Privacy Policy

This Privacy Policy applies to organizational users accessing AltCtrl COS on behalf of an entity. AltCtrl COS is not intended for consumer use.

AltCtrl operates across multiple jurisdictions. Where local data protection or privacy laws impose additional or stricter requirements, those requirements apply in addition to this Policy.

AltCtrl COS may collect the following categories of information:

AltCtrl COS does not intentionally collect consumer personal data unless explicitly submitted by an authorized organizational user.

Information is processed for the following purposes:

• Reviewing and managing access to AltCtrl COS
• Operating, maintaining, and securing the system.
• Enforcing governance, readiness evaluation, and execution visibility.
• Supporting auditability, traceability, and system integrity.
• Complying with applicable legal and regulatory obligations.

AltCtrl does not use collected data for consumer marketing or advertising purposes.

AltCtrl processes information based on one or more lawful bases, as applicable under relevant law:

• User consent, where required
• Contractual necessity to provide system access
• Legitimate interests related to security, governance, and system integrity
• Compliance with legal or regulatory obligations

The applicable legal basis depends on jurisdiction and the nature of the data processed.

AltCtrl does not sell personal or organisational data.

Information may be shared only in the following circumstances:

• With authorized users within the same organization
• With trusted service providers acting as data processors under confidentiality obligations
• With regulatory or governmental authorities where required by law
• Where explicitly authorized by the user or organization

All third-party processors are contractually bound to appropriate data protection standards.

AltCtrl COS may process data across jurisdictions to support availability, resilience, and system operations.

Where cross-border transfers occur, AltCtrl applies appropriate safeguards consistent with applicable law, including contractual, technical, and organizational measures. Where data localization is legally required, AltCtrl complies with such requirements.

Information is retained only for as long as necessary to:

• Fulfill governance, orchestration, and operational purposes
• Meet audit, legal, and regulatory obligations

Retention periods may vary by jurisdiction and data category. Data may be deleted, anonymized, or restricted once no longer required.

AltCtrl implements technical and organizational safeguards designed to protect information against unauthorized access, loss, misuse, or alteration, including:

• Encryption of data in transit and at rest
• Role-based access controls
• Monitoring and audit logging

No system can guarantee absolute security, but AltCtrl applies protections appropriate to the nature and sensitivity of the system.

Subject to applicable law, users and organizations may have the right to:

• Request access to information
• Request correction of inaccurate data.
• Request deletion or restriction of processing

Requests may be subject to verification, governance requirements, and legal obligations.

Organizations using AltCtrl COS are responsible for:

• Ensuring they have the legal authority to submit data
• Obtaining any required consents prior to submission
• Complying with applicable data protection and privacy laws in their jurisdiction

AltCtrl is not responsible for misuse of data by users acting outside the system’s governance controls.

AltCtrl may update this Privacy Policy to reflect system evolution, legal requirements, or operational changes. Updates will be posted with a revised effective date. Continued use of AltCtrl COS constitutes acceptance of the updated Policy.

For questions regarding this Policy, please contact:

Alternative Control Labs

Email: support@altctrl.ai