Data privacy

In compliance with major regional data privacy legislation, we provide the following information regarding our data handling practices:

Data Collection Sources: What data sources does Alvin collect from?

Alvin does not access or store your underlying customer data, relying solely on metadata-only access, API calls and information schema access.

Data Usage Scope: How is the collected data used by Alvin?

The metadata collected is used to provide insights and make optimizations in your environment.

Data Location: Where is your infrastructure hosted?

Our infrastructure is hosted on GCP; with every customer assigned an isolated project where everything is running under a VPC. The infrastructure and services are hosted in europe-west3 (Frankfurt).

Third-Party Sharing: To what extent is our data shared with third parties?

None of your data is shared with third parties, with the exception of absolutely necessary authentication information that is shared with GCP Authentication services to validate authenticity and identity of our users.

Data Retention: How long is our data retained by Alvin?

If you decide you no longer wish to continue with Alvin, all account information will be deleted within 30 days of the end of your contract.

Regulatory Compliance: Is your data retention policy compliant with relevant legal requirements (such as GDPR, CCPA)?

Yes, our data retention policy is compliant with major regional legal frameworks such as GDPR and CCPA, as confirmed in our SOC 2 Type II report. Alvin is SOC 2 Type II compliant, with zero remarks for multiple years.

Privacy policy: Where can I find your privacy policy?

Our privacy policy can be found at: www.alvin.ai/privacy-policy