Alpha Scaling Ltd

Effective Date: [5/12/2026]   |   Last Updated: [5/12/2026]   |   Next Review: [11/12/2026]

1. Who We Are

Alpha Scaling Ltd ("Alpha Scaling", "we", "us", or "our") is a limited company registered in England and Wales. We are the data controller for the personal information we collect and process in connection with our websites and services.

Company name: Alpha Scaling Ltd

Registered address: [REGISTERED ADDRESS]

Company registration number: [COMPANY NUMBER]

Privacy contact email: [[email protected]]

Privacy contact phone: [PHONE NUMBER]

Website: [www.alphascaling.com]

If you have any questions about how we handle your personal data, please contact us using the details above.

2. What This Policy Covers

This Privacy Policy explains how Alpha Scaling Ltd collects, uses, shares, and protects your personal data when you:

respond to our advertisements or marketing communications;

visit our websites, including [website URLs];

contact us by phone, email, or any other means;

sign up for or use our products and services.

It also explains your rights under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Data (Use and Access) Act 2025, and the Privacy and Electronic Communications Regulations 2003 (PECR). By using our services, you acknowledge that you have read this policy.

3. Quick Summary

We collect contact information, business information, payment information, and online activity data.

We use it to deliver our services, market to prospective customers, and run our business.

We rely on lawful bases including contract, consent, legal obligation, and legitimate interests.

We share data with service providers and advertising partners never for direct monetary sale.

We record sales, onboarding, and support calls with your knowledge.

You have rights to access, correct, delete, and restrict use of your data. See Section 11.

You can contact the Information Commissioner's Office (ICO) at ico.org.uk if you have concerns.

4. Lawful Bases for Processing

Under UK GDPR, we must have a lawful basis for every type of processing. We rely on the following:

Lawful BasisWhen We Use ItContract (Article 6(1)(b))To create and manage your account, process payments, and deliver the services you have agreed to receive.Consent (Article 6(1)(a))To send marketing emails and SMS messages; to place non-essential cookies on your device. You may withdraw consent at any time.Legitimate Interests (Article 6(1)(f))To prevent fraud, improve our services, send relevant B2B marketing to existing contacts, and run our business operations where these interests are not overridden by your rights.Legal Obligation (Article 6(1)(c))To comply with tax, accounting, and other legal requirements (e.g., retaining billing records for 7 years).Recognised Legitimate Interests (Article 6(1)(ea))To detect and investigate crime and protect against fraud, as introduced by the Data (Use and Access) Act 2025.

Where we process sensitive personal data (such as login credentials or payment card details), we rely on your explicit consent or the necessity of processing for the performance of our contract with you.

5. Information We Collect

We collect the following categories of personal data:

CategoryExamplesIdentifiersFull name, email address, phone number, postal address, IP address, account username, business nameCommercial informationProducts and services purchased, subscription tier, billing historyFinancial informationPayment card details (processed by Stripe), billing addressInternet activityPages visited, links clicked, time on site, referring URL, device type, browser dataApproximate geolocationCity and region derived from IP address we do not collect precise GPS locationAudio recordingsSales, onboarding, and support calls (see Section 9)Professional informationJob title, trade or industry, business sizeInferencesProfiles derived from the above to assess fit for our servicesSensitive personal dataAccount login credentials, payment card information

We do not knowingly collect: precise geolocation data, racial or ethnic origin, religious beliefs, sexual orientation, immigration status, genetic data, biometric data, health information, or personal data relating to children under 13.

6. Where We Get Your Data

Directly from you when you fill out a form, book a call, sign up, or contact us.

From your device through cookies, pixels, and similar technologies on our websites.

From advertising partners Meta, Google, and other platforms that deliver our advertising.

From service providers including our CRM (GoHighLevel), payment processor (Stripe), and analytics providers.

From publicly available sources business directories, Companies House, and similar.

Where we obtain personal data from a source other than you directly, we will notify you of this within one month of obtaining the data, in line with Article 14 of the UK GDPR.

7. How We Use Your Data

We use personal data for the following purposes:

PurposeExamplesLawful BasisProviding the servicesAccount creation, billing, customer support, service communicationsContractSales and marketingResponding to enquiries, follow-up on leads, promotional emails and SMS (where consented), advertising retargetingConsent / Legitimate InterestsAnalytics and improvementUnderstanding how our sites and services are used, diagnosing problems, developing new featuresLegitimate InterestsAdvertising measurementMeasuring ad performance, building lookalike audiencesConsent (cookies) / Legitimate InterestsQuality assurance and trainingReviewing call recordings to train our team and improve serviceLegitimate InterestsSecurity and fraud preventionDetecting, investigating, and preventing fraudulent or unauthorised activityLegitimate Interests / Recognised Legitimate InterestsLegal complianceComplying with applicable laws, court orders, and regulatory requirementsLegal ObligationBusiness operationsAccounting, recordkeeping, audits, and corporate transactionsLegal Obligation / Legitimate Interests

8. Who We Share Your Data With

We share personal data only where necessary. We never sell personal data for money.

RecipientPurposeService providers (e.g. GoHighLevel, Stripe, hosting providers, email/SMS senders, analytics providers)To deliver the services on our behalf, under written data processing agreementsAdvertising partners (e.g. Meta, Google, TikTok, LinkedIn)To deliver and measure advertising campaignsProfessional advisers (lawyers, accountants, auditors)For legal, accounting, and compliance purposesProspective buyers or investorsIn connection with a merger, acquisition, financing, or sale of assetsGovernment authorities and regulatorsWhen required by law, court order, or regulatory obligation

We require all service providers and processors to handle personal data only for authorised purposes, under contractual obligations of confidentiality and data security.

9. International Data Transfers

Our services are operated primarily from the United Kingdom. However, some of our service providers process data outside the UK, including in the United States and EEA member states.

We only transfer personal data internationally where one of the following safeguards applies:

The destination country has been granted an adequacy regulation by the UK Government (e.g. EEA countries, Switzerland, and certain others).

The transfer is covered by the UK Extension to the EU-US Data Privacy Framework, where applicable.

We have put in place appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or equivalent contractual protections.

You may request details of the specific safeguards in place for any transfer by contacting us at [[email protected]].

10. Cookies and Tracking Technologies

We use cookies, pixels, software development kits, and similar technologies on our websites for the following purposes:

Cookie TypePurposeStrictly necessaryKeeping you logged in and remembering your preferences. These do not require your consent.AnalyticsMeasuring traffic and performance (PostHog, Google Analytics). Requires your consent.AdvertisingDelivering and measuring advertising campaigns (Meta Pixel, Google Ads, and similar). Requires your consent.

Under PECR, we will only place non-essential cookies with your prior consent. You can manage your cookie preferences at any time:

Cookie preference centre: click "Cookie Settings" in our website footer.

Browser settings: most browsers allow you to block or delete cookies.

We do not use session replay technology on our websites.

11. Call Recording

We record sales, onboarding, and support calls for quality assurance, training, recordkeeping, and dispute resolution. You will be informed verbally at the start of each call that the call is being recorded. If you do not wish to be recorded, please tell us at the start of the call and we will stop or pause the recording.

Recordings are stored securely, accessible only to authorised personnel and our service providers, and retained in line with the schedule in Section 12.

12. Mobile Communications (SMS)

When you provide your mobile number, you may consent to receive SMS messages related to our services, including notifications and (if you separately opt in) marketing offers. Your mobile opt-in will not be shared with third parties for their own marketing purposes.

To opt out: reply STOP to any message at any time.

For support: reply HELP.

Message frequency varies based on your interactions with us.

Standard message and data rates may apply per your mobile carrier's terms.

13. How Long We Keep Your Data

We keep personal data for as long as necessary to provide our services, meet our legal and accounting obligations, resolve disputes, and enforce our agreements. Our standard retention periods are:

Data TypeRetention PeriodCustomer account recordsFor the duration of the account relationship, and for a reasonable period thereafter unless you request deletion or we determine the data is no longer neededMarketing leadsUntil you request deletion or opt out, or until we determine the data is no longer requiredBilling and tax recordsAt least 7 years, as required by HMRC and UK lawCall recordings (sales / onboarding / support)Up to [X] years for training, quality assurance, and dispute resolutionWebsite analytics (identifiable)Up to 26 monthsCookiesSession-only or up to 13 months, depending on typeSupport ticketsFor the duration of the account and a reasonable period thereafter

After deletion is processed, we may retain limited data where necessary to comply with legal obligations, resolve disputes, or prevent fraud.

14. Your Rights Under UK GDPR

As a UK data subject, you have the following rights:

RightWhat It MeansRight of access (Article 15)Request a copy of the personal data we hold about you.Right to rectification (Article 16)Ask us to correct inaccurate or incomplete personal data.Right to erasure (Article 17)Ask us to delete your personal data where there is no compelling reason for us to keep it.Right to restriction (Article 18)Ask us to restrict processing of your data in certain circumstances.Right to data portability (Article 20)Receive your personal data in a structured, commonly used, machine-readable format, and transfer it to another controller.Right to object (Article 21)Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.Right to withdraw consentWhere processing is based on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.Rights related to automated decision-making (Articles 22A-22D)Not to be subject to a solely automated decision that has a legal or similarly significant effect on you, where applicable. You may request human review, contest decisions, and make representations.

To exercise any of these rights, please contact us using the details in Section 1. We will respond within one calendar month. In complex or high-volume cases, we may extend this by a further two months and will notify you accordingly.

We may need to verify your identity before actioning your request. We will not charge a fee for reasonable requests.

15. How to Make a Complaint

If you are unhappy with how we have handled your personal data, please contact us first at [[email protected]] so we can try to resolve the matter.

If you remain dissatisfied, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)

Website: ico.org.uk

Telephone: 0303 123 1113

Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

16. Data Security

We take the security of your personal data seriously and use appropriate technical and organisational measures to protect it, including encryption in transit, access controls, and vendor due diligence. However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of it, and notify you directly where the risk is high.

17. Automated Decision-Making and Profiling

We build inferences and profiles from the personal data we collect to assess fit for our services and to personalise marketing. Where any decision based on automated processing produces a legal or similarly significant effect on you, we will:

inform you that such a decision is being made;

give you the right to request human review of the decision;

give you the right to express your point of view and contest the decision.

This section reflects the updated requirements of Articles 22A-22D of the UK GDPR, as amended by the Data (Use and Access) Act 2025.

18. Children's Privacy

Our websites and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at [[email protected]] and we will delete it promptly.

19. Third-Party Links

Our websites may contain links to third-party websites and services. This Privacy Policy does not apply to those third parties. We encourage you to read the privacy policies of any website you visit via a link from our site.

20. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The "Last Updated" date at the top of this document reflects the most recent revision.

Where we make material changes, we will notify you by posting a prominent notice on our website or by email. We will review this policy at least every 12 months.

21. Contact Us

For any questions, concerns, or to exercise your data rights, please contact:

Alpha Scaling Ltd

Email: [[email protected]]

Phone: [PHONE NUMBER]

Post: [REGISTERED ADDRESS]

Online: [www.alphascaling.com/privacy-request]

Please use the dedicated privacy email above rather than general support channels for all data protection queries.