Privacy Policy

Data Security & Privacy Compliance

Your privacy and data security are our top priorities. Learn how we protect your information with enterprise-grade security measures.

1. Infrastructure Overview

We host and manage all backend services and databases on Amazon Web Services (AWS), a globally trusted cloud provider. The following AWS services are used:

EC2Application servers
RDSDatabases
S3File storage
CloudFrontContent delivery
VPCIsolated network environment
IAMIdentity & access management
2. Data Collection

2.1 Types of Data Collected

Personally Identifiable Information (PII)

  • • Full Name
  • • Email Address
  • • Device Information
  • • User behaviour (clicks, progress)

Non-PII Data

  • • Browser type and version
  • • IP Address
  • • Operating system
  • • Anonymous usage analytics
  • • Application interaction data

2.2 Purpose of Data Collection

  • To deliver personalized experiences
  • To track engagement and performance
  • For analytics and optimization
  • For prize distribution or reward validation (if applicable)
  • For user support or queries
3. Data Protection Measures

3.1 Access Control

  • • Role-based access using AWS IAM
  • • Multi-Factor Authentication (MFA) enforced
  • • Least privilege access enforced for all environments (dev/staging/production)

3.2 Encryption

Data in Transit

Encrypted using TLS 1.2+ for all traffic

Data at Rest

  • • AWS services use AES-256 encryption
  • • KMS manages encryption keys
  • • Application-level encryption for PII

3.3 Secure Data Handling

  • Data is only collected when consent is given (opt-in forms or application UI)
  • No unnecessary retention: Data is deleted after its purpose is fulfilled
  • All APIs are protected via authentication tokens and rate limiting
  • CSRF, XSS, and SQL injection protections implemented
4. GDPR and Local Data Compliance

4.1 GDPR Compliance

  • • Users are informed about data collection via privacy policy and consent banner
  • • Opt-in is used before collecting any PII
  • • Users have the right to request data deletion, export, and access
  • • Data processors and subprocessors (e.g., AWS) are GDPR-compliant

4.2 UAE Data Protection

No data is transferred to countries without adequate protection without safeguards. Hosting can be configured to use AWS Middle East (UAE) region for local compliance.

5. Data Backup and Disaster Recovery
  • • Automated daily backups for all databases
  • • S3 objects with versioning and cross-region replication
  • • Encrypted backup storage
  • • Periodic recovery testing
6. Server and Infrastructure Security
  • • AWS hosting with high availability
  • • VPC with private subnets
  • • Web Application Firewall (WAF)
  • • Regular patch management
7. Monitoring and Logging
  • • Centralized logging with CloudWatch
  • • Real-time threat detection
  • • Secure log storage and monitoring
8. Incident Response Plan
  • • Defined breach response process
  • • 72-hour notification (GDPR compliant)
  • • Impact assessments and reporting
9. Cloudflare Integration

DNS Security

DNS managed via Cloudflare, protecting from DNS-based attacks

WAF

Web Application Firewall blocks threats in real-time

DDoS Protection

Always-on mitigation via global edge network

Rate Limiting

Bot protection to prevent abuse of endpoints

10. Conclusion

Our infrastructure and practices are designed to protect user data, ensure application availability, and comply with regional and international privacy laws like GDPR. We continuously audit and update our systems for ongoing compliance and security.

If you have any further questions about AliveNow's privacy policy, please email us at [email protected] and we will get back to you.