Privacy Policy

Alias aims to help you to preserve your privacy online, both when using other services and when using Alias itself.

It's designed to collect as little data about you as possible, and never share it with 3rd parties without your informed consent.

If you have any questions about how we handle your data, or would like a copy, contact us at privacy@projectalias.com.

Alias is hosted on Digital Ocean cloud servers. They handle your data in accordance with their data processing agreement.

Emails are sent via Mailgun, which handles your data in accordance with their security and privacy document.

Your data will not be shared with any other 3rd party unless explicitly approved by you, required by law, or otherwise specified below.

Personal Information

Alias accounts have an associated email address and nickname. They are supplied by you when you create your account.

This information is never provided to the services you connect with.

Email Address

Your email address is used to identify your account when you log in to Alias. It may also be used to send you important information about your Alias account, e.g. password reset links.

We will never send you unsolicited marketing emails, or any other form of spam.

Nickname

The nickname is displayed in the Alias app to enable you to quickly identify what account is currently logged in.

While there is no requirement to use your real name as a nickname, we treat it as personal data for the purposes of privacy and security.

You can change your nickname at any time from your account settings in the Alias app.

Connection Data

Data about each service you have connected with is only shared with the service itself.

Permissions and contact channels are permanently deleted when a connection is revoked. The connection-specific identifier and nickname are retained after a connection is revoked to enable re-connecting later.

Message Data

The messages you receive from services are only accessable by you. Messages you delete are retained in the bin for 7 days, and then permanently deleted within 24 hours.

Senders do not have visibility of whether a message has been opened, read, deleted, the link clicked, etc. With the exception of message deletion, Alias does not track this activity at all.

Note that senders may track you when you click on links to external sites.

Aggregate Data

Message and connection metadata from many users may be aggregated to produce statistics that enable certain features for other users, services, or the public.

For example, displaying the number of Alias users connected with each service, or the number of messages sent by a service each month.

Message contents (the title, body text, and link) will never be used directly to produce this aggregate data. Data fingerprints may be used instead in certain cases, e.g. to indicate whether a message link is specific to a user, or has been sent to multiple users.

Aggregate data will never be specific to any individual, or contain any form of identifying data.

Log Data

Alias produces a variety of logging data that is used internally to help keep Alias running smoothly and securely. This includes optimising performance, investigating issues, and identifying attempted security breaches.

Logging of personal information and identifiers is minimised, and it is redacted or obscured with fingerprinting where possible.

Logs are retained for a maximum of 7 days.

Cookies

Cookies are small pieces of data stored on your browser by websites.

Alias uses cookies only where necessary to enable key functionality. They are all first-party cookies, i.e. they can only be accessed by Alias itself, and can't be used by third parites to track you on other sites.

__Host-alias_auth
__Host-alias_auth_cross

These cookies contain information about your current session, and are used to authenticate requests to the Alias servers. They are set when you log in, and are cleared when you log out.

__Host-alias_auth_mfa

This cookie is used during multi-factor authentication, e.g. when you log in with two-factor authentication enabled. It is set when you start an action that requires multi-factor authentication.

__Host-alias_csrf

This cookie is used to protect you against cross-site request forgery attacks. It is set when you log in, and cleared when you log out.

__Host-alias_csrf_login-*

These cookies are used to protect you against login cross-site request forgery attacks. One of these cookies is set when you navigate to the Alias login page.

__Host-alias_updates_oidc-*

These cookies are used when subscribing to Alias product updates. One of these cookies is set when you start the subscription process, and cleared when you complete it.