Privacy Policy

We collect information you provide directly, information collected automatically, and information from third-party sources.

Information You Provide

• Account information: name, email address, company name, job title, and password when you register for an account.
• Billing information: payment card details and billing address, processed securely through our payment processor (Stripe).
• Profile information: professional details, government contracting certifications, NAICS codes, and other business data you choose to provide.
• Communications: messages you send through our contact forms, support channels, or the Aliff Labs chat interface.
• User content: documents, opportunity data, pipeline information, and other content you upload or create within Aliff Labs.

Information Collected Automatically

• Device information: browser type, operating system, device identifiers, and screen resolution.
• Usage data: pages visited, features used, search queries, click patterns, session duration, and referring URLs.
• Log data: IP address, access times, and server logs.
• Cookies and tracking technologies: as described in our Cookie Policy.

Information from Third Parties

• Government data sources: publicly available data from SAM.gov, FPDS, USAspending.gov, and other government procurement databases used to power our intelligence features.
• Authentication providers: if you sign in using a third-party service, we receive basic profile information from that provider.

We use the information we collect to:

• Provide, maintain, and improve the Service, including opportunity matching, pipeline management, and AI-powered analysis features.
• Process transactions and manage your subscription and billing.
• Send you transactional emails, service updates, security alerts, and administrative messages.
• Respond to your inquiries, support requests, and feedback.
• Personalize your experience and deliver relevant content and recommendations.
• Analyze usage patterns to improve our platform, develop new features, and optimize performance.
• Detect, prevent, and address fraud, abuse, security incidents, and technical issues.
• Comply with legal obligations and enforce our Terms of Service.
• Send marketing communications where you have opted in (you may opt out at any time).

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service providers: with trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting, payment processing, analytics, email delivery). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
• Legal requirements: when required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Aliff Solutions, our users, or the public.
• Business transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
• With your consent: we may share information for other purposes when you have given us explicit consent to do so.
• Aggregated data: we may share aggregated, de-identified data that cannot reasonably be used to identify you.

We retain your personal information for as long as your account is active or as needed to provide you with the Service. We also retain information as necessary to comply with legal obligations, resolve disputes, enforce our agreements, and for legitimate business purposes.

When you delete your account, we will delete or anonymize your personal information within 90 days, except where retention is required by law or for legitimate business purposes (such as maintaining financial records for tax and audit purposes).

User content stored within Aliff Labs (opportunity data, pipeline information, documents) will be permanently deleted within 30 days of account deletion.

Depending on your location, you may have the following rights regarding your personal information:

For All Users

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete personal data.
• Deletion: request deletion of your personal data, subject to legal retention requirements.
• Data portability: request your data in a structured, commonly used, and machine-readable format.
• Opt out: unsubscribe from marketing communications at any time.

For European Economic Area (EEA) / UK Users — GDPR

If you are located in the EEA or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis: we process your data based on contractual necessity (to provide the Service), legitimate interests (to improve the Service and prevent fraud), consent (for marketing), and legal obligations.
• Restriction: request restriction of processing in certain circumstances.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: withdraw consent at any time where we rely on consent as the legal basis for processing.
• Supervisory authority: lodge a complaint with your local data protection authority.

For California Residents — CCPA / CPRA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know: request disclosure of the categories and specific pieces of personal information we have collected, the purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: request deletion of your personal information, subject to certain exceptions.
• Right to correct: request correction of inaccurate personal information.
• Right to opt out of sale/sharing: we do not sell or share your personal information for cross-context behavioral advertising.
• Non-discrimination: we will not discriminate against you for exercising your privacy rights.

For UAE Residents — Federal Decree-Law No. 45 of 2021

As a company registered in the United Arab Emirates, Aliff Solutions FZC operates in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). Under this law, you have rights regarding the processing of your personal data, including:

• Right to access: request access to your personal data and how it is processed.
• Right to correction: request correction or updating of inaccurate personal data.
• Right to deletion: request deletion of personal data when no longer necessary for the purpose for which it was collected.
• Right to restrict processing: request restriction of processing in certain circumstances as provided under the PDPL.
• Right to object: object to processing of personal data for direct marketing purposes.

To exercise any of these rights, contact us at legal@aliffsolutions.com. We will respond to verifiable requests within 30 days (or 45 days for CCPA requests, with notice of any extension).

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD, Law No. 13,709/2018), including:

• Confirmation and access: confirm whether we process your data and request access to it.
• Correction: request correction of incomplete, inaccurate, or outdated data.
• Anonymization, blocking, or deletion: request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in non-compliance with the LGPD.
• Data portability: request portability of your data to another service provider.
• Revocation of consent: revoke consent at any time, where processing is based on consent.
• Opposition: oppose processing carried out in violation of the LGPD.

To exercise these rights, contact us at legal@aliffsolutions.com with the subject line "LGPD Request."

We use cookies and similar tracking technologies to collect and store information about your interactions with the Service. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.

We implement industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
• Secure authentication with hashed passwords and support for multi-factor authentication.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Access controls and least-privilege principles for staff.
• Incident response procedures to detect and respond to security breaches.

While we strive to protect your information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

Aliff Solutions FZC is headquartered in Ras Al Khaimah, UAE. Your information may be transferred to and processed in countries other than your country of residence, including the UAE and the United States, where our servers and service providers operate.

When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent mechanisms, to ensure an adequate level of data protection.

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@aliffsolutions.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where required by law, by sending you an email notification or displaying a prominent notice within the Service.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.