and Your Choices
We use the LinkedIn Insight Tag to deliver and measure ads on LinkedIn based on your activity on our site. Under some privacy laws, including the California Consumer Privacy Act as amended, this use of advertising technologies may be considered a "sale" or "sharing" of personal information, even though no money changes hands.
You can limit interest-based advertising by adjusting cookie settings on our site (where a consent mechanism is provided), blocking third-party cookies in your browser, or using the opt-out tools offered by the Network Advertising Initiative (https://optout.networkadvertising.org) and the Digital Advertising Alliance (https://optout.aboutads.info). We also honor Global Privacy Control (GPC) signals as an opt-out of sale or sharing where required by law.
Marketing Communications
If you opt in to marketing emails or our newsletter, you can unsubscribe at any time using the link in any marketing email or by contacting us using the details below. You may continue to receive service-related and transactional messages, such as responses to your enquiries, that are not promotional.
International Data Transfers
AlphaSOC is based in the United States, and our analytics and advertising providers, including Google, Microsoft, and LinkedIn, process data in the United States. Where we transfer personal data outside the European Economic Area or the United Kingdom, we rely on the EU-US Data Privacy Framework and its UK Extension, and on the European Commission's Standard Contractual Clauses (with the UK Addendum) where a provider is not certified under the Framework.
Data Retention
We keep personal data only for as long as necessary for the purposes set out in this policy, after which we delete or anonymize it.
- Enquiry and lead data: for as long as the business relationship continues, and for a limited period afterward.
- Console account data: for as long as the account is active, and for a limited period after it is closed.
- Website analytics data: 14 months (Google Analytics 4 default retention period).
- Server and security logs: up to 12 months.
Your Rights
If you are in the European Economic Area or the United Kingdom, you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data;
- request restriction of, or object to, our processing;
- request portability of data you provided to us;
- withdraw consent at any time, where we rely on consent; and
- lodge a complaint with a supervisory authority.
To exercise any of these rights, contact us using the details below. We may need to verify your identity before acting on a request, and we may ask for information sufficient to confirm it is you making the request. You can lodge a complaint with your local supervisory authority. In the European Union this includes the Irish Data Protection Commission (https://www.dataprotection.ie); in the United Kingdom, the Information Commissioner's Office (https://ico.org.uk).
California Privacy Rights
If you are a California resident, you have the right to know what personal information we collect, to access and delete it, to correct inaccurate information, and to opt out of any sale or sharing of personal information. We do not sell your personal information for money. However, our use of advertising cookies such as the LinkedIn Insight Tag may be considered a sale or sharing under California law. You can opt out using the methods described under "Interest-Based Advertising and Your Choices", including by enabling Global Privacy Control in your browser. We will not discriminate against you for exercising your rights, and we will verify your identity before responding.
Data Security
We maintain technical and organizational measures appropriate to the risk to protect personal data against unauthorized access, loss, or misuse. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
Children's Privacy
The website is intended for business users and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe a child has provided us with personal data, contact us and we will delete it.
Third-Party Links
The website may link to third-party sites and resources that we do not control. This policy does not apply to those sites, and we are not responsible for their privacy practices. Review their privacy policies before providing any personal data.
Changes to This Policy
We may update this policy from time to time. We will post any changes on this page and update the "Last updated" date above. Significant changes will be communicated where required by law.
Contact Us
For any question about this policy or to exercise your rights, contact:
PrivacyAlphaSOC, Inc.315 Montgomery St #900, San Francisco, CA 94104
privacy@alphasoc.com
+1 (888) 978-4915