We may update this Policy from time to time. We will post the updated Policy at this link and will provide notice on the Site when we make material changes to the Policy.
You can contact us via email to firstname.lastname@example.org or by mail addressed to Aleph Archives Ltd. Chemin des Croix-Rouge 16, 1007 Lausanne, Switzerland.
You as the customer are the owner of Customer Data, and Aleph Archives is the processor. We will use Customer Data in line with customer contracts and agreements (“Terms and Conditions”) and your use of Services functionality, and as required by applicable laws.
Aleph Archives routinely collects data from these resources (“Customer Data”) to provide Services: websites, web pages and blogs (both public and password protected websites); social media network and enterprise collaboration platform user profiles, group pages and private messages from accounts we have been granted authorization to, for the purpose of collection, monitoring and managing archived data and providing that information to customers through the Aleph Archives web application.
- For website archiving we collect public information contained on websites and blogs, and if you’ve subscribed to archive password protected websites that require authentication (such as Intranets) we also collect confidential information contained on these web pages.
- For social media and enterprise collaboration platforms, when you authenticate accounts to integrate with Aleph Archives, you give permission for Aleph Archives to collect and store API access tokens for this authentication.
- We process Customer Data to provide Services such as displayed the content in the web application UI, and to provide functionality such as export, search, monitoring and alerts, etc.
b) Web application
You voluntarily provide us with your name and email information when you register for an account for our web application. We only intentionally collect personal information about you that we consider necessary to provide you with a secure, efficient login and user management experience. You may decline to provide this personal information; in which case we will not be able to establish an account for Aleph Archives to provide our Services.
We do not knowingly collect any other personal data. Any additional confidential or personal information is only collected if published to web sites we archive for you or if shared by users within the authenticated social media accounts or enterprise collaboration platforms we archive for you.
We collect and store the passwords you enter for the Aleph Archives web application user accounts. All credentials are encrypted, passwords are salted and hashed so only the hash is stored in our system.
Once your client account is established, your application administrator will have the power to freely register additional users, and you will provide the necessary account information including name and email and role of that platform user.
We automatically record user login and usage information in the Aleph Archives web application including the actions performed (including, but not limited touser logins, exports, changes to profiles, creation of alerts, and the dates and times of the access or use of the Service) to provide your administrator with the platform audit log.
If you enable IP Whitelisting Security settings, the IP or IP ranges you provide us will be stored in our system.
Device information: when you and other users log on to the Aleph Archives web application accounts, we will record IP address and timestamp (date and time).
We collect information from you when you register on our site, place an order or fill out a form. As appropriate, you may be asked to enter your: name, email, mailing address or phone number to provide you with
We may use this information to administer a contest, email promotion, survey or send other site and product and or marketing related information.
If you receive an email and no longer wish to be contacted, you can choose to opt-out by unsubscribing to remove yourself from our contact list.
d) Other sources
Business contact information we collect from you may be used to send you information, respond to Support team requests or questions, or to communicate support updates and Service-related messages, or security notifications if an incident were to occur.
We collect and retain Customer Contracts, Subscription Agreements and in some cases Service Level Agreements for the provision of Services.
If you send us correspondence or submit other content to us, we also collect such information to perform related Services.
We collect payment information from you to process payments.
We use third-party tools to perform data analytics:
Aleph Archives utilizes third parties for services such as payment processing and Support desk services. Aleph Archives performs risk assessments of the vendors we use to ensure vendors meet, and continue to meet, our security requirements.
Our service providers are given only the information they need to perform their designated functions. These service providers are contractually bound to use your personal information only as necessary to provide these services to us and do not authorize them to use or disclose personal information for their own marketing or other purposes. We also use contractual or other means to ensure that third parties implement comparable levels of protection in processing your personal information.
Right to Access, Modify, and Remove Personal Information
- You can access your data anytime by signing into Aleph Archives’s web application.
- We offer your Aleph Archives web application administrators the ability to modify and remove account user information (names, emails and password) that you have provided to us, at any time.
- All other platform users have the option to review and modify their own information.
- If you wish to access, modify or delete other personal information we hold, you may contact us by emailing email@example.com.
We will respond to your request within 30 days.
Our Policies for Sharing or Disclosing Information
- We shall take every measure to protect the confidentiality of all Customer Data and other information provided to us by you to ensure your information is not disclosed or accessed outside the scope of Services provided. Access is limited only to employees, contractors and agents required to provide Services and who have signed confidentiality agreements with Aleph Archives.
- We shall not modify or disclose (share, rent or sell) personal data with third parties except as compelled by law (see Compelled Disclosure in Customer Agreements) or as expressly permitted in writing by you.
- We may use aggregated and anonymized data for analysis and to help us provide and improve our services.
How We Protect Your Information
We’ve implemented security measures and systems to protect Customer Data and other personal or confidential information you share with us against loss, theft or damage or unauthorized or unlawful access or disclosure.
Here are some of the security controls we’ve implemented to ensure this protection:
- All information we receive is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Database to be only accessed by those authorized with special access rights to our systems and are required to keep the information confidential.
- Aleph Archives organizational and management system for information security is ISO 27001:2013 certified meaning that our administrative, physical, and technical safeguards for the protection of the security, availability and integrity of your data are verified by accredited third party audit.
- Aleph Archives has achieved a SOC 2 Type 1 Report. This attests that the design of our controls and management of customer data complies with the AICPA’s standards for operational security for service organizations, specifically for the Trust Services Principles Security and Confidentiality.
- Information is securely stored on Aleph Archives owned and managed infrastructure hosted in at minimum SOC 2 Type 2 and ISO 27001:2013 certified colocation data centers.
Aleph Archives retention policy
- We maintain Customer Data for as long as the Customer contract for Services provided is active.
- We offer Aleph Archives web application users (based on permissions set by your administrators) the ability to delete archives from the Aleph Archives web application at any time.
- Your web application administrators may setup an automated limit for data to be stored in Aleph Archives web application (for social media and collaboration platform archives only), by activating the Retention Schedule feature. Your Aleph Archives web application administrator(s) can set a Data Retention policy to enable automated purging of archive records older than a set number of weeks, months or years from Aleph Archives dashboard. Any content that is deleted due to the expiration of the retention period will no longer be available in the platform.
- You can request that we return and/or delete Customer Data at the end of the Customer contract. Such requests must be directed to our Support team and are subject to Terms and Conditions.
- All data deleted by you in the Aleph Archives web application will no longer be available in the platform, but we’ll retain this information in the database for a 30 day grace period, which allows us to support you in case any data is mistakenly deleted by your platform users.
- We retain copies of Customer Data in database backups to fulfil business continuity and disaster recovery requirements. Data in backups is deleted every 30 days.
- We may also retain Customer data and other information as long as necessary to comply with legal obligations and to resolve disputes.
- We may retain other information for business reasons (for example, we retain contracts and financial information as corporate records).
Aleph Archives is Accountable to Our Customers
We have a direct relationship with the Customer who executes the Customer contract with Aleph Archives and who has authenticated Aleph Archives to access and archive social media, collaboration platform accounts and password protected websites on behalf of their users. We do not have a direct relationship with end-users of these sites and platforms.
An individual user who seeks access, or who seeks to modify or delete inaccurate data should direct their query to platform administrators (our customers) directly. We will respond to requests from our Customer to remove the data within 30 days.
Last Updated June 02, 2020