AlpacaX: Your Fluffy Guide to Seamless Server Access

Thank you for choosing the products and services of AlpacaX Inc. We value your privacy, and respect and protect your personally identifiable information. Below is a copy of the Company's privacy policy. Your use of the Company's platform and services constitute your acceptance of the Privacy Policy, and our Terms of Service, Cookies Policy, and Cancellation and Refund Policy (collectively, the "Agreement") If at any time you do not agree to this Privacy Policy or any terms of the Agreement, you must cease your use of any of our products or services.

ABOUT THIS PRIVACY POLICY.

AlpacaX Inc. ("AlpacaX," "we," "our," or "us") require certain information to provide our products and services to you ("User," "you," "your," and "yours"). This privacy policy applies when you access or use the Alpacon platform and any associated products, services, or features in any form or on any platform through any media (collectively, the "Services"). This privacy policy may be updated from time to time and may be supplemented by additional privacy statements, terms, or notices provided to you. Any changes will be posted on this page or our website with an updated revision or a notice given to you through the Services or by other means.

WHY WE COLLECT INFORMATION.

We collect personal data to: (a) provide and operate the Services offered through the Alpacon platform, the Website, the App, and other channels; (b) support security, privacy, compliance, trust and safety, fraud and abuse prevention, monitoring, and auditing; (c) respond to questions, feedback, requests, and reports regarding the Services or information provided through them; (d) improve the Services and the information provided through them; and (e) (with your consent where required,) publish your comments and annotations (and related information) and provide optional features.

We also use personal data to communicate with you through the Services and to share additional information or events that may interest you. We may combine personal data collected through the Services with information from other sources, including information we obtain from or about you in connection with the Services.

WHAT INFORMATION WE COLLECT ABOUT YOU.

We collect information about you in three ways: directly from your input, from third-party sources and public databases, and through automated technologies.

3.1

Information You Provide to Us.

We collect information you provide directly when you:

Create an account (e.g., name, email, phone number, company name);
Contact customer support;
Sign up for newsletters or marketing;
Register for events or webinars; or
Submit inquiries or feedback.

Depending on what account type (individual or business) or Services you choose or how you interact with us, we may collect your personal information. "Personal Information" means any information that identifies, relates to, describes, or could reasonably be linked, directly or indirectly, to an individual or household and it may include, without limitation:

Contact information, such as your name, email address, mailing address, phone number, and profile information;
Account login credentials, such as usernames, passwords, password hints, and similar security information;
Account registration and profile information and other biographical and demographic information;
Comments, feedback, and other information you provide to us, including search query data and questions or information you send to customer support;
Communication preferences, including preferred language and preferred contact methods;
(for paid service users only) Payment information, such as credit or debit card number(s), bank name and account number; and/or
(for company or organization users only) Company/organization name, names of your company's/organization's designated representative, number and type of projects, and datasets and clusters used.

3.2

Automatically Collected Information from Your Use.

We may collect technical data automatically, including:

Device and connection information such as the browser, device, or group of devices you use to access our Services but that we do not associate with personal identifier, such as IP address, browser type and version, operating system and other software installed on your device, your device's type and unique advertising identifier (such as the Apple IDFA (or UDID in older Apple phone models) or Android Advertising ID / Google AdID), and any other unique identifier that may be assigned to your device, or a non-cookie unique identifier and other technical identifiers, error reports and performance data;
Service usage information such as session logs, command logs, usage statistics, browsing history, search history, user activities, site traffic, and other analytics such as the features you used, the settings you selected, your URL click stream data, tracking pixels, Web-based shell activity (e.g., web shell history), command-line input, authentication tokens (e.g., JWT)
System information such as system-level logs used for access control, infrastructure auditing, and anomaly detection, including date and time stamp and referring and exit pages, language you used, pages you visited on the Services, as well as what you clicked on and the average time you spent on the website, Apps, and IP addresses;
Location-related information such as the region, city, town, or time zone where the Services are accessed or used, or your device is located in order to provide you with more relevant content for where you are in the world and enable certain service features, subject to your choice of privacy setting; and/or
Inferences drawn from other Personal Information listed above, to create a profile reflecting your preferences, characteristics, behavior, attitude, and ability.

3.3

Data from Third-Party Sources.

We also may collect data from partners, affiliates, other third parties' or public sources for business and marketing purposes, including:

Service providers that help us determine geographic location in order to customize certain products and services to your location and enable certain service features;
Partners with which we offer co-branded services or engage in joint marketing activities; and/or
Publicly available sources and data suppliers from which we obtain data to validate or supplement the information we hold.

HOW WE USE YOUR INFORMATION.

We use your information for:

Creating and managing user accounts and organizational profiles;
Provide, activate, and manage access to and use of the Services;
Process and fulfil a request, order, download, subscription or other transaction in connection with the Services;
Provide technical, product, and other support and to help keep the Services working, safe, and secure;
Enhance and improve the Services and our other products and services and to develop new products, services, and benefits;
Offer you customized content and other personalization to make the Services more relevant to your interests and geographic location;
Respond to your requests, inquiries, feedback, comments, complaints, and concerns;
Notify you about changes, updates, and other announcements related to the Services and our other products and services;
Processing payments and managing billing operations and tax calculations;
Deliver targeted advertisements, promotional messages, notices and other information related to the Services and your interests;
Provide you with promotional messages and other information about products, events and services of ours, our affiliates, and third parties such as sponsors, where permitted;
Invite you to participate in user testing and surveys as well as sweepstakes, competitions, and similar promotions;
Identify usage trends and develop data analytics for purposes of research, auditing, reporting, compliance, and other business operations, including determining the effectiveness of our promotional campaigns and evaluating our business performance, or in other ways pursuant to a customer agreement;
Preventing fraud, abuse, or unauthorized access to our Services; and/or
Comply with our legal obligations, resolve disputes, and enforce our agreements.

If you are an administrator of an organization with a subscription to the Services, we will use your details to communicate with you about your organization's subscription and related services. If you supply us with contact information of your colleagues, we may contact those individuals with communications about the Services that may include references to you.

COOKIES POLICY.

For our use of cookies and other tracking technology and opt-out policy, please refer to our Cookies Policy.

HOW WE SHARE YOUR INFORMATION.

6.1

With Your Organization.

If you access the Services through a subscription administered by your organization, your Personal Information and certain usage data gathered through the Services may be accessed by or shared with the administrators authorized by your organization for the purposes of usage analysis, subscription management and compliance, cost attribution, and departmental budgeting.

6.2

With Application Licensors.

If you access a third-party application on the Services through a license agreement with the licensor of that application, Personal Information relevant to that application will be shared with the licensor so that it can provide you access to the application, subject to the terms of its license agreement and privacy policy.

6.3

With Our Affiliates and Service Providers.

Depending on the Services you choose to access, use, or purchase, we may share Personal Information with our affiliates (including our entities, subsidiaries, and divisions that provide technology, customer service, and other shared services functions) and third-party service providers (including payment processors and sub-processors, customer support, email service providers, IT service providers, and similar vendors) at our discretion in connection with our Services or Platform, in compliance with this Privacy Policy and appropriate confidentiality and security measures, only to the extent necessary to provide the Services, complete a transaction, fulfill your requests, or to perform the Services on our behalf, based on our instructions.

6.4

By Your Privacy Choices.

We may share your Personal Information with our affiliates and other third parties when you indicate your consent or preference in your account or settings or when you choose to disclose such information publicly at your discretion. The Services may allow you to post and share Personal Information, comments, materials, and other content. Any content you disclose publicly can be collected and used by others, may be indexed by search engines, and might not be removable. Please be careful when disclosing Personal Information in public areas of the Services. If you do not consent to such sharing, please do not submit any Personal Information to us or post it through our Services.

6.5

For Legal Reasons.

We also will disclose your Personal Information if we have a good faith belief that such disclosure is necessary to:

Comply with any applicable law, regulation, legal process, or other legal obligation;
Detect, investigate, and help prevent security threats, fraud, or technical issues; and/or
Protect the rights, property, or safety of our Services, properties, rights, employees, users, or public interest and as part of a corporate transaction, such as a transfer of assets, reorganization, restructuring, or an acquisition by or merger with another company.

DATA RETENTION.

We retain your personal information for as long as necessary to provide the Services and fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting, and preventing fraud and abuse, and enforcing our agreements.

We will securely delete or anonymize data when no longer needed. Electronic records are securely deleted using commercially reasonable methods to ensure they cannot be recovered or reconstructed. Physical documents are destroyed by shredding or other secure means to prevent unauthorized access or use.

DATA SECURITY.

We implement industry-standard technical and organizational safeguards to protect your Personal Information from unauthorized access, use, or disclosure. These measures include:

Encryption of Personal Information at rest and in transit;
Access controls and role-based permission management;
Deployment and maintenance of security systems such as firewalls and intrusion detection tools; and
Regular training of staff on data protection and security best practices.

While we implement strong safeguards, no system is entirely secure. If you believe your data has been compromised, contact us immediately at privacy@alpacax.com

INTERNATIONAL DATA TRANSFERS.

To provide our Services, we may transfer, store, and process your Personal Information to countries outside your country of residence, including the United States, the Republic of Korea, Japan, and other jurisdictions where our service providers or partners operate. Depending on the Services, your data may be processed in one or more of these locations. For example, transfers may occur from the United States to other countries (including Korea or Japan), or from the other countries to the United States. We implement appropriate safeguards to ensure the security and confidentiality of your Personal Information, including data processing agreements, technical and organizational security measures, and access controls that limit data handling to authorized personnel only.

Without limiting the foregoing, below is a specific list of current key recipients, transfer destinations, types of Personal Information transferred, purposes, and retention periods.

Recipient	Transfer Destination(s)	Purpose of Use	Information Transferred	Retention Period
Auth0, Inc. (Auth0)	USA	User authentication and login session management	Email, user ID, MFA settings	Until membership withdrawal or termination of the entrusted contract
Amazon Web Services, Inc. (AWS)	USA	Server infrastructure operation, data storage, and backup	Service usage records, access logs, and command history	Until membership withdrawal or termination of the entrusted contract
Datadog, Inc. (Datadog)	USA	System log collection, monitoring, anomaly detection	Access logs, system metrics, and agent status information	Until membership withdrawal or termination of the entrusted contract
Google LLC (Google Analytics, Google Cloud)	USA (default), other locations depending on Google server placement	Service usage monitoring, usage statistics analysis	Operating system (OS), device type, user behavior data, referral paths	Until membership withdrawal or termination of the entrusted contract
Stripe, Inc. (Stripe)	USA and other countries where Stripe sub-processors are located	Global payment processing and billing system operation	Name, email, payment method, payment history	Retained by applicable laws
Toss Payments Co., Ltd. (Toss Payments)	Republic of Korea	Payment processing and settlement	Name, email, payment method, payment history	Retained by applicable laws
IPinfo, Inc. (IPinfo Lite)	USA	Lookup of user IP-based geographic information	IP address	Until membership withdrawal or termination of the entrusted contract

These countries may have data protection laws that are different from those in your country of residence and may not provide the same level of protection. Regardless of where your Personal Information is processed, we implement appropriate safeguards to ensure its security and confidentiality, including:

Data processing agreements and Standard Contractual Clauses (where applicable),
Technical and organizational security measures, and
Access controls are used to limit data handling to authorized personnel only.

By using our Services, you acknowledge and consent to the transfer of your Personal Information to jurisdictions outside your country of residence, for the purposes described in this Privacy Policy. If you have any questions about how your data is protected when transferred internationally, please contact us at privacy@alpacax.com

10.

PROCESSING OF PERSONAL INFORMATION FOR AI SERVICES.

We may use Artificial Intelligence ("AI") technologies to provide certain features of our Services, such as AI-driven features such as code assistance, analytics, and automated recommendations.

When you use these AI features, the following may apply:

Types of Personal Information Processed: Depending on the AI function, this may include text, commands, uploaded files, or other user-provided data that you voluntarily submit through the Services.
Purpose of Processing: To operate and improve AI-based features, respond to user queries, generate outputs, detect anomalies, or enhance overall service performance.
Processing Method: Processing may occur within our systems or through trusted third-party AI providers as necessary to provide the Services. We will not use your data to develop or train general-purpose AI models.
Retention Period: Data used for AI processing is retained only as long as necessary to provide the requested AI feature, unless a longer retention period is required by law or you have consented to such retention.
Safeguards: We implement technical and organizational measures to protect personal information during AI processing, including encryption, access controls, and data minimization.
Your Rights: You may request access, deletion, or restriction of your Personal Information processed for AI purposes in your account or setting, subject to applicable laws.

11.

CHILDREN'S PRIVACY.

We recognize the importance of children's safety and privacy. No Services of ours are designed to attract or target children under 13, nor are they intended for use by any children under the age of 13. We do not request, or knowingly collect, any personally identifiable information from children under the age of 13.

If you are under age 13, you may not use our Services without verified parental or legal guardian consent. If we discover that we have collected Personal Information from a child under the age of 13 without proper consent, we will delete it promptly.

If you believe that a person under 13 has provided us with his or her personal information, please notify us at privacy@alpacax.com so that we can take reasonable steps to remove the information from our Services.

Users between the ages of 13 and 15 may use the Services, but we will not sell or share their Personal Information without their affirmative opt-in consent, as required under applicable privacy laws.

12.

CHANGES TO THIS PRIVACY POLICY.

We may update this Privacy Policy from time to time. We will notify users of any material changes at least 30 days in advance via our website or email.

13.

YOUR RIGHTS.

13.1

General Rights (Applicable to All Users).

You have the following rights under applicable privacy and data protection laws, as may be applicable in your jurisdictions:

Rights of Access: You may request a copy of your Personal Information;
Right to Correction: You may request that we correct inaccurate or incomplete data;
Right to Deletion: You may request deletion of your Personal Information;
Right to Restrict or Object to Processing: You can limit how we use your data in some cases;
Right to Withdraw Consent: If we rely on your consent, you may withdraw it at any time;
Right to Data Portability: You may ask us to transfer your information to another provider, where technically feasible; and
Right to Lodge a Complaint: You may file a complaint with your local data protection authority.

You can exercise these rights by contacting: privacy@alpacax.com. We will respond to your request consistent with applicable laws. To protect your privacy and security, we may require you to verify your identity.

Please note that certain Personal Information is necessary to provide you with our core Services. If you choose not to provide such data or request its deletion, your ability to use some or all features of the Services may be limited. However, you may opt out of non-essential uses, such as marketing communications or third-party sharing, where applicable under the law.

13.2

FOR CALIFORNIA RESIDENTS ONLY.

Do Not Track Disclosure

As required by Section 22575 of the California Business and Professions Code, the following disclosure is made to California residents and to residents of other states:

Neither our Website nor the App alter their respective behavior or change their respective services when they receive a "do-not-track" flag or signal from your operating system or browser. As described herein, we use cookies and other tools to collect information about you when you visit our App to, among other things, better tailor the features, performance, and support of our Services, the Website, and the App. After you leave or close-out from the Website or App, we do not track your online activity on other apps or websites, but third parties (and their affiliates) may track your online activity to offer you advertisements. This tracking is anonymous and is not linked to your personal data.

Marketing

We collect various types of personal data about you during the course of your relationship with us. Under California law, if you are a resident of California, you may make a written request to us to disclose the categories or specific pieces of personal data of yours which we have shared with third parties for the third parties' direct marketing purposes during the prior year. In response to your written request, we are allowed to provide you with a notice describing the cost-free means to opt-out of our sharing your information with third parties with whom we do not share the same brand name if the third party will use such information for its direct marketing purposes.

If you would like to exercise your rights under California law, please send your written request to the e-mail address or postal address below with the words "CALIFORNIA OPT-OUT" in ALL CAPS in the subject line or clearly set forth elsewhere. Please include your postal address in your request. Within thirty (30) days of receiving your written request, we will provide you with a Third-Party Direct Marketing Opt-Out Form so you may request that your personal data not be disclosed to third parties for their direct marketing purposes.

Consumer Rights Under the California Consumer Privacy Act of 2018 (the CCPA)

To the extent the California Consumer Privacy Act is applicable, with certain exceptions, including in connection with data subject to federal regulation (i.e., the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach Bliley Act California (GLBA), the Fair Credit Reporting Act (FCRA), or the Drivers' Privacy Protection Act (DPPA)), contractual rights and obligations, and certain other exceptions, California residents have the following rights with respect to our data collection and data processing of California residents' personal data which is collected in California, processed in California, or part of a transaction occurring in California:

The right to know whether your personal data was collected by us. In large part, the personal data we collect is set forth above in this Privacy Policy.

ii.

The right to request the categories and specific pieces of personal data that we have collected about you in the past 12 months, the categories of sources for which that information is collected, the business purposes for collecting or selling the information, and the categories of third parties with whom the information is shared.

iii.

The right to know what information we are collecting about you and the purposes for which it is being used. In large part, the type of information we collect and the purpose for which it is collected is set forth above in this Privacy Policy.

iv.

The right to not allow us to sell any of your personal data.

The right to have your personal data deleted, subject to certain exceptions.

vi.

The right to not be discriminated against for exercising any of the above rights. We will not discriminate against you if you exercise any of the above rights. However, as explained, some or all of the Services necessarily requires us to process your personal data and share your personal data with certain third parties in connection with providing the Services. Therefore, and as explained above, exercise by you of certain of the above rights may impact our ability to provide the Services to you.

TO THE EXTENT APPLICABLE, AND TO EXERCISE ANY OF THE ABOVE RIGHTS, PLEASE CONTACT US AT ANY OF THE BELOW AND INCLUDE THE WORDS "CCPA RIGHTS" IN ALL CAPS IN THE SUBJECT LINE, AND LET US KNOW THAT YOU WANT TO EXERCISE YOUR CCPA RIGHTS AND WHAT RIGHTS YOU SEEK TO EXERCISE.

CONTACT US.

If you have any questions, comments, complaints or requests regarding this privacy policy or our processing of your information, please contact us:

Alpacon Team - Privacy

Email: privacy@alpacax.com
Phone: +1 (855) 257-2229
Address: 100 Middlefield Rd, Menlo Park, CA 94025, United States

We will confirm receipt within 10 business days and respond within 45 days or notify you if additional time is needed.