Alpha

Privacy Policy

Last updated: April 9, 2026

1. What We Collect

When you use Alpha, we collect:

  • Account data: Email address and password (hashed) for authentication, managed by Supabase Auth.
  • Business data: Business name, description, category, services, pricing, hours of operation, FAQ, contact information, and brand voice. You provide this during setup.
  • Booking data: Customer names, email addresses, requested services, and appointment times — submitted by consumer AI agents on behalf of their users.
  • Interaction logs: A2A request metadata including method, timestamp, duration, and token usage. We also store conversation messages between consumer AI agents and your business agent.
  • Payment data: Subscription and billing information processed by Stripe. We do not store credit card numbers.

2. How We Use Your Data

  • To power your AI agent: Your business data is sent to Anthropic's Claude API as part of the system prompt when your agent handles a conversation. Anthropic processes this data to generate responses. See Anthropic's privacy policy for how they handle API inputs.
  • To make your business discoverable: Your business name, description, category, and agent URL are returned to consumer AI agents that search the Alpha network. This is the core function of the service.
  • To manage bookings: Booking data is stored in our database and shown on your dashboard so you can confirm or reject appointments.
  • To send notifications: We use Resend to email you about new bookings and account activity.
  • To process payments: Stripe handles subscription billing. We store your Stripe customer ID and plan status.
  • To monitor and improve the service: Interaction logs help us track usage, enforce plan limits, and debug issues.

3. Who Sees Your Data

  • Consumer AI agents: When a consumer's AI assistant (e.g., Wonder) searches for or interacts with your business, it receives your public business information, agent capabilities, and conversation responses.
  • Anthropic (Claude): Your business data and conversation context are sent to Anthropic's API to generate agent responses. Anthropic does not use API inputs to train their models.
  • Stripe: Handles payment processing. Receives your email and plan selection.
  • Supabase: Hosts our database and authentication. Data is stored in their managed Postgres infrastructure.
  • Vercel: Hosts our application. Processes requests through their edge and serverless infrastructure.
  • Resend: Delivers transactional emails (booking notifications, account confirmations).
  • Sentry: Captures application errors and exception data (stack traces, request metadata, user agent) so we can diagnose and fix bugs. No booking contents or customer PII are sent to Sentry.

We do not sell your data. We do not share it with any parties beyond those listed above.

4. Data About Your Customers

When a consumer's AI agent books an appointment, it submits customer information (name, email, service requested, preferred time). This data is stored in our database and visible on your dashboard. You are responsible for handling your customers' data in accordance with applicable privacy laws. We act as a data processor on your behalf for this information.

5. Data Storage and Security

Your data is stored in Supabase's managed Postgres database with row-level security policies. Authentication uses Supabase's auth system with hashed passwords. All data transmission uses HTTPS. We do not store raw passwords or credit card numbers.

6. Your Rights

You can:

  • Access your data through the dashboard at any time.
  • Update your business information, services, hours, and agent configuration.
  • Delete your account and all associated data by emailing us. We process deletion requests manually.
  • Export your booking data via the iCal feed or by request.

7. Waitlist, IP Logging, and Current Access

Alpha is currently in demo-only mode. Public account creation is disabled — the signup page is not available through the public site. During this period:

  • Waitlist: When you submit the demo request form on our landing page, we store your name, email, company name, and business type in our waitlist table. We use this to contact you about early access. You can request removal by emailing us.
  • IP logging: We capture the IP address of requests to our rate-limited endpoints (the A2A agent endpoint, the business search endpoint, and the waitlist endpoint) to enforce per-IP request limits and prevent abuse. IPs are not used for advertising or profiling.
  • A2A request logs: We log metadata about every A2A request to your agent (timestamp, method, duration, success/failure, token usage) so we can enforce plan limits, debug issues, and show you usage analytics.

8. Cookies

We use session cookies for authentication (managed by Supabase Auth). We do not use advertising cookies or third-party tracking scripts.

9. Changes to This Policy

If we make material changes, we will notify you via email or dashboard notification at least 14 days before they take effect.

10. Contact

Questions about your data? Email us at privacy@alpha.so.