Privacy Policy

This Privacy Policy explains how AlienRise Ltd collects, uses, shares, and protects personal data when you interact with our website, services, or our clients who use our platform. It applies to both our business clients and the end-users whose data is processed through our platform.

1. Who we are

AlienRise Ltd ("we", "our", "us") is a company registered in England and Wales (Company No. 16578597), with our registered address at:

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ

We provide software services that help local businesses manage and automate their customer communications.

2. How to contact us

If you have questions or concerns about your data, please contact our Privacy Officer at:

3. What data we collect

Depending on how you interact with us or our clients (local businesses/clinics), we may process the following types of data:

• First and last name
• Email address
• Phone number
• Review content (which may include personal opinions or health-related information you choose to share voluntarily)
• Business account details (for our business clients)
• IP address and browser/device information
• Technical metadata (e.g., timestamps, communication logs)
• Cookie identifiers and usage data (see our Cookie Policy)

4. How we use your data

We process this data to:

• Send review requests and reminders (A2P messaging) on behalf of our business clients
• Deliver newsletters and other communications where you've consented
• Help our clients display and manage your feedback
• Provide, improve, and secure our services
• Comply with legal and regulatory obligations

5. Lawful basis for processing

We rely on the following lawful bases:

• Contract: Where processing is necessary to deliver our services to you or our clients
• Consent: For direct marketing emails and cookies, where required
• Legitimate interests: To run our business efficiently, manage relationships with our clients, and deliver requested communications

6. Controller vs Processor Role

In most cases, AlienRise Ltd acts as a data processor on behalf of our business clients (the data controllers), especially when handling review requests or processing customer contact data.

We act as a data controller when processing personal data of our own users (e.g., business clients who sign up for our services, or visitors to our website).

7. Who we share your data with

We only share data with third parties when necessary to deliver our services, and only with providers who have signed a Data Processing Agreement (DPA) with us. Some of these providers may be located outside the UK (see section 8).

Our sub-processors include:

• GoHighLevel, for secure CRM storage and delivery of mailing and SMS communications
• CRM-Connector and/or Zapier, for securely syncing CRM data
• Twilio and TextGrid, for SMS delivery
• Mailgun and Postmark, for transactional and marketing email delivery

8. International transfers

We may transfer data outside the UK where necessary, including to trusted processors in countries with appropriate safeguards, such as the use of Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner.

9. How long we keep your data

We retain personal data only as long as necessary for the purposes described above:

• Contact details: For the duration of the service relationship plus up to 12 months for record-keeping
• Review content: As long as the client relationship exists or until deletion is requested

10. Your data rights

Under UK GDPR, you have the right to:

• Access your personal data
• Correct your data
• Request deletion of your data
• Restrict or object to certain processing
• Request a copy of your data in a machine-readable format
• Withdraw your consent at any time (where processing is based on consent)

To exercise any of these rights, contact: privacy@alienrise.ai

We will respond within one month.

11. How we protect your data

We use technical and organisational measures to safeguard personal data, including:

• Encrypted connections (HTTPS/TLS)
• Access controls and user permissions
• Integration audit logs
• Regular reviews of third-party sub-processors

11.1 Data Breach Notification

In the event of a personal data breach, AlienRise Ltd will assess the situation promptly and take appropriate action in accordance with UK GDPR and the Data Protection Act 2018.

Where legally required, we will notify the UK Information Commissioner's Office (ICO) within 72 hours and inform affected individuals if there is a high risk to their rights or freedoms.

If you believe your data may have been affected by a breach, please contact us immediately at:
📧 privacy@alienrise.ai

12. Complaints

If you are not satisfied with how we handle your data, you may lodge a complaint with the UK's Information Commissioner's Office (ICO):
Website: www.ico.org.uk

13. Updates

We may update this Privacy Policy from time to time. When we do, we will post the new version on our website and update the "Last updated" date at the top of this page.

14. Cookies

Our website uses cookies and similar technologies to help us understand how you use our site, improve performance, and provide a better experience.

You can manage your cookie preferences via your browser or through our cookie banner.

For more information, please see our Cookie Policy.

15. Children's data

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected such data, we will delete it promptly.

16. Automated decision-making

We do not use your data for automated decision-making that produces legal or significant effects.