Alignn Privacy Notice

Draft

DRAFT — Last updated 5 May 2026. This is a working draft of our Privacy Notice. The final version is pending attorney review and will be published before our first paying customer is onboarded. This draft is structured to satisfy the requirements of the Protection of Personal Information Act 4 of 2013 (POPIA), but should not be relied on as final legal text. If you are reading this and have questions, please contact us at privacy@alignn.app.

Who we are

Alignn (Pty) Ltd is the responsible party (under POPIA) for the personal information processed through the Alignn platform. We are a South African company, and we operate the platform at alignn.app.

In this Notice we use "we", "us", and "our" to refer to Alignn. We use "you" and "your" to refer to the person whose personal information we process.

What this Notice covers

This Notice tells you:

  • What personal information we collect
  • Why we collect it
  • Who we share it with
  • How long we keep it
  • Where it is stored
  • What rights you have under POPIA
  • How to contact us or the Information Regulator

What personal information we collect

When you use Alignn, we collect:

  • Account information: your name, work email address, phone number (optional), job title, and the company you work for
  • Pulse survey responses: your weekly answers to anonymous surveys about how you are experiencing work
  • Pre-shift fitness declarations: if your employer uses our shift check feature, your daily declarations of fitness for duty
  • Personality assessment results: if you complete the Personyx assessment, your responses and the resulting personality profile
  • Safety reports: if you submit a safety concern, the content of your report (and your identity, only if you choose to identify yourself)
  • Recognition events: when colleagues recognise you for positive behaviours, the recognition itself (the nominator is never recorded)
  • Usage information: when you log in, what pages you visit, and what features you use, for security and product improvement purposes
  • Device information: your browser type, operating system, and IP address, for security purposes

We do not collect special personal information (such as race, religion, biometrics, or health information) unless your employer has set up a specific feature that requires it, and you have specifically consented to that feature.

Why we collect it

We collect personal information to:

  • Operate the Alignn platform and provide the service to your employer
  • Generate aggregated insights and reports for your employer's managers and administrators
  • Detect and prevent unauthorised access or misuse of the platform
  • Improve the platform over time
  • Comply with our legal obligations

We do not sell your personal information. We do not use your personal information to train AI models for the benefit of any other company.

How we protect aggregated insights from identifying you

When we generate insights for your employer, we apply minimum cohort sizes. We do not show team-level summaries to your manager when fewer than five people have contributed to that summary, because small groups can identify individuals.

Your open-text responses (free-form answers you type) are encrypted and only readable by automated analysis. Your manager and administrator do not see the raw text of your individual responses.

Your individual pulse survey responses are never shown to your manager or administrator at the individual level. They only see aggregated trends.

Who we share it with

We share your personal information with:

  • Your employer (the Subscriber whose account you are part of), in the aggregated and protected forms described above
  • Service providers we depend on to run the platform (listed below)

The service providers we currently rely on are:

  • Supabase (database hosting, in Ireland)
  • Vercel (web hosting, globally)
  • Anthropic (AI processing for report generation, with strict no-training and no-retention contractual terms)
  • Postmark or similar (email delivery)

We require these service providers to protect your information to standards equivalent to or better than POPIA.

We do not share your personal information with anyone else unless we are required to by law (for example, in response to a court order).

Cross-border processing (POPIA Section 72 disclosure)

Your personal information is stored on servers in Ireland (operated by Supabase). Ireland is a country that has been recognised as providing an adequate level of protection for personal information under European Union law (the GDPR), which is at least equivalent to the protection required by POPIA.

We chose Ireland because South Africa does not yet have a Supabase region. When a South African region becomes available, we will reassess where your data is stored.

By using Alignn, you consent to your personal information being transferred to and processed in Ireland for these purposes.

How long we keep it

We keep your personal information for as long as you have an active Alignn account.

When your account is deactivated (for example, when you leave your employer), we keep your personal information for 30 days to allow for account recovery, then we anonymise or delete it. The exact retention rules depend on the type of data:

  • Account information: anonymised after 30 days of deactivation
  • Pulse survey responses: anonymised after 30 days; the responses themselves remain in aggregated reports
  • Pre-shift fitness declarations: anonymised after 30 days; the declarations themselves remain in safety records as required by the Occupational Health and Safety Act
  • Personality assessment results: deleted after 30 days
  • Safety reports: kept indefinitely (these are workplace safety records)
  • Recognition events: anonymised after 30 days; the recognition events themselves remain in aggregated reports
  • Audit logs: kept for 7 years for security and compliance purposes

If your employer cancels their Alignn account, we apply the same retention rules to all users in that account.

Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you. You can download a copy at any time from your profile page in Alignn (the "Data and privacy" section).
  • Correct any personal information that is incorrect or incomplete. You can update most information yourself in your profile. For information you cannot update yourself, contact us.
  • Delete your personal information. You can request deletion by contacting us. We will delete your information unless we are required by law to keep it (for example, certain safety records under the OHS Act).
  • Object to the processing of your personal information. You can withdraw your consent to specific features (for example, the personality assessment) by contacting us.
  • Complain to the Information Regulator if you believe we have not handled your personal information lawfully.

To exercise any of these rights, contact us at privacy@alignn.app. We will respond within 30 days.

How to contact us

For any privacy questions, requests, or complaints, contact:

Our designated Information Officer is currently being registered with the Information Regulator. The Information Officer's contact details will be published on this page once registration is complete.

How to contact the Information Regulator

If you are not satisfied with how we have handled your personal information, you can complain to the Information Regulator:

Changes to this Notice

We may update this Notice from time to time. When we do, we will publish the new version on alignn.app/privacy and update the "Last updated" date at the top of this page. For material changes, we will notify users by email at least 30 days before the new Notice takes effect.

End of Privacy Notice (DRAFT v0.1, 5 May 2026).