Privacy Policy

1. Overview

AlertIO is an alert management and delivery platform built for K-12 school districts, operated by GDA Technology LLC. This privacy policy explains what information we collect, how we use it, and what choices you have. It applies to all users of the AlertIO web dashboard, client agents (Windows, Linux, Chrome, and Android), and related services.

By using AlertIO, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use our services.

2. Data We Collect

Account Information

When you sign in with Google, we receive and store:

• Name — your display name from your Google account
• Email address — used as your unique account identifier
• Google ID — a unique identifier provided by Google for authentication

Organization Information

When your account is created, we create an organization record that includes:

• Organization name — which you can customize
• Organization ID — a unique identifier used to associate devices and alerts

Device Information

When a device connects to AlertIO (via our Windows, Linux, Chrome, or Android agents), we collect:

• Device ID — a unique identifier generated on the device (e.g., from the machine ID and hostname)
• Device type — the platform category (Chrome, Windows, Mac, Raspberry Pi, or Mobile)
• Device tag — an optional label you assign
• Connection status — whether the device is currently connected
• Last seen timestamp — when the device last sent a heartbeat
• IP address — captured during WebSocket connections for network fencing features; not stored in the database long-term

Connectivity Logs

We record device connectivity events (connected/disconnected) with timestamps for troubleshooting and audit purposes.

Alert Data

When alerts are sent through AlertIO, we log:

• Alert type, title, and message — from your configured alert templates
• Timestamp — when the alert was sent
• Webhook source — which hook triggered the alert

Billing Information

If you subscribe to a paid plan, we store:

• Stripe Customer ID and Subscription ID — used to manage your subscription
• Plan name and status — to enforce features and device limits

We do not store your credit card number, bank account details, or other payment credentials. All payment processing is handled directly by Stripe.

Network Fencing Data

If you use the IP/network fencing feature, we store the allowed network labels and IP addresses (or CIDR subnets) that you configure.

3. How We Use Your Data

We use the data we collect to:

• Provide the AlertIO service — authenticate your account, monitor devices, deliver alerts, and manage webhooks
• Manage billing — process subscriptions, enforce plan limits, and handle payments via Stripe
• Enforce network fencing — match device IP addresses against your approved networks to control alert delivery
• Maintain logs — record alert and connectivity history for auditing and compliance
• Improve the service — analyze usage patterns (via Google Analytics) to make AlertIO better
• Provide support — troubleshoot issues using connectivity and alert logs

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services:

Stripe

We use Stripe to process payments. When you subscribe, Stripe collects and processes your payment information directly. We only receive and store your Stripe Customer ID and Subscription ID — never your card details. Stripe's privacy policy governs how they handle your payment data.

Google Analytics

We use Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymized usage data such as pages visited, time spent on site, and general location. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

Google OAuth

We use Google OAuth 2.0 for authentication. When you sign in, Google shares your name, email, and Google ID with us. We do not access any other Google account data.

Fly.io

Our application is hosted on Fly.io. Your data is processed on Fly.io's infrastructure. Fly.io acts as a data processor on our behalf.

5. Data Retention

We retain your data as follows:

• Account data — retained for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days.
• Device data — retained while your organization is active. Devices that have not connected for an extended period may be cleaned up.
• Alert and connectivity logs — retained for auditing and compliance purposes while your organization is active.
• Billing records — retained as required by applicable tax and financial regulations.
• Session data — sessions expire after 24 hours of inactivity.

6. Your Rights (GDPR & CCPA)

For Users in the European Union (GDPR)

If you are located in the EU or EEA, you have the following rights under the General Data Protection Regulation:

• Right of access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate personal data
• Right to erasure — request deletion of your personal data ("right to be forgotten")
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing of your data for certain purposes

Our legal basis for processing your data is:

• Contract performance — to provide the AlertIO service you signed up for
• Legitimate interest — to improve our service and maintain security
• Consent — for optional analytics (Google Analytics), which you can opt out of at any time

For Users in California (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to know — request information about what personal data we collect and how we use it
• Right to delete — request deletion of your personal data
• Right to opt out of sale — we do not sell personal data, so this right is automatically satisfied
• Right to non-discrimination — we will not treat you differently for exercising your privacy rights

Exercising Your Rights

To exercise any of the rights described above, please contact us at support@gda-technology.com. We will respond to your request within 30 days.

7. Cookies

AlertIO uses the following cookies:

• Session cookie — an essential cookie that keeps you logged in. It expires after 24 hours and is required for the service to function.
• Google Analytics cookies — used to distinguish users and track website usage. These are set by Google Analytics and help us understand how visitors use our site. You can opt out using the Google Analytics Opt-out Add-on.

We do not use advertising cookies or tracking cookies for marketing purposes.

8. Security

We take the security of your data seriously. Our measures include:

• Encryption in transit — all data is transmitted over HTTPS/TLS
• Secure authentication — we use Google OAuth 2.0 and do not store passwords
• Session security — sessions use secure cookies with SameSite protections
• Multi-tenant isolation — all data access is scoped to your organization, preventing cross-organization data leakage
• Payment security — payment data is handled entirely by Stripe (PCI DSS Level 1 certified)

While we strive to protect your information, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@gda-technology.com.

9. Contact Us

If you have any questions about this privacy policy or how we handle your data, please reach out:

• Company: GDA Technology LLC
• Email: support@gda-technology.com

We will do our best to respond to all inquiries within 30 days.