Privacy Policy

Last updated May 21, 2025

ALINGO AI PRIVACY POLICY

Last Updated: May 21, 2025

1. INTRODUCTION

This Privacy Policy ("Privacy Policy") applies to all processing activities of Alingo AI B.V. (hereinafter "Alingo", "we", "us", or "our") in its capacity as a data controller and/or data processor. Alingo may modify this Privacy Policy from time to time, with the most recent version always accessible on our website.

Alingo respects your privacy and is committed to protecting your personal data. This Privacy Policy informs you about how we collect, use, disclose, and safeguard your personal data when you visit our website (www.alingo.ai, including any related subdomains) or use our services, and tells you about your privacy rights and how the law protects you.

2. CONTROLLER AND PROCESSOR INFORMATION

Data Controller: Alingo

Alingo acts as a data controller for personal data collected through our website, marketing activities, and business interactions. For certain processing activities related to our services, Alingo may act as a data processor on behalf of our Subscribers (the data controllers), with our processing governed by the relevant Subscriber Agreement.

3. PERSONAL DATA WE COLLECT

3.1 Information You Provide to Us

When you create an account, subscribe to our services, or otherwise interact with us, we collect:

  • Account Information: Name, email address, job title, company, telephone number, account credentials and preferences.

  • Payment Information: Billing address, payment method details, and transaction history.

  • Communication Information: Content of emails, chat messages, support tickets, call recordings (with notice), and other communications with us.

  • User Content: Contracts, documents, and other materials you upload, submit or share through our services.

  • Feedback and Survey Responses: Testimonials, reviews, survey responses, and other feedback you provide.

3.2 Information We Collect Automatically

When you visit our website or use our services, we automatically collect:

  • Device and Usage Data: IP address, browser type and version, operating system, device information, time zone setting, location data, and other technology identifiers from devices you use to access our services.

  • Usage Information: Information about how you use our website and services, including clickstream data, features accessed, time spent on pages, search queries, and interaction data.

  • Log Data: Server logs, error reports, security logs, and authentication data.

  • Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies. For more details, please see our Cookie Policy.

3.3 Information from Third Parties

We may receive personal data about you from:

  • Your employer, if they are our Subscriber.

  • Business partners, such as resellers or integration partners.

  • Service providers, including for analytics, fraud detection, and marketing.

  • Publicly available sources, such as public records, social media platforms, and professional directories.

4. HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

4.1 Providing and Managing Our Services

  • Setting up and managing your account.

  • Delivering our services, including contract review, legal research, and document drafting functionalities.

  • Processing payments and maintaining billing records.

  • Providing customer support and responding to inquiries.

  • Communicating service updates and operational notices.

4.2 Improving Our Services

  • Analyzing usage patterns and trends.

  • Debugging issues and optimizing performance.

  • Developing new features and services.

  • Conducting research and statistical analysis.

  • Training and improving our AI systems.

4.3 Marketing and Communications

  • Sending newsletters, updates, and promotional materials (subject to your preferences).

  • Conducting market research and surveys.

  • Organizing and inviting you to events.

  • Managing testimonials and case studies (with your consent).

###, 4.4 Security and Compliance

  • Verifying your identity.

  • Detecting and preventing fraud, abuse, and security incidents.

  • Complying with legal obligations.

  • Enforcing our Terms of Service and other agreements.

  • Establishing, exercising, or defending legal claims.

5. LEGAL BASIS FOR PROCESSING

We process your personal data in accordance with applicable data protection law, including the General Data Protection Regulation (GDPR). The legal bases we rely on include:

  • Contract Performance: Processing necessary for the performance of our contract with you or your organization, or to take steps at your request before entering into a contract.

  • Legitimate Interests: Processing necessary for our legitimate interests, such as managing our business, improving our services, and marketing our offerings, provided these interests are not overridden by your interests or fundamental rights and freedoms.

  • Legal Obligation: Processing necessary to comply with our legal obligations.

  • Consent: Processing based on your specific consent, such as for certain types of marketing communications or collection of certain types of data.

When we rely on legitimate interests, we conduct balancing tests to ensure our interests do not override your fundamental rights and freedoms. If we cannot guarantee this balance, we will either cease to process your personal data for that purpose or establish a new legal basis.

6. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

  • Account Information: For the duration of your account plus a reasonable period thereafter for legal and business purposes.

  • Transaction Data: According to applicable tax and financial regulations (typically 7 years).

  • Communication Records: For the period necessary to resolve inquiries and maintain records of relationship history.

  • Marketing Data: Until you withdraw your consent or opt out.

  • Usage Data: In aggregated or anonymized form for statistical purposes, for up to 3 years.

When personal data is no longer needed, we will securely delete or anonymize it, or if this is not possible (for example, because the data has been stored in backup archives), we will securely store it and isolate it from any further processing until deletion is possible.

7. DISCLOSURE OF YOUR PERSONAL DATA

We may share your personal data with the following categories of recipients:

7.1 Service Providers

  • Hosting and cloud infrastructure (AWS)

  • Payment processing services (Stripe)

  • Customer relationship management systems (Attio CRM)

  • Analytics and monitoring tools

  • Customer support tools

  • Marketing and communication platforms

7.2 Affiliated Companies

With other entities within our corporate structure, who will only use the personal data in a manner consistent with this Privacy Policy.

7.3 Professional Advisors

Legal, accounting, consultants, auditors, insurers, and other professional service providers.

7.4 Legal Requirements

We may disclose your personal data:

  • To comply with a legal obligation, court order, or regulatory inquiry.

  • To protect and defend our rights, property, or safety, or that of our customers or others.

  • In connection with legal proceedings or disputes.

  • To detect and investigate potential fraud or security incidents.

7.5 Business Transfers

In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, in which case personal data held by us about our users would be among the assets transferred.

8. INTERNATIONAL TRANSFERS

Alingo primarily stores and processes your personal data within the European Economic Area (EEA). We do not routinely transfer your personal data outside the EEA.

However, some of our service providers may process personal data outside the EEA. In such cases, we ensure that:

  • The recipient country has been deemed to provide an adequate level of protection for personal data by the European Commission; or

  • We have implemented appropriate safeguards, such as standard contractual clauses approved by the European Commission, binding corporate rules, or other legally approved mechanisms.

You can request more information about these safeguards by contacting us using the details provided in Section 13.

9. DATA SECURITY

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of personal data in transit and at rest.

  • Regular security assessments and penetration testing.

  • Access controls and authentication protocols.

  • Regular backups and disaster recovery procedures.

  • Staff training on data protection and security awareness.

  • Physical security measures for our facilities.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar tracking technologies to collect and use personal data about you. Cookies are small data files placed on your device that allow us to recognize your device and remember certain information.

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the operation of our website and services.

  • Functional Cookies: Enable enhanced functionality and personalization.

  • Performance/Analytics Cookies: Help us understand how visitors interact with our website.

  • Marketing Cookies: Used to track visitors across websites and deliver targeted advertisements.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of our website may become inaccessible or not function properly.

For more detailed information about the cookies we use, please see our Cookie Policy.

11. YOUR LEGAL RIGHTS

Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:

  • Right to Access: Request access to your personal data.

  • Right to Rectification: Request correction of incomplete or inaccurate personal data.

  • Right to Erasure: Request deletion of your personal data in certain circumstances.

  • Right to Restrict Processing: Request restriction of processing of your personal data in certain circumstances.

  • Right to Data Portability: Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

  • Right to Object: Object to processing of your personal data based on legitimate interests or for direct marketing.

  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent to process your personal data.

To exercise any of these rights, please contact us using the details provided in Section 13. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You also have the right to complain to a data protection authority about our collection and use of your personal data. The lead supervisory authority for Alingo is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), but you may contact the supervisory authority in your country of residence.

12. AUTOMATED DECISION-MAKING AND PROFILING

Our services involve automated processing, including profiling, which may produce legal effects concerning you or similarly significantly affect you. Specifically:

  • We use AI technologies to analyze legal documents, identify clauses, assess risk, and generate insights.

  • We may use automated decision-making to determine service eligibility, identify potential security risks, or personalize your experience.

  • We may analyze your usage patterns to customize features and recommend actions.

Where such processing produces legal effects or similarly significantly affects you, we ensure that:

  • It is necessary for entering into or performance of a contract between you and us;

  • It is authorized by Union or Member State law applicable to us and which also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests; or

  • It is based on your explicit consent.

In all cases, you have the right to:

  • Obtain human intervention on our part;

  • Express your point of view regarding automated decisions;

  • Contest any decision based solely on automated processing; and

  • Request an explanation of the logic involved in the automated decision-making.

13. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your legal rights, please contact us:

Email: privacy@alingo.ai

14. LIMITATION OF LIABILITY

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ALINGO SHALL NOT BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES, OR ANY LOSS OF PROFITS OR REVENUES, WHETHER INCURRED DIRECTLY OR INDIRECTLY, OR ANY LOSS OF DATA, USE, GOODWILL, OR OTHER INTANGIBLE LOSSES, RESULTING FROM (A) YOUR ACCESS TO OR USE OF OR INABILITY TO ACCESS OR USE THE SERVICES; (B) ANY CONDUCT OR CONTENT OF ANY THIRD PARTY ON THE SERVICES; (C) ANY CONTENT OBTAINED FROM THE SERVICES; OR (D) UNAUTHORIZED ACCESS, USE, OR ALTERATION OF YOUR TRANSMISSIONS OR CONTENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR ANY OTHER LEGAL THEORY, WHETHER OR NOT WE HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.

IN NO EVENT SHALL ALINGO'S TOTAL LIABILITY TO YOU FOR ALL CLAIMS RELATING TO THE SERVICES EXCEED THE AMOUNT PAID BY YOU TO ALINGO FOR THE SERVICES DURING THE TWELVE (12) MONTH PERIOD PRECEDING THE DATE THE CLAIM AROSE.

THE LIMITATIONS OF THIS SECTION SHALL APPLY TO ANY THEORY OF LIABILITY, WHETHER BASED ON WARRANTY, CONTRACT, STATUTE, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, AND SHALL FURTHER APPLY WHETHER OR NOT ALINGO HAS BEEN INFORMED OF THE POSSIBILITY OF ANY SUCH DAMAGES AND EVEN IF A REMEDY SET FORTH HEREIN IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE.

15. INDEMNITY

YOU AGREE TO DEFEND, INDEMNIFY, AND HOLD HARMLESS ALINGO, ITS OFFICERS, DIRECTORS, EMPLOYEES, AND AGENTS, FROM AND AGAINST ANY CLAIMS, LIABILITIES, DAMAGES, LOSSES, COSTS, OR EXPENSES, INCLUDING, WITHOUT LIMITATION, REASONABLE LEGAL AND ACCOUNTING FEES, ARISING OUT OF OR IN ANY WAY CONNECTED WITH (A) YOUR ACCESS TO OR USE OF THE SERVICES; (B) YOUR VIOLATION OF THIS PRIVACY POLICY OR ANY APPLICABLE LAWS, RULES, OR REGULATIONS; (C) YOUR VIOLATION OF ANY THIRD-PARTY RIGHT, INCLUDING WITHOUT LIMITATION ANY COPYRIGHT, PROPERTY, OR PRIVACY RIGHT; OR (D) ANY CLAIM THAT YOUR CONTENT CAUSED DAMAGE TO A THIRD PARTY.

THIS INDEMNIFICATION OBLIGATION WILL SURVIVE THE TERMINATION OF THIS PRIVACY POLICY AND YOUR USE OF THE SERVICES.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy. The updated Privacy Policy will be effective as soon as it is accessible.

We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information. Your continued use of our services after the revised Privacy Policy has become effective indicates that you have read, understood, and agreed to the current version of this Privacy Policy.

17. GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by and construed in accordance with the laws of the Netherlands, without regard to its conflict of law provisions. You agree that any legal action or proceeding between you and Alingo shall be brought exclusively in the courts located in Amsterdam, the Netherlands, and you hereby consent to the personal jurisdiction and venue of such courts.

© 2025 Alingo AI B.V. All rights reserved.