1. Who We Are
Alphaion provides sensor technology products, services, educational content, product quotations, and related digital experiences. For this policy, "Alphaion", "we", "our", and "us" refer to the operator of this website and the Alphaion services available through it.
Privacy contact: contact@alphaion.io. Users may also reach us through the contact page.
2. Legal And Privacy Frameworks We Follow
We design this policy and our data practices with reference to the Digital Personal Data Protection Act, 2023 and applicable DPDP Rules in India, the EU General Data Protection Regulation, UK/EU privacy and electronic marketing principles, and Google API Services User Data Policy requirements for OAuth applications.
Where a stricter privacy standard applies to a user or processing activity, including GDPR-style transparency, consent, withdrawal, access, correction, erasure, objection, and portability expectations, we aim to apply that higher standard where legally required or reasonably practical.
3. Personal Data We Collect
| Category | Examples | How It Is Collected |
|---|---|---|
| Account and identity data | Name, email address, phone number, account status, login provider, email verification state. | Sign-up forms, login forms, Google OAuth, LinkedIn OAuth, and profile updates. |
| Google sign-in data | Google account identifier, verified email, name, profile picture URL, ID token verification data. | Only after the user chooses "Sign in with Google" and completes Google's consent/authentication flow. |
| LinkedIn sign-in data | LinkedIn account identifier, verified email, name, profile picture URL. | Only after the user chooses "Sign in with LinkedIn" and completes LinkedIn's consent/authentication flow. |
| Contact and quotation data | Name, email, phone, company name, company email, GST number, address, product interest, quantity, message, subject. | Contact forms, quotation forms, product request forms, and related communications. |
| Website, device, and usage data | Page URL, page title, referrer, browser/device information, session identifier, visitor identifier, event type, timestamps, product or blog interaction, lead score, hashed IP address where enabled. | First-party Alphaion website tracker, server logs, local storage, cookies, and security/rate-limit systems. |
| Marketing communication status | Email subscription status, unsubscribe/opt-out status, consent record, communication preferences. | Subscription forms, consent choices, email opt-out actions, and user requests. |
| Administrative and security data | Admin login activity, role, lockout information, security alerts, audit events. | Admin login systems, Google admin authentication, CRM/admin activity logging, and security monitoring. |
4. Why We Use Personal Data
- To create, verify, secure, and manage user accounts.
- To provide Google and LinkedIn sign-in when users intentionally choose those options.
- To respond to contact requests, product enquiries, quotations, collaboration requests, and support messages.
- To operate the website, dashboards, CRM/tracker, fraud prevention, security controls, rate limiting, and internal audit logs.
- To understand interest in Alphaion products and content so we can improve our own website, services, product communication, and user experience.
- To send regular emails, newsletters, product updates, educational content, or Alphaion marketing only where the user has consented, subscribed, requested information, or where applicable law allows relevant first-party communication.
- To maintain separate subscribed and non-subscribed records so we do not send regular marketing emails to users who have opted out.
- To comply with law, enforce terms, prevent misuse, and protect users, Alphaion, and third parties.
5. Consent And Choice
We collect consent or another valid legal basis before processing personal data where required. Consent may be collected through sign-up forms, contact forms, quotation forms, subscription controls, OAuth consent screens, checkboxes, account settings, email preferences, or direct user requests.
Users can withdraw consent or opt out where applicable. Withdrawing consent does not affect processing that happened lawfully before withdrawal, and it may not stop processing needed for account security, legal compliance, transaction records, or service delivery already requested by the user.
6. Google OAuth And Google User Data
Alphaion uses Google OAuth only to authenticate users and create or access their Alphaion account. The current public Google sign-in flow requests the limited scopes openid, email, and profile. These scopes allow us to verify the user's identity, email address, name, and profile image after the user chooses Google sign-in.
We do not request Gmail, Google Drive, Calendar, Contacts, Photos, or other Google Workspace content scopes for the public website login flow. We do not read, modify, delete, or send emails from a user's Google account.
Google user data is used only for account authentication, fraud prevention, account linking, verified email handling, session creation, and user support connected with the Alphaion account. We do not sell Google user data. We do not use Google user data for third-party advertising, unrelated sales, credit decisions, or profiling outside Alphaion's own account and service context.
Alphaion's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
7. Marketing Emails And Opt-Out
We do not sell personal data to third parties. We may use user contact information for Alphaion's own first-party marketing, educational updates, product announcements, event/news updates, and similar communications only where consent has been given, the user subscribed, the user requested such information, or the communication is otherwise permitted by applicable law.
We maintain records of subscribed and non-subscribed users. Every regular marketing email should include a practical unsubscribe or opt-out method. Users may also opt out by contacting us at contact@alphaion.io. Transactional, account security, legal, quotation, or service messages may still be sent where necessary.
8. Third-Party Applications, Services, And Infrastructure
We use third-party applications and infrastructure only where needed to operate, secure, authenticate, communicate, host, or improve Alphaion services. Depending on deployment and configuration, these may include:
| Provider or component | Purpose | Personal data involved |
|---|---|---|
| Google OAuth / Google Identity | User sign-in, account identity verification, admin sign-in where configured. | Google account identifier, verified email, name, profile picture URL, token verification metadata. |
| LinkedIn OAuth | User sign-in and account identity verification. | LinkedIn account identifier, verified email, name, profile picture URL. |
| Website hosting, server, PHP runtime, Apache/Nginx, and operating environment | Hosting the website, APIs, files, sessions, routing, logs, and security controls. | IP address, request metadata, uploaded/requested content, session and security logs. |
| MySQL/MariaDB database infrastructure | Storing user accounts, contacts, quotations, product data, tracker data, CRM data, and admin data. | Account data, form data, quotation data, tracker events, CRM records, admin records. |
| Alphaion first-party CRM/tracker | Understanding website engagement, product interest, content performance, and user/account activity for Alphaion's own operational and marketing purposes. | Visitor IDs, session IDs, event data, page interactions, emails submitted through forms, hashed IP where enabled, device/browser data. |
| SMTP/email provider or PHP mail service | Sending account, admin, security, quotation, support, and consent-based marketing emails. | Email address, name, message content, communication status, delivery metadata. |
| Google Fonts | Loading web fonts and improving page presentation. | Browser request metadata such as IP address and user-agent may be processed by the font provider. |
| Cloudflare cdnjs and similar public CDNs | Loading frontend libraries such as icons and UI scripts used by the website. | Browser request metadata such as IP address, user-agent, requested file, and referrer may be processed by the CDN. |
| Social platforms such as LinkedIn, Instagram, and X/Twitter | Outbound social links, brand pages, embedded or linked social content where used. | Data users provide directly to those platforms and browser metadata when visiting or interacting with their services. |
| Optional upstream CRM or monitoring endpoint | Forwarding CRM/tracker events where configured for Alphaion operations. | Tracker event payloads, visitor/session data, page interaction metadata, and submitted contact identifiers where included. |
9. Sharing And Disclosure
We may share personal data with service providers and infrastructure vendors that help us operate the website, authenticate users, send emails, host data, secure systems, process user requests, or comply with law. These providers are expected to use personal data only for the services they provide to Alphaion and not for their own unrelated purposes.
We may disclose data when required by law, court order, regulator request, security investigation, business transfer, or to protect the rights, property, or safety of users, Alphaion, or others. We do not sell personal data.
10. Cookies, Local Storage, And Tracking
We use cookies, PHP sessions, browser storage, security tokens, and first-party tracker identifiers to keep users signed in, prevent misuse, remember sessions, measure website engagement, and support CRM activity. Users can control cookies through browser settings, but some account or security features may not work correctly if essential cookies are blocked.
11. Data Security
We take reasonable technical and organisational measures to protect personal data, including access controls, environment-based secrets, OAuth state/nonce checks, password hashing where applicable, session regeneration, rate limiting, server-side validation, data minimisation, logging safeguards, and restricted admin access. No internet service can guarantee absolute security, but we work to reduce risk and respond responsibly.
12. Data Retention
We keep personal data only for as long as needed for the purposes described in this policy, including account management, quotations, customer support, consent records, unsubscribe records, security logs, legal obligations, dispute handling, and business records. When data is no longer needed, we delete, anonymise, or restrict it where reasonably possible.
Unsubscribe and non-subscribed records may be retained to ensure we respect opt-out choices.
13. User Rights
Depending on applicable law, users may request access, correction, update, deletion, restriction, portability, objection to processing, withdrawal of consent, or confirmation of processing. Indian users may also exercise DPDP-style rights and grievance requests where applicable.
To make a request, contact contact@alphaion.io. We may need to verify identity before acting on a request. Some requests may be limited by legal, security, fraud prevention, record keeping, or service delivery requirements.
14. Children
Alphaion services are not intended for children to use without appropriate consent or supervision where legally required. We do not knowingly collect children's personal data for behavioural advertising or sale. If a parent, guardian, or authorised person believes a child has provided personal data without required consent, they may contact us for review.
15. International Transfers
Because internet infrastructure, OAuth providers, CDNs, email providers, and hosting vendors may operate across jurisdictions, personal data may be processed outside the user's state or country. Where required, we use appropriate safeguards and limit transfers to what is needed for the relevant service.
16. Changes To This Policy
We may update this policy when our services, infrastructure, legal obligations, or data practices change. The latest version will be posted on this page with an updated date. Material changes may be communicated through the website, email, or account notices where appropriate.