1. Who we are
Alignex is operated by Hayley Charlton Ltd, a company registered in England and Wales. We provide organisational alignment diagnostic services to businesses. Our registered address and contact details are available on request at privacy@alignex.app.
2. What data we collect
We collect the following categories of personal data:
- Account data: name, email address, job role
- Diagnostic response data: answers to alignment diagnostic questions
- Usage data: pages visited, features used, login timestamps
- Organisation data: company name, business unit structure
We do not collect special category data (as defined under GDPR Article 9) and do not require it for our service.
3. Anonymity and diagnostic responses
Diagnostic responses are anonymous by design. Individual responses are never shown to your organisation, your manager, or any other person. We enforce a minimum threshold of 5 respondents before any unit-level scores are displayed (your organisation may raise this further; never lower than 3). No individual response can be attributed to any specific person within the platform.
Aggregated, anonymised scores are shared with the organisation that commissioned the diagnostic as part of the service.
4. Legal basis for processing
We process personal data on the following legal bases:
- Contract — processing necessary to provide the service you or your organisation has subscribed to
- Legitimate interests — improving our service, security monitoring, fraud prevention
- Consent — where you have explicitly consented, such as for marketing communications
5. Where your data is stored
All data is stored within the European Union. Our infrastructure uses Supabase (hosted on AWS eu-west-1, Ireland) and Vercel (EU region). We do not transfer personal data outside the EEA without appropriate safeguards in place.
6. How long we keep your data
We retain account data for the duration of your subscription plus 12 months. Diagnostic response data is retained for 36 months to enable longitudinal comparison. You may request deletion of your data at any time by contacting privacy@alignex.app.
7. Your rights under GDPR
You have the following rights regarding your personal data:
- Right of access — obtain a copy of your personal data
- Right to rectification — correct inaccurate data
- Right to erasure — request deletion of your data
- Right to restriction — limit how we process your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests
To exercise any of these rights, contact privacy@alignex.app. We will respond within 30 days.
8. Cookies
We use essential cookies only — those required for authentication and security. We do not use advertising cookies or third-party tracking cookies. You cannot opt out of essential cookies without losing access to the service.
9. Third-party processors
We use the following third-party processors, each subject to appropriate data processing agreements:
- Supabase — database and authentication (EU hosted)
- Vercel — application hosting (EU region)
- Resend — transactional email delivery
- Stripe — payment processing
- Anthropic — AI narrative generation (data is not used for training)
10. Contact and complaints
For any privacy-related queries, contact privacy@alignex.app. If you are unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk.