1. Who we are and what this policy covers

AlphaTales is operated by AlphaTales Technologies Pty Ltd. This Privacy Policy explains how we collect, use, disclose, store, protect, and manage personal information when you use AlphaTales, including our website, application, workspaces, AI-assisted planning tools, billing, support, and related services.

We are based in Australia and handle personal information in line with Australian privacy law where it applies. We will also comply with any other privacy law that legally applies to AlphaTales and the relevant processing activity.

In this policy, personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable. Project content means the product ideas, prompts, files, notes, plans, requirements, generated output, and related workspace material you provide or create in AlphaTales.

2. Information we collect

We collect information you provide, information generated through use of AlphaTales, and technical data.

Account information, such as name, email address, password or login method, role, and team details.
Workspace information, such as organization name, invited users, roles, permissions, project membership, and collaboration activity.
Project content, such as descriptions, prompts, uploaded material, discovery notes, requirements, feature outlines, technical context, generated output, exports, and feedback.
Billing and subscription information, such as plan, seats, credits, renewal status, invoices, tax details, payment processor references, and billing contact details. We do not store full payment card numbers.
Usage and device information, such as pages viewed, features used, timestamps, IP address, approximate location, device, browser, operating system, referral source, error logs, performance data, and diagnostic events.
Communications and support information, such as messages you send us, support requests, survey responses, waitlist details, sales inquiries, and product feedback.

3. Sensitive information and data you should not submit

AlphaTales is built for product planning and implementation handoff. It is not designed to be a vault for highly sensitive information.

Do not submit passwords, API keys, private keys, payment card numbers, government identifiers, health information, biometric information, children's personal information, or other sensitive information unless a feature expressly supports that data.
Do not submit another person's personal information, customer data, employee data, confidential information, source material, or intellectual property unless you have the right and lawful basis to use it in AlphaTales.
You are responsible for redacting, anonymizing, summarizing, or excluding sensitive details where they are not needed for the task.

4. How we collect information

We collect information in a few practical ways:

Directly from you when you create an account, enter project content, subscribe, or contact us.
From workspace owners, admins, or invited users who add you to a team or project.
Automatically when you use the website or app, including through cookies, logs, and telemetry.
From service providers such as authentication, payment, analytics, observability, support, and AI model providers.
From public or third-party sources where you interact with AlphaTales through a partner, community, or campaign.

5. How we use information

We use information to run AlphaTales, support users, and protect the service.

Provide accounts, login, workspaces, project workflows, AI-assisted output, exports, and billing.
Process subscriptions, credits, invoices, taxes, payment status, refunds, and billing support.
Authenticate users, manage permissions, prevent fraud, investigate abuse, and protect service integrity.
Operate AI-assisted planning workflows and return relevant output based on your project context.
Provide support, respond to questions, troubleshoot issues, and communicate service updates.
Measure reliability, usage, performance, errors, product quality, and feature adoption.
Improve AlphaTales using feedback, diagnostics, aggregated data, and de-identified information.
Send account, security, billing, legal, product, waitlist, and support communications.
Comply with legal obligations and enforce our Terms, Acceptable Use Policy, and other policies.

We do not sell personal information.

6. AI processing and project content

AlphaTales uses AI-assisted workflows to help turn product ideas into structured planning artifacts, requirements, feature outlines, technical context, and build handoff material. To provide those features, project content may be processed by AlphaTales systems and third-party AI model providers.

AI providers may process prompts, project descriptions, files, generated output, usage signals, and metadata as needed to provide the requested feature, detect abuse, protect security, and meet legal obligations.
We do not use private project content to train or fine-tune foundation models unless we clearly tell you and you have agreed through the relevant plan, feature, setting, or written agreement.
We may use feedback, diagnostics, evaluations, usage patterns, aggregated data, and de-identified information to improve AlphaTales.
We do not intentionally publish private project content unless you choose to share, export, invite others to, or publish it.

AlphaTales is a planning aid. We do not use personal information to make solely automated decisions that have legal or similarly significant effects on individuals. If that changes, we will update this policy and provide any notices required by law.

We share information only where reasonably needed to provide, secure, support, improve, or legally operate AlphaTales.

Workspace members, owners, and admins according to workspace roles, permissions, and sharing choices.
Infrastructure, hosting, database, storage, and security providers.
Authentication, identity, payment, tax, analytics, observability, email, support, and communication providers.
AI model, evaluation, and safety providers used to deliver AI-assisted features.
Professional advisers, auditors, insurers, banks, and other business operations providers.
Courts, regulators, law enforcement, government bodies, or third parties where required by law or reasonably necessary to protect people, rights, safety, security, or service integrity.
Successors or prospective successors in a merger, acquisition, financing, restructure, sale of assets, or transfer of the AlphaTales business.

8. Overseas processing and storage

AlphaTales is operated from Australia, but our service providers may process or store information in other countries. These may include countries where our cloud, authentication, payment, analytics, support, communications, security, observability, and AI providers operate.

When we disclose personal information to overseas recipients, we take reasonable steps where required to protect it, such as using reputable providers, contractual commitments, access controls, security measures, and provider due diligence appropriate for a startup of our size and risk profile.

9. Cookies, analytics, and telemetry

We use cookies and similar technologies for authentication, security, preferences, analytics, product improvement, and service diagnostics.

Essential cookies support authentication, security, fraud prevention, and core app functionality.
Preference storage may remember settings such as theme, region, or interface choices.
Analytics and product telemetry help us understand feature usage and improve workflows.
Observability tools help us diagnose errors, performance issues, and reliability problems.

You can control cookies through browser settings and available in-product controls. Blocking essential cookies may prevent AlphaTales from working correctly. Where supported and required, we respect applicable privacy choices such as Global Privacy Control for non-essential tracking.

10. Marketing and communications

We may send account, security, billing, service, product, support, and legal messages where needed to operate AlphaTales. We may also send marketing or product-update messages where permitted by law.

You can unsubscribe from non-essential marketing emails using the unsubscribe link or by contacting us.
You may still receive transactional, security, billing, legal, or service messages even if you opt out of marketing.
We do not sell contact lists or personal information to advertisers.

11. Security

We use administrative, technical, and organizational safeguards designed to protect information from misuse, interference, loss, unauthorized access, modification, and disclosure.

Access controls, authentication, role-based workspace permissions, and account security measures.
Encryption, secure infrastructure, backups, monitoring, logging, and operational safeguards.
Provider review, least-privilege access, incident response practices, and internal access controls.

No online service can guarantee perfect security. You are responsible for keeping your credentials secure, controlling workspace access, reviewing exports, and telling us promptly if you suspect account compromise or unauthorized access.

12. Retention and deletion

We keep information for as long as reasonably needed to provide AlphaTales, maintain accounts and workspaces, process billing, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent abuse, and support business records.

When information is no longer needed, we take reasonable steps to delete, de-identify, or archive it, subject to legal, security, operational, and backup-retention limits. Backup copies and logs may persist for a limited period before being overwritten or deleted.

You may request account or workspace deletion, but deleting a workspace can affect all users and project content in that workspace. Workspace owners are responsible for managing exports and internal records before deletion.

13. Access, correction, and privacy choices

You may ask to access or correct personal information we hold about you. Depending on your location and applicable law, you may also be able to request deletion, export, restriction, objection, withdrawal of consent, or other privacy choices.

We may need to verify your identity before acting on a request.
We may refuse, limit, or delay a request where permitted by law, such as where we need information for security, billing, legal, fraud-prevention, dispute, or record-keeping reasons.
If your information is controlled by a workspace owner, we may direct you to that owner or need their assistance to respond.

To make a privacy request, contact hello@alphatales.io.

14. Children and teens

AlphaTales is not directed to children under 13. Users under the age of majority must have permission from a parent or guardian.

We do not knowingly collect personal information from children under 13. If we learn that a child under 13 has provided personal information, we will take appropriate steps to delete it unless a lawful exception applies. Parents or guardians can contact hello@alphatales.io to ask about suspected child data or request deletion.

15. Data breaches

If we become aware of a data incident, we will assess it and take steps that are reasonable in the circumstances. Where the Notifiable Data Breaches scheme or another applicable law requires notification, we will notify affected individuals and regulators as required.

Report suspected security incidents, account compromise, or privacy issues to hello@alphatales.io.

16. Questions, complaints, and updates

Privacy questions, access or correction requests, complaints, and data concerns can be sent to hello@alphatales.io.

We will try to respond within a reasonable time. If you are not satisfied with our response, you may have the right to contact the Office of the Australian Information Commissioner or another privacy regulator in your location.

We may update this policy as AlphaTales changes, our providers change, or legal requirements develop. If a change is material, we will take reasonable steps to notify you through the service, by email, or by updating the effective date above.