This Privacy Policy (“Policy”) describes how Aleph Archives Sàrl (“Aleph Archives”, “We”, “Our”, “Us”), a limited liability company registered in Switzerland, collects, uses, processes, and discloses personal information through our website at aleph-archives.com and our web archiving platform.
We may update this Policy from time to time. When we make material changes, we will post the revised Policy on this page and notify affected customers directly.
By using our website or subscribing to our services, you acknowledge that you have read and understood this Policy. If you do not agree with its terms, please discontinue use of our website and services.
1. Contact
For questions or requests related to this Policy, you may contact us at:
Email: privacy@aleph-archives.com Post: Aleph Archives Sàrl, Chemin des Croix-Rouge 146, 1007 Lausanne, Switzerland
2. Scope
This Policy applies to all personal information collected through our website, our web archiving platform, and any other interaction with Aleph Archives — including support enquiries, sales conversations, and contractual correspondence.
3. Data Roles
The Customer is the data controller for all Customer Data (as defined below). Aleph Archives acts as data processor, handling Customer Data strictly in accordance with the applicable service agreement, the Customer’s use of platform features, and applicable law.
4. What We Collect
4.a. Through Our Web Archiving Services
In the course of providing our services, we capture and store website content on behalf of the Customer (“Customer Data”). This includes the contents of public websites and, where the Customer has provided authorisation and credentials, password-protected websites such as corporate intranets.
We process Customer Data solely to deliver the contracted services — including archive display, full-text search, page replay, export, monitoring, and alerting.
4.b. Through the Aleph Archives Platform
When you register for an account, you provide your name and email address. We collect only the personal information necessary to deliver a secure and functional user experience. If you choose not to provide this information, we will be unable to create an account for you.
We do not intentionally collect personal data beyond what is required for account management. Any additional personal information captured by the platform exists only because it was published on a website archived at the Customer’s direction.
Credentials. All passwords are salted, hashed, and stored in encrypted form. Plaintext passwords are never retained.
User administration. Once a client account is established, the designated administrator(s) may create additional user accounts, providing each user’s name, email, and role.
Audit logging. We automatically record platform activity — including logins, exports, profile changes, alert creation, and access timestamps — to maintain a complete audit trail for the Customer’s administrators.
Device information. Each login event records the user’s IP address and timestamp.
4.c. Through Our Website
When you complete a form on our website — such as a contact form, demo request, or registration — we collect the information you provide, which may include your name, email address, telephone number, and company name.
We may use this information to respond to your enquiry, send service-related communications, or deliver marketing content you have opted into. You may unsubscribe from marketing communications at any time.
Cookies. If you accept cookies on our website, we use them to remember your preferences and to compile aggregate data on site traffic and usage patterns. This data helps us improve the website experience. You may manage your cookie preferences at any time through your browser settings.
4.d. Through Other Channels
Business correspondence. Contact information provided through sales conversations, support requests, or other correspondence may be used to respond to your enquiry, communicate service updates, or deliver security notifications.
Contracts and billing. We retain executed agreements, subscription documents, and payment information as necessary to administer the commercial relationship.
Analytics. We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymised usage data such as pages visited, session duration, and referral sources. Google operates as an independent data controller for this data; we encourage you to review Google’s privacy policy.
5. Third-Party Service Providers
We engage a limited number of third-party providers — for payment processing, support tooling, and infrastructure — to help deliver our services. Each provider undergoes a security risk assessment before engagement and is subject to ongoing review.
These providers receive only the minimum information required to perform their function. They are contractually prohibited from using personal information for any purpose other than delivering the contracted service, and are required to maintain security standards consistent with our own.
6. Your Rights
You may exercise the following rights at any time:
- Access your personal data by signing into the Aleph Archives platform.
- Modify your account information directly through the platform, or request changes through your administrator.
- Delete your personal data by contacting us at privacy@aleph-archives.com.
We will respond to all data subject requests within 30 days.
Under the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR), you may also have additional rights including data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority.
7. Disclosure
We do not sell, rent, or share personal data with third parties for their own purposes.
Access to Customer Data and personal information is restricted to Aleph Archives employees, contractors, and agents who require it to deliver our services and who are bound by confidentiality obligations.
We will disclose personal information to third parties only when: (a) compelled by law, regulation, or court order; or (b) expressly authorised in writing by the data subject or the Customer.
We may use aggregated, anonymised data — from which no individual can be identified — for internal analysis and service improvement.
8. Security
We maintain technical and organisational measures designed to protect personal information and Customer Data against loss, theft, unauthorised access, disclosure, alteration, and destruction. These include:
- Encryption of all data in transit (TLS) and at rest
- Role-based access controls with the principle of least privilege
- Salted and hashed password storage
- Regular security audits and vulnerability assessments
- WORM-compliant storage infrastructure for archived content
9. Data Retention
We retain Customer Data for the duration of the active service agreement.
Customer administrators may configure automated retention schedules to purge archived content older than a defined period. Content removed through retention policies is permanently deleted from the platform.
Upon contract termination, the Customer may request the return or deletion of Customer Data. Such requests must be submitted to our support team within the timeframe specified in the Terms of Service.
Data deleted from the platform — whether by the Customer or through retention policies — is held in the database for a 30-day grace period to allow recovery in case of accidental deletion. After this period, the data is permanently removed.
Database backups containing Customer Data are retained for up to 30 days and then permanently deleted.
We may retain certain data beyond these periods where required to comply with legal obligations, enforce our agreements, or resolve disputes.
10. Accountability
Aleph Archives maintains a direct contractual relationship with the Customer. We do not have a direct relationship with individual end users whose content may appear on archived websites.
Any individual seeking to access, correct, or delete personal data that appears within archived content should direct their request to the relevant website operator — our Customer. We will action verified requests from our Customers within 30 days.
Last Updated: February 8, 2026
Copyright © Aleph Archives, Sàrl. All rights reserved.
