Privacy Policy

Last updated: March 29, 2026

1. Introduction

AlternateMe ("we", "us", or "our") operates the alternate.me platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Service. By using AlternateMe, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, username, and password (stored in hashed form). If you sign in via OAuth (Google, GitHub, Facebook), we receive your name and email from the provider.

2.2 User Content

You voluntarily upload content to create your digital twin, including URLs, documents, social media profiles, YouTube videos, and other materials. This content is processed, embedded, and stored to power your twin's responses.

2.3 Chat Data

When visitors interact with your twin, we store conversation messages (visitor questions and AI responses) to maintain conversation history and improve the Service. Visitor IP addresses are hashed before storage for privacy.

2.4 Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or full payment details. We store only your Stripe customer ID and subscription ID for billing management.

2.5 API Keys

If you provide third-party API keys (for LLM providers, ElevenLabs, etc.), they are encrypted at rest using industry-standard encryption and used solely to operate the Service on your behalf.

2.6 Usage Data

We collect usage metrics including query counts, session counts, and feature usage to operate plan limits and improve the Service. We do not use third-party analytics trackers.

3. How We Use Your Information

We use your information to:

  • Operate and maintain the Service, including creating and powering your digital twin.
  • Process your content into embeddings for AI-powered retrieval and responses.
  • Manage your account, subscriptions, and billing.
  • Enforce usage limits based on your plan.
  • Send transactional emails (verification, password reset, billing notifications).
  • Detect and prevent fraud, abuse, and security threats.
  • Improve and develop the Service.
  • Comply with legal obligations.

4. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

  • Service providers: We use third-party services (Stripe for payments, Resend for email, cloud hosting providers) that process data on our behalf under contractual obligations.
  • LLM providers:Your twin's content is sent to LLM APIs (Groq, OpenAI, or your configured provider) to generate responses. These providers process data according to their own privacy policies.
  • Public twin pages: Content you make available through your public twin URL is accessible to anyone with the link. AI responses derived from your content are visible to visitors.
  • Legal requirements: We may disclose information if required by law, legal process, or government request, or to protect our rights, property, or safety.

5. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including:

  • Encryption of sensitive data at rest (API keys, passwords).
  • HTTPS encryption for all data in transit.
  • Hashing of visitor IP addresses before storage.
  • Rate limiting and abuse prevention.
  • Regular security reviews and updates.

While we take reasonable precautions, no system is completely secure. You use the Service at your own risk.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data, uploaded content, embeddings, and chat history within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

Chat session data from visitors may be retained in anonymized form for service improvement purposes.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@alternate.me. We will respond within 30 days.

8. Cookies

We use essential cookies and local storage for authentication (JWT tokens) and user preferences. We do not use advertising or tracking cookies. No third-party cookies are set by our Service.

9. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information, we will delete it promptly.

10. International Data Transfers

Your data may be processed in countries other than your own. By using the Service, you consent to the transfer of your data to countries that may have different data protection standards. We take reasonable steps to ensure your data is treated securely.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notification. The "Last updated" date at the top reflects the most recent revision.

12. Contact

For privacy-related questions or requests, contact us at privacy@alternate.me.