Privacy Policy | AlfaSMM

Last Updated: September 23, 2025

This Privacy Policy explains how Alfa IT Limited (“we”, “us”, “our”) collects, uses, discloses, and protects your personal information when you use our website and services. We are committed to safeguarding your privacy and ensuring that your personal data is protected in compliance with applicable laws in the regions we operate, including but not limited to the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Hong Kong Personal Data Law.

By using our site or services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our services.

Information We Collect

We collect several types of information from or about users of our services, including:

Personal Information You Provide: When you place an order or register on our site, we may ask for personal details such as your name, email address, billing information, and social media username or profile link (e.g., your Instagram handle) needed to deliver the service. This information is collected directly from you and only when you choose to provide it. We use this information solely to process your orders and provide the services you requested. We do not sell or rent your personal information to third parties. Any personal information received from you will be used strictly for fulfilling your order or providing customer support, and for no other purpose without your consent.
Payment Information: If you make a purchase, our third-party payment processors will collect your payment card details. Alfa IT Limited does not store full credit card numbers or sensitive payment data on our servers. We may retain non-sensitive details such as the transaction ID, the card type, expiry date, and the last four digits of your card for reference and verification, but full payment processing is handled by our payment partners in a secure manner (with industry-standard encryption).
Automatically Collected Data: When you visit our website, we automatically collect certain information about your device and usage of the site. This may include your IP address, browser type, operating system, referring URLs, pages viewed, and the dates/times of access. We may also collect device identifiers and mobile network information if you access our site from a mobile device. We collect this information through cookies and similar tracking technologies (see Cookies and Tracking below) as well as server logs. This data helps us analyze trends, administer the site, and improve user experience. Although this information by itself typically does not identify you personally, it might be considered personal data or part of your personal data profile in some jurisdictions.
Customer Support Communications: If you contact us for support or with an inquiry (via email or through a contact form), we will collect the information you choose to give us (such as your name, email, and the content of your message). We use this information to respond to you and resolve any issues. We may keep records of such communications for training and quality assurance.
Cookies and Similar Technologies: We use cookies, which are small text files placed on your device, and similar tracking technologies (like web beacons or pixels) to collect information about your interactions with our site. This can include your preferences and usage patterns. Some cookies are essential for site functionality (e.g., keeping you logged in or remembering your shopping cart), while others help us improve the site by understanding user behavior. For detailed information, see Cookies and Tracking section below.

We do not collect any special categories of personal data (such as sensitive information about health, religion, biometric data, etc.) in the course of providing our services. We also do not require you to provide any passwords or login credentials for your social media accounts – we will never ask for your Instagram or TikTok password. All we need is the public username or profile URL to deliver services, and in some cases the content URL (e.g., a link to a specific post for likes or views).

How We Use Your Information

We use the information we collect from you for the following purposes:

To Provide and Maintain Our Services: Primarily, we use your personal information to process your orders and deliver the social media engagement services you have requested. For example, we use your Instagram/TikTok username to direct followers or likes to the correct account/post, and your contact information to send order confirmations or communicate during delivery. Payment information (through our processor) is used to bill you for the services.
To Communicate with You: We may send you service-related communications, such as confirmations, invoices, technical notices, updates, security alerts, and support messages. If there is an issue with your order (for instance, if the profile URL you provided is incorrect or your account is private), we will use your contact details to reach you and resolve the issue. We may also respond to your inquiries or requests submitted to our support team.
To Improve Our Services and Website: We analyze how users interact with our website (via cookies and usage data) in order to improve the layout, content, and overall user experience. This helps us optimize our ordering process and adapt our services to user needs. We may also use feedback you provide (such as survey responses or reviews) to enhance our offerings.
For Marketing (with Consent): With your consent, we may use your email to send you promotional offers or newsletters about our services (e.g., discounts on future purchases or news about new features). You have the right to opt out of marketing emails at any time, and we will include an unsubscribe link in any such communications. (If you do not opt in, we will not send marketing emails; transactional and service emails will still be sent as needed.)
To Prevent Fraud and Illegal Activities: We may use personal information (like IP addresses or order history) to monitor for fraudulent transactions or misuse of our services. This helps us protect the security of our website and other users. For example, information collected may be used to detect and investigate potentially prohibited or illegal activities, such as payment fraud, and to enforce our Terms of Service. If we detect fraud, we may use the information to block certain accounts or report activities to the relevant authorities.
To Comply with Legal Obligations: We may process and retain your information as necessary to comply with laws, regulations, legal processes, or governmental requests. For instance, we might retain transaction records for tax and accounting purposes, or disclose information in response to lawful requests by public authorities.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related purpose that is compatible with the original purpose and permitted by law. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

Cookies and Tracking Technologies

Cookies: Our website uses cookies and similar tracking technologies to distinguish you from other users and to improve your browsing experience. Cookies are small data files stored on your browser or device. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until you delete them).

Here are the types of cookies we may use and their purposes:

Essential Cookies: These cookies are necessary for the website to function properly. For example, they may be used to keep you logged in to your account, remember items in your shopping cart, or ensure that pages load correctly. Without these, some parts of our site may not work.
Analytics Cookies: We use these to collect information about how visitors use our website (which pages are visited, how long users stay, etc.). This helps us identify areas to improve. We might use third-party analytics services (like Google Analytics) that set their own cookies to perform this analysis. The information collected is aggregated and does not directly identify individual users.
Preference Cookies: These remember your choices on our site (such as language or region, if applicable) to provide a more personalized experience.
Marketing Cookies: If we run advertising or have partners that need to set cookies, these cookies would record your visit to our site, pages visited, and links followed. (At present, we do not host third-party ads on our service; if that changes, we will update this policy and obtain any necessary consents.)

Cookie Consent: For visitors from jurisdictions where consent is required (like the EU), we will present a cookie notice or banner when you first visit our site, allowing you to accept or decline non-essential cookies. You can control and delete cookies through your browser settings as well. Note that blocking all cookies might impact your ability to use certain features of our service (for example, the site might not remember your cart or login between sessions).

Do-Not-Track Signals: Some browsers offer a “Do Not Track” (DNT) setting. Currently, there is no standard interpretation or practice for responding to DNT signals, and our site does not respond to DNT browser settings or other similar mechanisms. We will monitor developments around DNT and may update our practices if an industry standard emerges.

How We Share Your Information

We treat your personal information with care and confidentiality. We do not sell your personal data to third parties for their own marketing or commercial purposes. We only share your information in the following circumstances:

Service Providers: We may share information with third-party companies and individuals that perform functions on our behalf and help us operate our business. Examples include payment processors, web hosting providers, email service providers (for sending order receipts or support emails), and customer support tools. These service providers are given access only to the information necessary to perform their specific services, and they are contractually obligated to protect your data and use it only for the purposes we specify. For instance, our payment processor will receive your payment details to process transactions, but they are not permitted to use that data for any other purpose.
Business Transfers: If Alfa IT Limited is involved in a merger, acquisition, sale of assets, reorganization, or bankruptcy, your information may be transferred to a successor or affiliate as part of that transaction. If such a transfer occurs, we will ensure that your personal data remains subject to protections consistent with this policy and applicable law, and we will notify you (for example, via a notice on our website or email) of any change in data control.
Legal Obligations and Safety: We may disclose your information when required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government demand). We may also disclose personal information if we believe, in good faith, that such action is necessary to (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent or investigate possible wrongdoing, fraud, or security issues; (d) protect the personal safety of users of the service or the public; or (e) protect against legal liability. For example, we might release information to law enforcement concerning fraudulent activities on our site or to report transactions we suspect are in violation of law.
With Your Consent: In cases where you have given explicit consent for us to share your information with third parties, we will do so according to the terms of that consent. For instance, if in the future we run a partnership promotion and you agree to let us share your email with the partner company for a special offer, we would only do so under those conditions. If you do not consent, we will not share your info in that manner.

We may also share aggregated or de-identified information (which cannot reasonably be used to identify you) publicly or with business partners, e.g., publishing trends about usage of our services. For example, we might disclose that “X% of our clients are from Europe” without revealing any personal details. This kind of data is not considered personal information.

International Data Transfers

Alfa IT Limited is based in Hong Kong and our website is accessible worldwide. The data we collect from you may be transferred to, stored, or processed in Hong Kong or other countries/territories, including countries outside of your home jurisdiction. Specifically, if you are in the European Economic Area (EEA) or United Kingdom, please note that your personal data may be transferred to Hong Kong or to other jurisdictions that may not have equivalent data protection laws as your country (for example, the United States). We will take steps to ensure that appropriate safeguards are in place to protect your data during such transfers, in accordance with GDPR requirements. This may include using standard contractual clauses approved by the European Commission, or ensuring that the recipient country has an adequacy decision from the EU, or other valid transfer mechanisms.

By using our service or submitting your personal information to us, you consent to the transfer of your data internationally as needed to provide the service, subject to the safeguards described in this Policy. If you would like to know more about our data transfer safeguards or obtain a copy of them, you can contact us using the information provided at the end of this Privacy Policy.

Data Sharing with AI Service Providers and Partners

Types of Data and Sharing Purpose: We value your privacy and want to be transparent about how certain data may be shared with trusted external parties to serve you better. This can include order content, chat logs or support messages, and website usage behavior data, which may be shared in limited circumstances with the categories of recipients below:

AI Service Providers (Analytics, Support & Marketing Automation): We utilize third-party artificial intelligence services (for example, OpenAI’s GPT-based systems) to help analyze data, automate customer support interactions, and enhance our marketing personalization. This means that order details, customer inquiries, or usage patterns might be securely transmitted to AI platforms in order to generate helpful responses, derive insights, or streamline user experiences. These AI providers are contractually forbidden from using your data for any purpose other than the specific service we request – for instance, they do not retain your information or use it to train their models beyond your immediate needs. Additionally, any data shared with AI services is encrypted during transit to protect it from unauthorized access.
Trusted Contractors & Third-Party Partners (Service Fulfillment, Dispute Resolution, Marketing): We may also share relevant personal data with a limited number of vetted contractors or business partners – such as freelance developers, external customer support agencies, logistics/shipping providers, or marketing consultants – strictly on a need-to-know basis to carry out specific services on our behalf. For example, we might provide your delivery details to a shipping partner to fulfill an order, or share anonymized usage statistics with a marketing expert to improve an ad campaign’s effectiveness. In the event of customer disputes or service issues, necessary information (like order information or communication records) may be shared with professional advisors or dispute resolution services to help resolve the issue fairly. All such third parties operate under confidentiality agreements and are obligated to uphold robust data security practices, ensuring your information remains protected.
Legal Basis, Minimization & Compliance: Any data sharing described above is conducted on lawful bases – either with your consent or under our legitimate interests in efficiently delivering and improving our services (as permitted by law). We apply the principle of data minimization, meaning we only share the minimum amount of data required for each specified purpose. Furthermore, appropriate safeguards (including encryption and strict access controls) are used wherever possible to secure your data during transfers, and all processing is done in compliance with international data protection standards. These practices are designed to meet or exceed the requirements of GDPR (EU), CCPA (California, USA), PDPO (Hong Kong), as well as other applicable privacy laws and frameworks, so you can have confidence that your personal information is handled lawfully and responsibly.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements. For example, we may keep your order and transaction data on file to comply with tax regulations, or to have a record of fulfillment in case of disputes.

When we no longer have a legitimate need or legal obligation to process your personal information, we will either delete it or anonymize it so that it can no longer be associated with you. If deletion or anonymization is not immediately possible (for instance, because the data is stored in backup archives that are not easily accessible), we will securely store your personal data and isolate it from further processing until deletion is feasible.

Specific retention periods may vary depending on the type of data and legal requirements. For instance:

Financial transaction records may be kept for a number of years as required by financial regulations and company record-keeping policies.
Email communications or support tickets might be retained for a shorter period unless needed for ongoing issues or legal reasons.
Web analytics data is typically retained in aggregate form and may not be tied to personal identifiers after a certain period.

We continuously review our retention practices to ensure we are not keeping data longer than necessary.

Data Security

We take the security of your personal information seriously. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of sensitive data (for example, our site employs HTTPS/TLS encryption for data in transit), secure servers, firewalls, and access controls to personal data. We also limit access to personal information to employees and contractors who need to know it for the purposes described above, and they are subject to strict confidentiality obligations.

While we strive to protect your information, no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. You use our site and services at your own risk as it relates to security. We encourage you to use caution when transmitting sensitive information online and to utilize strong passwords for any accounts. If a security breach is suspected, we may notify you and the appropriate regulatory authorities as required by law.

In the event of a data breach that poses a risk to your rights and freedoms, we will follow all applicable breach notification laws. This may include informing the affected individuals and relevant data protection authorities within the timelines prescribed by law.

(For more information on our security measures, you may contact us. Please note that detailed security protocols are confidential to protect their effectiveness.)

Your Privacy Rights

Depending on your jurisdiction, you have certain rights regarding your personal data. We are committed to honoring these rights and have processes in place for you to exercise them. This section outlines the rights that may be available to you:

Rights Under the EU GDPR (for EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following data protection rights under the GDPR and UK Data Protection Act:

Right to Access: You have the right to request a copy of the personal information we hold about you, and to obtain information about how we process it.
Right to Rectification: If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or update it.
Right to Erasure: You can request that we delete your personal information under certain circumstances (also known as the “right to be forgotten”). For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and no other legal basis for processing applies, or if you object to processing and we have no overriding legitimate interest, etc. Please note we may not be able to delete data that we are required to keep by law, but we will inform you if such an exception is relevant.
Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal data in certain scenarios – for instance, if you contest the accuracy of the data, or you have objected to processing (pending verification of our legitimate grounds).
Right to Data Portability: You have the right to request a copy of the personal data you have provided to us in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another controller where technically feasible. This right applies when the processing is based on your consent or a contract with you and the processing is carried out by automated means.
Right to Object: You have the right to object to our processing of your personal information in certain situations. For example, you may object to direct marketing (including any profiling related to marketing). You may also object if the processing is based on our legitimate interest or for tasks in the public interest/exercise of official authority. In some cases, we may demonstrate that we have compelling legitimate grounds to continue processing your data which override your rights and freedoms.
Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing conducted prior to your withdrawal. For instance, if you consented to receive marketing emails, you can opt out later. Withdrawing consent for one purpose does not affect processing for other purposes based on other lawful grounds.
Right to Complaint: If you believe that we have violated data protection laws in the way we are processing your personal data, you have the right to lodge a complaint with your local data protection supervisory authority. For example, EU users can contact the supervisory authority in the country of their residence, or the UK’s Information Commissioner’s Office (ICO) for UK residents. We would, however, appreciate the chance to address your concerns before you approach a regulator, so please consider reaching out to us first.

To exercise any of these rights, please contact us at the contact details provided in this Privacy Policy. We may need to verify your identity to process certain requests (for example, by asking you to provide information to confirm it’s you). We will respond to your request within the time frame required by law (usually within one month for GDPR, with the possibility to extend by two further months if the request is complex – we will inform you if an extension is needed). There is no fee for making a request, but if your requests are manifestly unfounded or excessive (for example, repetitive), we may charge a reasonable fee or refuse to act on the request.

California Privacy Rights (CCPA and “Shine the Light”)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) and California Civil Code § 1798.83 (known as the “Shine the Light” law):

Under the CCPA (California Consumer Privacy Act), California residents have the right to:

Know What Personal Information is Collected: You can request that we disclose the categories of personal information we have collected about you, the categories of sources of that information, the business or commercial purpose for collecting (or selling, if applicable) the information, and the categories of third parties with whom we share personal information.
Access Your Information: You can request a copy of the specific pieces of personal information we have collected about you in the past 12 months.
Delete Your Information: You can request that we delete personal information we have collected from you (with certain exceptions – for example, if we are legally required to keep it, or if it’s needed to complete a transaction you requested, detect security incidents, comply with legal obligations, etc.).
Opt-Out of Sale of Personal Information: The CCPA gives you the right to direct businesses that sell personal data to stop selling your data. However, Alfa IT Limited does not sell your personal information to third parties for monetary or other valuable consideration, so this right may not be applicable in our case (we do not provide a “Do Not Sell My Info” link because we do not engage in data sales). If this ever changes, we will update our practices and provide a method to opt-out.
Non-Discrimination: You have the right not to receive discriminatory treatment from us for exercising any of your CCPA rights. We will not deny you services, charge you different prices, or provide a different level of quality of services just because you exercised your privacy rights. In certain cases, if the exercise of your privacy rights limits our ability to process personal information (for example, if you ask us to delete all of your data), we may not be able to provide you the same service – but we will explain the situation to you if that arises.

To exercise your California privacy rights, you (or your authorized agent) can submit a request to us using the contact information at the end of this policy. We will need to verify your identity (or the authority of your agent) before processing such requests. Verification may involve providing information that matches our records or signing a declaration. We aim to respond to verifiable requests within 45 days as required by CCPA (with an extension of another 45 days if needed, in which case we will let you know of the extension).

Shine the Light: California’s “Shine the Light” law (Civil Code Section 1798.83) entitles California residents to request and obtain from us, once a year and free of charge, information about any personal information we disclosed to third parties for their direct marketing purposes in the preceding calendar year, as well as the identities of those third parties. However, Alfa IT Limited does not share personal information with third parties for their own direct marketing purposes without your consent, so in practice, we have nothing to disclose under this law. If you still wish to make a Shine the Light request, you may do so by contacting us, and we will provide the required information if applicable.

California Minors (Under 18) Content Removal: If you are a registered user of our services and under the age of 18, California Business and Professions Code § 22581 allows you to request removal of content or information you have publicly posted. However, as our service does not generally involve posting content on a public forum (we are a service provider, not a social media platform), this likely does not apply. If it did (for example, if we had a public blog comment or testimonial feature), you could contact us to request removal of a posting you made. We would then remove or anonymize such content, as required by applicable law. Keep in mind this does not ensure complete or comprehensive removal (for instance, if a third party reposted your content).

Hong Kong and Other International Rights

If you are in Hong Kong or other jurisdictions with privacy laws, you may have rights similar to those above. Under Hong Kong Personal Data Law, for example, you have the right to request access to and correction of your personal data held by us. This means you can ask us to tell you what personal data we have about you, and you can request corrections if any of that data is inaccurate. We may charge a reasonable fee for processing excessive or repetitive access requests as permitted by Hong Kong law, but we will inform you of any such fee in advance.

Users in some other countries (such as in Asia or the Americas) may also have certain rights under local law. We endeavor to respect requests regarding your personal data to the extent required by applicable law. This Privacy Policy is intended to be compliant with all applicable global privacy requirements; if you believe there is a conflict between local law and our practices, please let us know.

To exercise your rights in Hong Kong or other regions, you can contact us as described below. We may need to verify your identity to process your request, and certain local laws may have specific procedures (for example, in Hong Kong, data access requests should be made in a prescribed form; we can assist you with that process).

Children’s Privacy

Our services and website are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this website or through our services. We also ask that individuals under 18 obtain permission from a parent or guardian before providing any personal data or using our service, given that purchasing online services involves legal agreements and payments.

If we learn that we have inadvertently collected personal information from a child under 13 (or the equivalent minimum age in the relevant jurisdiction) without verifiable parental consent, we will take steps to delete that information promptly. If you believe that we might have any information from or about a child under 13, please contact us immediately so that we can investigate and address the issue.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. The “Last Updated” date at the top indicates when the latest changes were made. If we make material changes to how we handle your personal information, we will notify you by prominently posting a notice of changes on our website, and/or by sending a notice to the primary email address associated with your account if you have one. We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our services after any modification to this Privacy Policy will constitute your acknowledgment of the changes and agreement to be bound by the updated policy.

Contact Us (Privacy Questions or Requests)

If you have any questions or comments about this Privacy Policy or our privacy practices, or if you would like to exercise any of your rights regarding your personal data, please contact us as follows:

By Email: [email protected]

When you contact us, please provide your name and contact information and a detailed description of your request or privacy concern. For requests to access or delete personal data, we may need to verify your identity to ensure the security of your information.

We will respond to legitimate inquiries as soon as reasonably practicable, and at least within any timeframes required by law.

Thank you for reading our Privacy Policy. We value your trust and are committed to protecting your personal information while providing you with quality social media enhancement services.

By using our website or services, you acknowledge that you have read and understood both our Terms of Service and this Privacy Policy. Your continued use of our services signifies your agreement to these policies. If you do not agree, please refrain from using our site.