Privacy Policy — A.L.I.C.E.

Last updated: 3/14/2026

A.L.I.C.E.
Operated by Raphaël Metz
Legal Status : Auto-entrepreneur(France)
SIREN : 990551251
Contact : support@alice-coalition.com

A.L.I.C.E. (“we”, “us”, “our”) is a brand-protection and IP monitoring service operated by a single investigator in France. We provide investigative monitoring, evidence gathering, and reporting services to help clients identify potential misuse of their intellectual property across online platforms.

This Privacy Policy explains how we collect, use, store, and protect personal data in connection with our services. It applies to clients, website visitors (if applicable), and individuals whose publicly available data may be captured during monitoring operations. We comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for your personal data is:
A.L.I.C.E.
support@alice-coalition.com
Country: France
Legal Status: Auto-entrepreneur (France)

2. What Personal Data We Collect

2.1 Data Provided Directly by Clients

We collect only the information necessary to provide our services and communicate with clients. This may include:

• Name and business contact information
• Company details and project information
• Email address and all relevant correspondence
• Billing, invoicing, and payment information
• Credentials voluntarily provided by the client for access to content the client is legally entitled to view. These are used exclusively to access the specific areas defined by the client and never for any other purpose.

We do not request or collect unnecessary personal data, nor do we process sensitive categories of personal data unless such data is publicly visible on the platforms being monitored.

2.2 Data Collected Through Monitoring (Public Data Only)

During brand-protection monitoring, we may collect personal data that is publicly available or ordinarily accessible under the Terms of Service of the relevant platform. This may include:

• Public usernames, handles, seller names, and display names
• Public posts, listings, videos, or other published media
• URLs and platform-specific identifiers (userID, postID, listingID, itemID, etc.)
• Public profile pictures if they appear on the monitored page
• Public engagement metrics (view counts, likes, shares, comments)
• Screenshots, screen captures, or recordings of publicly visible content
• UTC timestamps, capture metadata, platform context, and analyst notes
• SHA-256 hash values used to verify file integrity

This data is collected passively and always in a manner consistent with the Terms of Service of each platform. We do not interact with infringers or third parties, do not purchase items unless explicitly contracted, and do not use covert methods. We manually verify each captured item to ensure relevance and accuracy.

We do not collect:

• Private messages
• Content from private accounts
• Data behind unauthorized logins or paywalls
• Encrypted or private datasets
• Any data obtained through hacking, scraping where prohibited, or bypassing technical protections

2.3 Technical Data (Website Visitors)

If you visit our website, we may collect minimal technical information such as:

• IP address
• Browser type and version
• Basic server logs

Our site uses only essential technical cookies (if any). We do not use tracking or advertising cookies.

3. How We Use Personal Data (Purposes of Processing)

We process personal data solely for the following purposes:

• To provide IP monitoring, investigative analysis, and reporting services
• To compile evidence files, screenshots, metadata, and chain-of-custody documentation
• To maintain the integrity, security, and traceability of evidence
• To communicate with clients regarding their projects
• To manage billing, invoicing, and administrative tasks
• To comply with legal obligations

We do not sell personal data, use it for advertising, or engage in profiling beyond what is needed to assess infringing behavior based on publicly visible actions.

4. Legal Bases for Processing (GDPR)

For client data:

• Contractual necessity (Art. 6(1)(b) GDPR) — to provide the services requested
• Legal obligation (Art. 6(1)(c)) — accounting, invoicing, and record retention

For public data collected from online platforms:

• Legitimate interest (Art. 6(1)(f)) — protecting client intellectual property by documenting publicly visible content. This includes a balancing test: we capture only what is public, do not access private information, and use the data strictly for IP monitoring.

5. How We Collect Data

We collect data through the following methods:

• Directly from clients (e.g., emails, files, instructions, credentials)
• Manually during monitoring operations, observing only public content or content accessible to standard free-user accounts when allowed by platform Terms
• When necessary, via client-provided credentials, but strictly limited to content the client is entitled to access
• Through passive evidence capture (screenshots, recordings, metadata) performed by the investigator

We do not use automated tools where platform Terms prohibit them.

6. Evidence Storage and Security

Our security model is intentionally strict and fully aligned with our operational documentation:

• Evidence is stored on an encrypted, password-protected, investigator-controlled workstation with no cloud synchronization by default.
• Files are delivered through AES-256 encrypted ZIP archives or secure, password-protected download links when necessary.
• All captured media files are hashed using SHA-256 to verify integrity.
• A documented chain of custody is maintained for every investigation, including timestamps, source URLs, storage paths, and the responsible investigator.
• No third party has access to raw evidence files.
• Access to data is strictly limited to the single investigator performing the work.

7. Data Sharing

We do not sell or share personal data to third parties for marketing or unrelated purposes.

We may share data only with:

• The client who requested the monitoring
• Legal counsel designated by the client (if the client chooses to share the evidence)
• Our accountant (billing-related information only)
• Authorities, but only if legally required (e.g., court order)

We do not provide evidence directly to online platforms unless explicitly instructed by the client.

8. International Transfers

If a client is located outside the EU, evidence and reports may be transferred to them securely. This transfer is considered necessary for contract performance.

We do not otherwise transfer personal data outside the EU.

9. Retention Period

Our retention policy is consistent with our operational documentation:

• Evidence and reports are retained for six (6) months after project delivery.
• Clients may request earlier deletion unless legal or contractual requirements prevent this.
• Custom retention periods can be agreed upon for enterprise workflows.
• Billing and invoicing data is retained according to French legal requirements (typically 10 years for accounting records).

After the retention period expires, data is securely and permanently deleted.

10. Rights of Data Subjects

Under GDPR, individuals have the following rights:

• Right of access
• Right to rectification
• Right to erasure (where applicable)
• Right to restrict processing
• Right to object (especially where processing is based on legitimate interest)
• Right to data portability (for client data)
• Right to lodge a complaint with CNIL (the French data authority)

Individuals whose data has been captured from public online content may not be notified individually when doing so would require disproportionate effort, as permitted by GDPR Art. 14(5)(b). They retain all data rights and may contact us regarding their data at any time.

11. Children's Privacy

Our services are not intended for children, and we do not knowingly collect personal data from minors. If we become aware that information relating to a minor has been collected inadvertently, we will delete it promptly.

12. Policy Updates

We may update this Privacy Policy to reflect changes in legal requirements or in our operations. Material updates will be posted on our website or communicated directly to clients. Continued use of our services after changes constitutes acceptance of the updated terms.

13. Contact Information

For privacy-related questions or to exercise your rights under GDPR, you may contact us at:

Email: support@alice-coalition.com
Country: France

For clarification or questions, contact us at support@alice-coalition.com