1. Who is responsible for your data
Alpaca One is the owner and operator of the Alpaca One managed website subscription platform and is responsible for the personal data described in this policy. Questions or privacy requests can be submitted through our Contact page.
2. Data we collect
Account and identity information
We collect your name, email address, encrypted account credentials, account role, company name, contact name, and security information associated with login sessions.
Website and service information
We process business details, domain names, website configuration, content you provide, preview and service status, support requests, and records needed to host and maintain your website.
Subscription and payment information
We receive payment status, subscription identifiers, billing period dates, price and plan information, transaction events, and limited customer metadata from our payment provider. Full card details are handled by the payment provider and are not stored by Alpaca One.
Technical and security information
We may process IP address, browser and device information, request timestamps, session identifiers, security events, and diagnostic logs to authenticate users, prevent abuse, and maintain the service.
Contact information
If you use our contact form, we collect your name, email address, selected topic, message, and the technical data needed to protect the form from misuse.
3. How we use personal data
- to create and secure customer accounts;
- to prepare, host, connect, maintain, and support business websites;
- to manage subscriptions, renewals, cancellations, payment status, and refunds;
- to send service, security, billing, and password-reset communications;
- to answer support and legal requests;
- to prevent fraud, abuse, and unauthorised access;
- to meet legal, accounting, tax, and regulatory obligations; and
- to improve reliability and understand service performance.
4. Legal bases
Depending on your location, we process personal data because it is necessary to perform a contract with you, to take steps at your request before a contract, to comply with law, for our legitimate interests in operating and securing the service, or with your consent where consent is required.
5. Service providers and sharing
We share only the data needed for providers to perform services on our behalf. Relevant categories include:
- cloud hosting, content delivery, DNS, SSL, database, and security providers;
- authentication and account infrastructure;
- payment, subscription, tax, fraud, and billing providers;
- transactional email and customer communication providers; and
- professional advisers or authorities where legally required.
We do not sell personal data and do not use customer data for third-party behavioural advertising.
6. Payments
Checkout is completed through a secure third-party payment provider. That provider may collect payment method, billing address, tax location, fraud-prevention signals, and other transaction information under its own privacy terms. Alpaca One receives the status and identifiers needed to activate and manage the subscription.
7. Cookies and local storage
We use essential cookies and similar storage for sign-in sessions, CSRF protection, security, and basic platform operation. These technologies are necessary for the customer dashboard to function. We do not currently use advertising cookies on the public website.
8. Retention
We retain account and service information while your account or subscription is active and afterwards for the period reasonably needed for legal, accounting, security, dispute, and backup purposes. Payment records may be retained for statutory financial periods. Security logs and expired sessions are kept only as long as reasonably necessary.
Support messages are retained while we handle the request and for a reasonable follow-up period. We delete or anonymise data when it is no longer needed, unless law requires longer retention.
9. International processing
Our providers may process data in countries other than yours. Where required, we use contractual and organisational safeguards designed to protect personal data during international transfers.
10. Security
We use access controls, encrypted connections, secure password hashing, limited administrative permissions, signed payment events, rate limiting, and infrastructure security controls. No method is completely risk-free, so you should also use a unique password and protect access to your email account.
11. Your choices and rights
Depending on applicable law, you may request access, correction, deletion, restriction, portability, or objection to certain processing. You may also withdraw consent where processing depends on consent and complain to a competent data protection authority.
You can update core profile details in the dashboard. For other requests, use the Contact page and select “Privacy question”. We may need to verify your identity before acting on a request.
12. Children
The service is intended for business users and is not directed to children. We do not knowingly collect personal data from children who cannot legally consent to the service.
13. Changes to this policy
We may update this policy to reflect service, provider, or legal changes. The revised policy will be posted here with a new “Last updated” date. We will provide additional notice where required.
14. Contact
Contact Alpaca One through our Contact page for privacy questions or requests.
