This Privacy Policy explains how Alauda Singapore Pte. Ltd. and its affiliates ("Alauda", "we", "us", "our") collect, use, disclose and protect information relating to identified or identifiable individuals ("Personal Data") when you:
* visit or use our websites, including alauda.io and any subdomains (the "Websites");
* use Alauda software products and tools that you deploy in your own environment (the "Products"); or
* interact with us in other ways, such as receiving support, participating in events, or using our support portal.
Alauda Singapore Pte. Ltd. is headquartered in Singapore. The primary data protection law we look to is Singapore's Personal Data Protection Act 2012 (PDPA), which sets baseline rules for collection, use, disclosure and care of personal data by private‑sector organizations. We also aim to align this Policy with other major frameworks such as the EU/EEA General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), where they apply.
This Policy is a general overview. If anything in this Policy conflicts with a specific contract you have with us (for example, a Data Processing Addendum (DPA) or support agreement), that contract will usually take precedence.
---
1. Who we are and how to contact us
Unless another Alauda entity is identified in your contract or a local notice, the primary organization responsible for your Personal Data for the Websites and our own direct activities is:
> Alauda Singapore Pte. Ltd.
> Email: info@alauda.io
If you have questions or want to exercise your privacy rights, you can contact us at the email above and include "Privacy" in the subject line.
Where required by law (for example, in the EU/UK), we may appoint a local representative or Data Protection Officer. If so, we will provide those details in a separate notice or on our Websites.
---
2. Scope and roles (controller vs processor)
2.1 Where this Policy applies
This Policy applies to our processing of Personal Data when we:
* operate the Websites;
* manage our support portal and ticketing;
* provide on‑site or remote support and professional services;
* manage customer, partner and supplier relationships;
* carry out sales, marketing, events and community activities;
* recruit and manage candidates.
Alauda's core business is to provide self‑managed infrastructure software and related tools which you deploy in your own environment (on‑premises or in your cloud). We do not generally operate multi‑tenant hosted or SaaS production environments for customers.
2.2 Customer Data vs Alauda Operational Data
It is important to distinguish between:
1. Customer Data
* Data (which may include Personal Data) stored in or processed by your systems and environments where Alauda Products are installed.
* Examples: application data, container contents, logs in your own systems, cluster workloads, data in databases like MariaDB/Redis/Kafka that you operate.
* For this data, your organization is usually the Controller under GDPR (or "organization" under PDPA), and Alauda does not normally access or host it.
2. Alauda Operational Data
* Personal Data that Alauda collects and uses for its own purposes, such as:
* user accounts for our portals;
* support tickets and communications;
* limited diagnostic information you choose to send us;
* CRM and billing information;
* Website analytics and marketing data.
* For this data, Alauda typically acts as an independent Controller.
3. Support Data (limited processor role)
* In some cases, when you request on‑site or remote assistance or use our support portal, Alauda engineers may temporarily access Personal Data contained in:
* logs, configuration files, screenshots, or diagnostic bundles you send;
* your systems during a remote session when you grant access.
* For this support‑related processing, Alauda acts as a Processor / data intermediary / service provider on your behalf.
Where we act as a Processor (for support), our use of Personal Data is further governed by our support contracts and DPA with you.
---
3. Personal Data we collect
The types of Personal Data we collect depend on how you interact with us.
3.1 Information you provide directly
* Contact details – name, job title, company, business email address, phone number, postal address, country/region.
* Account information – usernames and authentication details for Alauda portals or tools, role or permissions, preferences.
* Support information – content of support tickets, emails and chats with us, including any files you upload (logs, screenshots, configuration data, etc.).
* Business relationship data – information about your organization, roles, subscriptions, support level, purchase history, and communications.
* Event and training information – registration details, attendance, participation in webinars, training or certification programs.
* Recruitment data – CVs/resumes, work history, education, references and similar information if you apply for a role.
3.2 Information collected automatically
When you visit our Websites or use our portals, we may automatically collect:
* Device and log data
* IP address, browser type, operating system, device identifiers;
* pages viewed, links clicked, referring URL;
* dates, times and duration of visits.
* Portal and support usage data
* login timestamps, account activity, ticket IDs and interaction metadata.
By default, our self‑managed Products run in your environment and do not automatically send detailed telemetry to us unless you enable such features or share data as part of support. If you enable optional telemetry features, we aim to minimize collection of Personal Data and focus on technical metadata.
3.3 Information from third parties
We may receive Personal Data from:
* your employer or colleagues, if they designate you as a contact, admin or ticket owner;
* partners, resellers or system integrators, where allowed by law and our contracts;
* public sources such as professional networking sites or public code repositories;
* event platforms or marketing partners.
3.4 Aggregated and de‑identified data
We may create aggregated or de‑identified statistics (for example, about support volumes or high‑level feature adoption). Where this information can no longer reasonably be linked to an individual, we do not treat it as Personal Data.
---
4. How and why we use Personal Data
We only process Personal Data where we have a valid basis under Applicable Data Protection Laws. Typical purposes are:
1. Operating Websites and portals
* To provide access, secure logins, maintain sessions, and enable core functionality.
* Legal basis (GDPR, where applicable): performance of a contract or legitimate interests in operating our services.
2. Providing support and professional services
* To create and manage support tickets, communicate with you, perform on‑site and remote troubleshooting, and document issues and resolutions.
* Legal basis: performance of a contract; legitimate interests in providing services and maintaining quality; compliance with legal obligations for record‑keeping.
3. Improving our Products and support
* To analyze support issues, spot patterns, improve documentation, and enhance the stability and security of our Products.
* Legal basis: legitimate interests in improving and securing our offerings.
4. Sales, marketing and relationship management
* To respond to inquiries, manage opportunities, organize events, send product information or newsletters (where permitted), and personalize Website content.
* Legal basis: legitimate interests in promoting our business; consent where required (for example, certain email marketing or cookies).
5. Analytics
* To understand how our Websites and portals are used, measure performance, and improve usability.
* Legal basis: legitimate interests; consent for non‑essential cookies where required.
6. Compliance and security
* To comply with laws and regulations, respond to lawful requests, enforce agreements, prevent fraud and security incidents.
* Legal basis: legal obligations; legitimate interests in protecting our business, users and the public.
7. Recruitment
* To process applications, evaluate candidates, arrange interviews and, where applicable, prepare offers.
* Legal basis: steps prior to entering into a contract; legal obligations; legitimate interests in managing recruitment.
Where we rely on consent, you may withdraw it at any time, but this will not affect processing already carried out.
---
5. Cookies and similar technologies
We use cookies and similar technologies on our Websites and some portals to:
* remember your preferences and settings;
* keep you logged in, where appropriate;
* perform analytics and measure performance;
* support security and fraud prevention.
Where required by law (for example, under GDPR/UK GDPR for non‑essential cookies), we will:
* show you a cookie banner when you first visit;
* ask for your consent for analytics/marketing cookies; and
* allow you to change your preferences.
You can also control cookies via your browser or device settings. Blocking cookies may reduce the functionality of some parts of our Websites or portals.
---
6. When we share Personal Data
We do not sell Personal Data for money. We may share Personal Data with:
1. Alauda group entities
* Our affiliates and subsidiaries, where needed for support, billing, sales, operations and compliance.
2. Service providers and vendors
* Providers of hosting, ticketing, email, CRM, analytics, communications, and other tools we use to deliver the Websites and Support Services.
* They act as processors on our behalf and are bound by confidentiality and data protection obligations.
3. Partners and resellers
* Where we work with channel partners, system integrators or technology alliances, we may share limited business contact and opportunity information to manage joint sales and support, in line with the law and your preferences.
4. Open‑source / community platforms
* If you choose to engage with us in public channels (e.g. GitHub issues, public mailing lists, community forums), information you post will be public and governed by the respective platform's terms.
5. Professional advisers and auditors
* Our lawyers, auditors, and other professional advisers as needed.
6. Business transfers
* In the context of a merger, acquisition, reorganization or similar transaction, Personal Data may be transferred to relevant third parties under appropriate confidentiality and data protection safeguards.
7. Legal and safety reasons
* Where we believe disclosure is necessary to comply with law, respond to legal process, or protect our rights, safety or property, or that of others.
We do not permit third parties to use your Personal Data for their own independent marketing without your consent.
---
7. International transfers
Because Alauda is headquartered in Singapore and uses global service providers, Personal Data may be processed in Singapore and other countries.
* Under PDPA, organizations must ensure that Personal Data transferred out of Singapore is protected to a standard comparable to the PDPA.
* Under GDPR/UK GDPR, additional safeguards such as Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum are required when transferring personal data out of the EEA/UK to countries without an adequacy decision.
Where such laws apply, we will use appropriate transfer mechanisms (for example SCCs or equivalent clauses and additional safeguards where necessary), and we will ask our service providers to do the same.
---
8. Data retention
We retain Personal Data only as long as necessary for the purposes for which it was collected, including to:
* provide Websites, portals and Support Services;
* comply with legal, regulatory or audit requirements;
* resolve disputes and enforce agreements.
In general:
* Support and ticket data – retained for the lifetime of the contract and for a reasonable period afterwards (for example, a few years) to maintain support history and comply with legal obligations.
* Customer and partner contact data – retained while you are an active contact and for a reasonable period after the relationship ends, unless you request deletion and we have no legal basis to keep it.
* Marketing data – kept while you remain subscribed or engaged; we will delete or anonymize when it is no longer needed or when you opt out.
* Recruitment data – retained for the recruitment process and, where permitted, for a limited time afterwards for future opportunities or legal reasons.
We may retain anonymized or aggregated information that cannot reasonably identify you for a longer period.
---
9. Security
We implement appropriate technical and organizational measures to protect Personal Data, including:
* access controls and authentication;
* encryption in transit and at rest where appropriate;
* logging and monitoring of systems;
* backup and recovery measures;
* secure development and vulnerability management practices;
* staff training and confidentiality obligations.
However, no system is completely secure. If we become aware of a data breach involving your Personal Data, we will take steps to inform you and regulators as required by Applicable Data Protection Laws.
---
10. Your rights
Your rights depend on where you are located and which laws apply. In many jurisdictions you may have some or all of the following rights in relation to your Personal Data:
* to request access;
* to request correction of inaccurate or incomplete data;
* to object to or restrict certain processing;
* to request deletion in certain circumstances;
* to withdraw consent where processing is based on consent.
Below are some region‑specific notes.
10.1 Singapore (PDPA)
Under the PDPA, individuals generally have rights to:
* request access to their personal data held by an organization and information about how it has been used or disclosed;
* request correction of inaccurate personal data; and
* withdraw consent to collection, use or disclosure, subject to reasonable notice and legal or business exceptions.
We will respond to such requests in accordance with the PDPA and its exemptions.
10.2 EEA, UK and Switzerland (GDPR / UK GDPR)
If GDPR/UK GDPR applies, you may have additional rights such as:
* right of access, rectification, erasure, restriction, portability, and objection (including to direct marketing);
* right to withdraw consent at any time where processing is based on consent;
* right to lodge a complaint with your local supervisory authority.
10.3 California and other US state laws
If you are a resident of California or another US state with a comprehensive privacy law, you may have rights such as:
* right to know/access information about our collection, use and disclosure of your personal information;
* right to request deletion (subject to exceptions);
* right to correct inaccurate personal information;
* right to opt out of certain "sales" or "sharing" of personal information, if applicable;
* right not to be discriminated against for exercising these rights.
At the time of this Policy, Alauda does not sell personal information in exchange for money and does not knowingly allow third parties to use personal information for their own independent advertising purposes without appropriate safeguards.
10.4 How to exercise your rights
To exercise your rights, please email info@alauda.io and:
* identify yourself and your relationship with Alauda;
* describe the right you want to exercise and the scope of your request.
We may ask for additional information to verify your identity. We will respond in accordance with Applicable Data Protection Laws. In some cases, we may deny your request (for example, if we must keep data for legal reasons or if it would affect others' rights), but we will explain our reasoning where legally required.
If we are processing your Personal Data as a Processor on behalf of your organization (for example, where data is inside your environment or support materials), we may refer your request to that organization, which is usually the Controller.
---
11. How Alauda Products and Support work with your data
11.1 Self‑managed deployments (no hosted service)
Our Products (for example, infrastructure platforms, DevOps tools, or AI tooling) are typically installed and run in your own environment (on‑premises or in your cloud accounts):
* You control the infrastructure, access rights, and data flows.
* Alauda does not operate your production workloads as a general hosting or SaaS provider.
* Alauda does not routinely access Customer Data stored in your systems.
You, as the customer, are responsible for:
* informing your own users about how your systems handle their Personal Data;
* complying with data protection laws for your environment and configurations;
* controlling any third‑party components (e.g. SUSE, Red Hat, Ubuntu, MariaDB, Redis, Kafka) you deploy and operate.
11.2 Support, on‑site and remote access
When you ask Alauda for support (via our support portal, email, on‑site or remote sessions):
* You decide what to share with us (for example, logs, config files, screenshots).
* We may temporarily view Personal Data included in those materials or visible in your systems while helping you.
* We will use that data only to provide support, maintain records of the interaction, and comply with legal or audit requirements.
For this limited support‑related processing, Alauda acts as a Processor / data intermediary / service provider, and:
* we process Personal Data only on your documented instructions;
* we apply confidentiality and security controls;
* we delete or anonymize support materials in line with our retention policies and your contracts.
Where required (for example under GDPR/UK GDPR or CCPA/CPRA), we make available a Data Processing Addendum (DPA) that sets out these commitments in more detail. If you need our current DPA, please contact us or your Alauda account representative.
---
12. Children's privacy
Our Websites, Products and support services are intended for business and professional users and are not directed to children.
We do not knowingly collect Personal Data from anyone under the age of 16 (or a lower age if permitted by local law without parental consent). If you believe a child has provided Personal Data to us, please contact info@alauda.io and we will take appropriate steps in accordance with applicable law.
---
13. Third‑party websites and services
Our Websites and communications may contain links to, or integrate with, third‑party websites and services (for example, open‑source project sites, community forums, partner portals, social media, or documentation platforms).
We do not control how these third parties handle your data, and their privacy practices are governed by their own policies. We recommend reviewing those policies before interacting with such services.
---
14. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to:
* reflect changes in our Products, services or practices;
* address changes in Applicable Data Protection Laws;
* incorporate guidance from regulators.
When we make material changes, we will:
* update the "Last updated" date at the top; and
* provide additional notice where required (for example, via our Websites, portals, or email).
We encourage you to review this Policy periodically to stay informed about how we handle Personal Data.
---
15. How to contact us
If you have any questions, concerns or complaints about this Policy or our data practices, or if you wish to exercise your privacy rights, please contact:
> Email: info@alauda.io
> Subject line: "Privacy Request – [your country/region]"
You may also have the right to lodge a complaint with your local data protection authority (for example, the Personal Data Protection Commission (PDPC) in Singapore, an EU/EEA data protection authority, the UK ICO, or your local regulator).
