Privacy Policy

1. Introduction

Alternate Hypothesis ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our statistical testing platform at alternatehypothesis.ai (the "Service").

By using our Service, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please discontinue use of our Service immediately.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Account Information: Email address, username, password (encrypted)
• Profile Information: Optional profile details you choose to provide
• Payment Information: Billing details processed securely through Stripe (we do not store complete credit card numbers)
• Communication Data: Messages you send through our contact forms or support channels

2.2 Research and Statistical Data

When you use our Service, we process:

• Uploaded Files: CSV files and datasets you upload for statistical analysis
• Analysis Results: Statistical test results, calculations, and outputs generated by our platform
• File Metadata: File names, upload timestamps, file sizes

Important: We recommend anonymizing or de-identifying sensitive data before uploading. We are not responsible for any personally identifiable information contained within your uploaded datasets.

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on platform, test types executed
• Device Information: IP address, browser type and version, operating system, device identifiers
• Cookies and Tracking: Session cookies, authentication tokens, preference settings
• Log Data: Server logs including access times, error messages, performance metrics

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide statistical analysis, process your data, generate test results
• Account Management: Create and maintain your account, authenticate access, manage subscriptions
• Payment Processing: Process subscription payments and billing through our payment processor
• Communication: Send service updates, respond to inquiries, provide customer support
• Platform Improvement: Analyze usage patterns, improve features, develop new functionality
• Security: Detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: Comply with legal obligations, resolve disputes, enforce our agreements
• Analytics: Understand how users interact with our platform to enhance user experience

4. Data Sharing and Disclosure

4.1 Third-Party Service Providers

We share data with trusted third-party providers who assist in operating our Service:

• Payment Processing: Stripe - processes subscription payments and manages billing information
• Cloud Storage: AWS S3 - securely stores uploaded files and analysis results
• Hosting Infrastructure: Railway/cloud hosting providers - hosts our application and database
• Email Services: Titan Email - delivers transactional and service-related emails

These providers are contractually obligated to protect your data and use it only for the services they provide to us.

4.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or government requests
• Protect and defend our rights or property
• Prevent fraud or security issues
• Protect the safety of our users or the public

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide choices regarding your data.

4.4 No Selling of Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

5. Data Retention

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for a reasonable period after deletion (typically 30 days) to allow for recovery
• Uploaded Files: Retained according to your subscription plan; deleted upon account deletion or manual file deletion
• Payment Records: Retained for 7 years for tax and accounting purposes as required by law
• Usage Logs: Retained for 12 months for security and analytics purposes

After retention periods expire, we securely delete or anonymize your data.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: HTTPS/TLS encryption for data in transit; encryption at rest for stored files
• Access Controls: Role-based access controls and authentication requirements
• Password Security: Passwords are hashed using bcrypt with individual salts
• Infrastructure Security: Secure cloud hosting with regular security updates and monitoring
• Regular Audits: Periodic security assessments and vulnerability scanning

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

7.1 General Rights

You have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing of your data for certain purposes
• Restriction: Request restriction of processing under certain circumstances

7.2 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights under GDPR:

• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority
• Right to information about the legal basis for processing your data

7.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold
• Right to delete personal information
• Right to opt-out of sale of personal information (note: we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights

7.4 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@alternatehypothesis.ai. We will respond to your request within 30 days.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

• Essential Cookies: Required for authentication, security, and basic functionality
• Preference Cookies: Store your theme preferences and settings
• Analytics Cookies: Help us understand how users interact with our platform

8.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect the functionality of our Service.

9. International Data Transfers

Our Service is hosted in the United Kingdom/European Union. Your data is stored and processed within UK/EU data centers that comply with GDPR and UK data protection standards.

If you access our Service from outside the UK/EU, your information will be transferred to, stored, and processed in the United Kingdom/European Union where our servers are located. We ensure appropriate safeguards are in place for all data transfers in accordance with GDPR and applicable data protection laws.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will notify affected users within 72 hours of discovery, as required by applicable law. Notification will be sent via email and/or posted on our website.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

• Updating the "Last Updated" date at the top of this policy
• Sending an email notification to your registered email address
• Displaying a prominent notice on our website

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

15. Legal Basis for Processing (GDPR)

For users in the EU/EEA, we process your personal data under the following legal bases:

• Contractual Necessity: To provide the Service you have subscribed to
• Legitimate Interests: To improve our Service, prevent fraud, and ensure security
• Legal Compliance: To comply with applicable laws and regulations
• Consent: For optional features like marketing communications (where you have provided consent)

16. Your Responsibilities

As a user of our Service, you are responsible for:

• Maintaining the confidentiality of your account credentials
• Ensuring the accuracy of information you provide
• Anonymizing sensitive data in uploaded files
• Complying with applicable data protection laws when using our Service
• Notifying us immediately of any unauthorized access to your account