1. Introduction
System Alphas (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website (www.systemalphas.com), engage our AI agent and workflow automation services, or otherwise interact with us.
This policy applies to all users, including those located in the European Economic Area (EEA), United Kingdom (UK), and the United States. We comply with the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) where applicable, the California Consumer Privacy Act (CCPA), and other relevant data protection laws.
2. Data Controller Information
Entity: System Alphas
Address: 30 N Gould St, Ste R, Sheridan, WY 82801, USA
Email: contact@systemalphas.com
Phone: +1 (929) 568-8522
For GDPR purposes, System Alphas is the Data Controller. If you are located in the EEA/UK and have concerns about our data processing, you may contact us directly or lodge a complaint with your local supervisory authority.
3. Information We Collect
3.1 Information You Provide Directly
- Contact information: company name, email address, phone number
- Booking form data: timezone, preferred call time, call focus/topic
- Newsletter subscription: email address
- Communications: content of emails, messages, and strategy call discussions
- Engagement data: project scope documents, business requirements, technical specifications
3.2 Information Collected Automatically
- Device and browser information (type, version, operating system)
- IP address and approximate geolocation
- Pages visited, time spent, click patterns, and referral URLs
- Cookies and similar tracking technologies (see Section 10)
3.3 Information from Third Parties
- Analytics providers (e.g., Google Analytics)
- Payment processors for billing information (we do not store full payment card details)
- Integration platforms used during service delivery (n8n, CRM, helpdesk data as authorized by you)
3.4 Protected Health Information (PHI) — HIPAA
If your engagement involves the processing of Protected Health Information as defined under HIPAA, we will execute a Business Associate Agreement (BAA) prior to accessing any PHI. We do not collect, use, or disclose PHI except as expressly authorized under a signed BAA and in compliance with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule.
4. Legal Bases for Processing (GDPR)
Under GDPR, we process personal data based on one or more of the following legal bases:
| Legal Basis | Description |
|---|---|
| Consent (Art. 6(1)(a)) | Newsletter subscriptions, cookie preferences, and optional marketing communications. |
| Contractual Necessity (Art. 6(1)(b)) | Processing necessary to deliver our AI agent and workflow automation services under a signed agreement. |
| Legitimate Interest (Art. 6(1)(f)) | Website analytics, security monitoring, fraud prevention, and business development outreach. |
| Legal Obligation (Art. 6(1)(c)) | Tax, accounting, and regulatory compliance requirements. |
5. How We Use Your Information
- To deliver, maintain, and improve our AI agent and workflow automation services
- To process bookings and schedule strategy calls
- To communicate project updates, deliverables, and post-launch support
- To send newsletters and marketing communications (with your consent)
- To analyze website usage and optimize user experience
- To comply with legal obligations, resolve disputes, and enforce agreements
- To detect, prevent, and address fraud, security issues, and technical problems
6. Data Sharing and Disclosure
We do not sell your personal information. We may share data with:
- Service Providers: Cloud hosting, payment processors, analytics tools, and communication platforms that assist in service delivery, bound by data processing agreements.
- AI and Integration Partners: Third-party AI model providers (e.g., OpenAI, Anthropic, Google) and integration platforms (e.g., n8n) solely to deliver contracted services. Data shared is minimized to what is necessary.
- Legal Requirements: When required by law, regulation, subpoena, or court order.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice provided to affected users.
- With Your Consent: Any other sharing requires your explicit prior consent. A current list of our sub-processors is available on request. We will notify you at least 30 days before engaging any new sub-processor that processes Personal Data.
7. International Data Transfers
Your data may be transferred to and processed in the United States. For transfers from the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, the EU-U.S. Data Privacy Framework where applicable, or other legally recognized transfer mechanisms to ensure adequate protection of your data.
8. Data Retention
- Client engagement data: Retained for the duration of the service relationship plus 3 years, or as required by law.
- Website analytics data: Retained for up to 26 months.
- Newsletter subscriptions: Until you unsubscribe.
- Booking and contact form data: Retained for 12 months after last interaction unless an engagement begins.
- PHI (if applicable): Retained and disposed of in accordance with HIPAA regulations and the terms of the executed BAA (minimum 6 years from date of creation or last effective date).
9. Your Rights
9.1 GDPR Rights (EEA/UK Residents)
- Right of Access: Obtain a copy of your personal data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data (subject to legal exceptions).
- Right to Restrict Processing: Limit how we use your data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing.
- Right to Lodge a Complaint: File a complaint with your local data protection authority.
To exercise any right, email contact@systemalphas.com. We will respond within 30 days.
9.2 CCPA Rights (California Residents)
- Right to Know: What personal information we collect, use, and disclose.
- Right to Delete: Request deletion of personal information.
- Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information).
- Right to Non-Discrimination: No penalty for exercising your privacy rights.
9.3 HIPAA Rights (Where Applicable)
If we process your PHI under a BAA, you have rights under HIPAA including the right to access, amend, and receive an accounting of disclosures of your PHI, and to request restrictions on certain uses. These rights are detailed in the applicable BAA.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance website functionality and analyze usage. Categories include:
| Cookie Type | Purpose | Retention |
|---|---|---|
| Strictly Necessary | Essential website functionality, security | Session / up to 12 months |
| Analytics | Usage patterns, page views, site optimization | Up to 26 months |
| Marketing | Campaign effectiveness (if enabled) | Up to 12 months |
You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect site functionality.
11. Data Security
We implement industry-standard technical and organizational measures to protect your data, including:
- Encryption of data in transit (TLS 1.2+) and at rest
- Role-based access controls and principle of least privilege
- Regular security assessments and vulnerability reviews
- Incident response procedures and breach notification protocols
- Employee and contractor confidentiality agreements and security training
For HIPAA-covered engagements, additional safeguards include audit logging, access monitoring, automatic session timeouts, and encryption standards meeting NIST guidelines as specified in the BAA.
12. Children’s Privacy
Our services are not directed to individuals under 16 years of age (or under 13 in the United States). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.
13. Third-Party Links and Services
Our website and services may contain links to third-party websites or integrate with third-party platforms. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies independently.
14. Do Not Track Signals
Our website currently does not respond to “Do Not Track” browser signals. However, you can manage tracking preferences through our cookie consent banner and browser settings.
15. AI Transparency and Automated Decision-Making
In compliance with the EU Artificial Intelligence Act (Regulation (EU) 2024/1689), the California AI Transparency Act (SB 942), and other applicable AI transparency laws, we disclose the following: (a) our services involve the development and deployment of AI agents and automated workflow systems; (b) where AI-generated content or automated decisions may be presented to end users, appropriate disclosures will be implemented; (c) we do not use fully automated decision-making that produces legal or similarly significant effects on individuals without human oversight; and (d) AI agents deployed on behalf of clients are subject to human review and validation requirements as specified in our service agreements. If you interact with an AI agent as part of a client’s service, you may request information about the AI’s role by contacting the client directly or System Alphas at contact@systemalphas.com.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and/or a prominent notice on our website. The “Last Updated” date at the top reflects the most recent revision. Continued use of our services after changes constitutes acceptance.
17. Contact Us
For questions, concerns, or to exercise your privacy rights:
Email: contact@systemalphas.com
Phone: +1 (929) 568-8522
Address: System Alphas, 30 N Gould St, Ste R, Sheridan, WY 82801, USA
For GDPR-specific inquiries, please include “GDPR Request” in your email subject line. We aim to respond to all data protection requests within 30 calendar days.