CONTENTS

Text Link

ALPACAP LIMITED (TRADING AS ALPA) PRIVACY POLICY

Effective Date: 3 March 2026
Last Updated: 3 March 2026

Alpacap Limited trading as Alpa (“Alpacap”, “Alpa”, “we”, “us”, “our”) respects your privacy and is committed to protecting personal data in accordance with:

  • The UK General Data Protection Regulation (“UK GDPR”),
  • The Data Protection Act 2018,
  • Where applicable, the EU GDPR.

Alpacap Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number ZB828883.

This Privacy Policy explains how we collect, use, store, and share personal data in connection with our software platform and related services (“Services”).

Our Services are provided to business customers, primarily foodservice and hospitality operators (including restaurants, cafés, caterers, hotels, takeaways, and franchise groups).

Our Contact Details

  • Name: Alpacap Limited
  • Address: 727 - 729 High Road, London, United Kingdom, N12 0BP
  • Email: hello@getalpa.com

Alpacap acts as a data controller in respect of personal data relating to:

  • Account holders,
  • Customer representatives,
  • Billing contacts,
  • Platform users.

In respect of personal data contained within Customer Data (e.g. POS records, invoices, bank data), Alpacap generally acts as a data processor on behalf of its business customers.

2. Categories of Data We Collect

2.1 Account Information

  • Name
  • Job title
  • Business email address
  • Telephone number
  • Login credentials
  • Billing information

2.2 Financial Data (via Open Banking)

Where authorised by you:

  • Bank account balances
  • Transaction data
  • Counterparty names
  • Transaction dates and amounts
  • Account identifiers

Open Banking data is accessed via Plaid Financial Ltd (see Section 6).

2.3 POS Data

  • Sales records
  • Payment timestamps
  • Item-level transactions
  • Revenue data

This data may include limited personal data (e.g. customer names if included in POS systems).

2.4 Invoices and Receipts (OCR)

Invoices and receipts uploaded or forwarded to the platform may contain:

  • Supplier names
  • Contact details
  • Line items
  • Financial information

These documents are processed using optical character recognition (OCR).

2.5 Usage Data

  • IP address
  • Device type
  • Browser type
  • Log data
  • Platform interactions

2.6 Payment Information

Subscription payments are processed by Stripe Payments Europe Ltd or its affiliates.
We do not store full card details.

2.7 Aggregated and Anonymised Data

We generate anonymised data derived from Customer Data for benchmarking, analytics and product improvement.This data does not identify individuals or businesses.

3. How We Collect Data

We collect data:

  • Directly from you when you create an account or communicate with us.
  • Through integrations (Open Banking, POS, email forwarding).
  • Automatically via cookies and system logs.
  • From authorised third-party providers.

4. Purposes of Processing

We process personal data to:

  • Provide and operate the Services.
  • Generate financial reports and analytics.
  • Process invoices using OCR.
  • Facilitate Open Banking integrations.
  • Improve platform performance and security.
  • Administer billing and subscriptions.
  • Communicate service updates.
  • Comply with legal obligations.
  • Send marketing communications (where permitted).

We do not sell personal data.

5. Lawful Basis for Processing

Under UK GDPR, we rely on:

Contractual Necessity

To provide the Services under your subscription agreement.

Legitimate Interests

For platform security, fraud prevention, service improvement, and anonymised benchmarking.

Consent

Where required (e.g. marketing communications or specific integrations).

Legal Obligation

Where required by law or regulatory requirements.

6. Open Banking and Plaid

Where the Services include Open Banking integrations:

Alpacap acts as an agent of Plaid Financial Ltd, an authorised payment institution regulated by the UK Financial Conduct Authority under the Payment Services Regulations 2017 (Firm Reference Number: 804718).

Plaid provides regulated account information services through Alpacap.

Bank data is accessed only with your explicit authorisation.

7. Sharing of Data

We may share data:

With Sub-Processors

Including:

  • Cloud hosting providers
  • OCR technology providers
  • Analytics providers
  • Payment processors (Stripe)

All sub-processors are bound by contractual data protection obligations.

With Integrated Services

Where you authorise integration with POS or banking providers.

With Professional Advisers

Such as auditors and legal advisers.

For Legal Compliance

Where required by law or valid legal process.

We may share anonymised, aggregated data for research or benchmarking purposes.

8. International Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards, including:

  • Adequacy decisions; or
  • Standard Contractual Clauses.

9. Data Retention

We retain personal data only as long as necessary to fulfil the purposes described above.

After account termination:

  • Personal data will be deleted or anonymised within six (6) months, unless longer retention is required by law.
  • Aggregated and anonymised data may be retained indefinitely.

10. Security

We implement appropriate technical and organisational measures, including:

  • Encryption in transit and at rest (where applicable),
  • Role-based access controls,
  • Secure hosting infrastructure,
  • Monitoring and logging.

In the event of a personal data breach likely to result in risk to individuals, we will notify affected parties and the ICO as required by law.

11. Your Rights

Under UK GDPR (and EU GDPR where applicable), individuals have the right to:

  • Access their personal data
  • Rectify inaccurate data
  • Erase personal data (subject to legal limits)
  • Restrict processing
  • Object to processing
  • Data portability

Requests may be made to:
hello@getalpa.com

We will respond within one month, unless an extension is permitted by law.

12. Cookies

We use cookies and similar technologies for:

  • Essential functionality
  • Security
  • Usage analytics

You may manage cookie preferences through your browser settings.

13. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be notified via email or through the platform.

14. Complaints

If you have concerns about how we handle personal data, please contact us first.

You also have the right to lodge a complaint with the Information Commissioner’s Office:

www.ico.org.uk

15. Contact

Alpacap Limited
727 - 729 High Road, London, United Kingdom, N12 0BP

Email: hello@getalpa.com