Data & Privacy
Your data is your most valuable asset. At Alana, we take data protection seriously. Here’s exactly how we handle your information.Where Your Data Is Stored
All Alana data is stored in secure, encrypted cloud infrastructure:- Primary region: São Paulo, Brazil (primary data center)
- Backup region: AWS redundancy for disaster recovery
- All data is replicated for availability and disaster recovery
Data Encryption
We use industry-standard encryption to protect your data at every layer:Encryption in Transit (Data Moving)
- HTTPS/TLS 1.2+ — All communication between your browser and our servers
- API encryption — All integrations with your e-commerce platforms are encrypted
- Self-signed certificates ensure platform communications cannot be intercepted
Encryption at Rest (Data Stored)
- AES-256 encryption — Your product data, descriptions, and images
- Database-level encryption — All sensitive fields encrypted in our database
- Secure key management — Encryption keys are stored separately from data and rotated regularly
LGPD Compliance
Alana is fully compliant with Brazil’s General Data Protection Law (LGPD - Lei Geral de Proteção de Dados):- ✓ Legal basis for data processing: Legitimate interest and user consent
- ✓ Data minimization: We collect only what’s necessary
- ✓ Purpose limitation: Data is used only for stated purposes
- ✓ Right to access: You can export your data anytime
- ✓ Right to deletion: You can request full data deletion
- ✓ Right to rectification: You can update your data
- ✓ Data breach notification: We notify users within 72 hours of any incident
- ✓ Data Protection Officer: Contact dpo@alana.shopping for privacy questions
What Data Do We Collect?
We Collect (Necessary for Service)
- Your name, email, and company information
- Product catalog data (names, descriptions, prices, images, SKUs)
- Integration credentials (securely encrypted)
- Usage logs and analytics (anonymized)
- AI generation history and feedback
- Billing information (payment method, transaction history)
We Don’t Collect (Unless You Give Permission)
- Customer reviews or ratings
- Customer personal information
- Competitor pricing data (unless you explicitly upload it)
- Private notes or internal communications (unless stored in product descriptions)
- Purchase history or sales data (unless provided via import)
We Don’t Share Your Data
- We never sell your data to third parties
- We don’t use your product catalog for training AI models (unless you opt-in)
- We don’t share data with advertisers or marketing companies
- Data is only shared with:
- Your e-commerce platform (for syncing)
- Our payment processor (encrypted, PCI-DSS compliant)
- Law enforcement (only with valid legal order)
Data Retention Policy
Here’s how long we keep different types of data:| Data Type | Retention Period | Notes |
|---|---|---|
| Product catalog | Until account deletion | You own this data |
| AI generation history | 90 days | Can be deleted manually |
| Activity/audit logs | 1 year | For compliance and debugging |
| Integration logs | 30 days | For troubleshooting sync issues |
| Deleted products | 30 days (soft delete) | Can be restored within this window |
| Account backup | 90 days after deletion | For disaster recovery |
| Analytics data | Aggregated indefinitely | Anonymized, non-personally identifiable |
- Your workspace data is marked for deletion (soft delete)
- Data is permanently removed after 30 days
- Backups are retained for 90 days for disaster recovery
- After 90 days, all your data is permanently deleted
Exporting Your Data
You have the right to access and export all your data at any time:How to Export
- Go to Settings > Account
- Scroll to Export My Data
- Click Request Export
- Choose what to export:
- All data — Complete account export
- Products only — Just your product catalog
- Settings — Workspace configuration and integrations
- History — Activity logs and AI generation history
- Alana prepares your export (usually within 24 hours)
- Download from the email link (expires after 7 days)
Export Formats
- Products: CSV, XLSX, or JSON
- Settings: JSON
- History: CSV or JSON
- Full backup: ZIP archive with all formats
Deleting Your Data
You have the right to request deletion of your data:Option 1: Delete Your Account
Completely removes your workspace and all associated data:- Go to Settings > Account
- Scroll to the bottom
- Click Delete Account
- Confirm the request
- You’ll receive a confirmation email
- Data is deleted after 30 days (can be restored during this window)
- After 30 days, permanent deletion
- Your products are deleted
- Your workspace is removed
- AI generation history is deleted
- Integration connections are severed
- Your account becomes inaccessible
Option 2: Request Selective Deletion
Remove specific types of data while keeping your account:- Delete AI generation history: Settings > Privacy > Clear AI History
- Delete specific products: Select products and click Delete
- Delete activity logs: Contact support with request
Option 3: Request Data Deletion via Support
For comprehensive or urgent deletion requests: Contact support and request:- Specific data to be deleted
- Or complete data deletion
- Provide your workspace name
Data Breach Protocol
In the unlikely event of a data breach:- Immediate notification — If your data is exposed, we notify you within 72 hours (LGPD requirement)
- Details provided — We explain what data was affected and steps you should take
- No liability — You won’t be charged for anything related to the breach
- Credit monitoring — If billing data is exposed, we offer complimentary credit monitoring
- Incident investigation — We investigate root cause and implement fixes
Third-Party Data Processors
We use trusted third parties to handle specific functions:| Service | Purpose | Security |
|---|---|---|
| AWS | Cloud infrastructure | SOC 2 Type II, encrypted |
| Stripe | Payment processing | PCI-DSS Level 1, encrypted |
| Mailgun | Email delivery | SOC 2 Type II, encrypted |
| Your platform | Product sync (Shopify, WooCommerce, etc.) | OAuth 2.0, encrypted |
- Protect data with same standards as Alana
- Not use data for other purposes
- Comply with LGPD and relevant laws
- Not share data with other parties
What Happens When You Cancel
See detailed cancellation information, including:- What happens to your data after cancellation
- How to download your data before canceling
- Whether you can restore a canceled workspace
Your Privacy Rights
Under LGPD, you have the right to:- Access — Get a copy of all your data (see Export Your Data above)
- Rectification — Update or correct inaccurate data
- Deletion — Request permanent deletion of your data
- Portability — Export data in standard format to use elsewhere
- Withdrawal of consent — Opt out of non-essential processing
- Complaint — File a complaint with the LGPD regulatory authority (ANPD)
Security Measures
Beyond encryption, we implement:- ✓ Two-factor authentication (2FA) — Available for all accounts
- ✓ Role-based access control — Admin, member, viewer roles with permissions
- ✓ Audit logging — All access and changes are logged
- ✓ Regular security updates — All systems kept current with security patches
- ✓ Penetration testing — Third-party security audits quarterly
- ✓ DDoS protection — Infrastructure-level attacks mitigated
- ✓ Rate limiting — Prevents brute force attacks
Privacy Questions?
- Privacy policy: See full terms at alana.shopping/privacy
- Data Protection Officer: dpo@alana.shopping
- Report a concern: security@alana.shopping
- General support: Contact our team
Related Resources
- What happens when you cancel — Data retention after cancellation
- Common issues — Account and data FAQ
- Contact support — Privacy and data inquiries