Legal

Privacy policy

Effective date: 30 April 2026

This Privacy Policy explains how ALPN Digital Ltd. (trading as Recon) collects, uses, stores, and protects personal data when you visit our website, register for an account, or use the Recon service. We are committed to handling personal data lawfully, fairly, transparently, and securely under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.Who we are

The data controller is ALPN Digital Ltd., a private company limited by shares incorporated in England and Wales (company number on file at Companies House), with its registered office in the United Kingdom (collectively “ALPN”, “we”, “us”, or “our”). Recon is a service operated by ALPN.

For all privacy queries, contact us at hello@alpndigital.com.

2.Scope of this policy

This policy applies to:

  • Visitors to www.get-recon.com and related marketing pages.
  • Individuals who sign up for early access, free trials, or paid plans.
  • Authorized users of customer workspaces (employees, contractors, agents).
  • Individuals whose personal data is contained within customer CRM data that customers connect to Recon.

Where a customer connects their HubSpot portal (or other source system) to Recon, ALPN acts as a processor of that data on the customer’s behalf and the customer remains the controller. A separate Data Processing Agreement (DPA) governs that relationship and is incorporated into our terms of service by reference.

3.What personal data we collect

3.1 Account and contact data

Name, work email address, employer, job title, country, and authentication metadata (sign-in events, session identifiers, two-factor enrolment status).

3.2 Customer CRM data (processed on behalf of our customers)

Where a customer connects HubSpot or another source system, Recon receives data including but not limited to: contacts and their properties, companies, deals, owners, pipelines, lifecycle stages, engagements (email, call, meeting metadata), and lists. Customers control which scopes they grant. We hold this data only to provide the service and on the customer’s instructions.

3.3 Billing data

Limited financial information (billing contact, VAT number, billing address). Card data is collected and processed by our payment processor and is not stored on our systems.

3.4 Product telemetry

Pseudonymous usage events and error reports relating to your use of the Recon application (page views, feature engagement, error stack traces with PII redaction applied where technically feasible).

3.5 Marketing analytics

Anonymous page views and conversion events on our marketing pages, captured via a first-party analytics cookie. We do not use third-party advertising cookies.

3.6 Communications

Records of correspondence and support interactions, including the content of emails you send to us.

4.How and why we use your data

We process personal data only where we have a lawful basis under Article 6 of the UK GDPR. The following table maps each processing purpose to its basis.

PurposeCategories of dataLawful basis
Operating your account and providing the Recon service.Account, customer CRM, billing.Performance of a contract (Art. 6(1)(b)).
Securing the platform, preventing fraud, maintaining audit logs.Account, telemetry, IP addresses.Legitimate interests (Art. 6(1)(f)). We have completed a balancing test.
Sending essential service notices (security, billing, terms updates).Account, contact.Performance of a contract / legal obligation.
Marketing communications about Recon to existing customers.Contact.Legitimate interests, with an opt-out in every message (PECR-aligned).
Marketing to prospective customers who submit the early access form.Contact, GTM challenge text.Consent (Art. 6(1)(a)) and legitimate interests.
Complying with legal obligations (tax, accounting, regulatory requests).Billing, account.Legal obligation (Art. 6(1)(c)).

5.AI-assisted features

When you use Recon AI (the in-product GTM analyst), prompts and the relevant subset of CRM, ad-platform, and analytics data required to answer the prompt are transmitted to our AI sub-processor (Anthropic) for inference. Anthropic processes the request and does not retain the content for model training. We log call metadata (timestamp, workspace identifier, model identifier, token counts, error code) for billing, audit, and security purposes. We do not log the content of prompts or model outputs unless you explicitly opt in to verbose audit logging in your workspace settings.

Where technically supported, AI inference is routed to EU regions. Where EU regional inference is not available for a specific feature, we will tell you in advance and provide a UK GDPR Article 46 safeguarded transfer (Standard Contractual Clauses).

6.Who we share your data with

We share personal data only with the sub-processors required to operate the service. A current list is maintained at /sub-processors, including each sub-processor’s purpose, data location, and the contractual safeguards in place. We will give 30 days’ notice before adding or replacing a sub-processor that processes customer data.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

We may disclose personal data if required by law, court order, or competent authority, or to protect our legal rights. Where lawful, we will notify the customer or affected individual before doing so.

7.International data transfers

Customer CRM data is stored in the European Union (Frankfurt, Germany) and is not transferred outside the United Kingdom or European Economic Area in the ordinary course of providing the service.

Limited operational data (account metadata, support correspondence) may be processed by sub-processors located outside the UK or EEA. Where this happens, transfers are made under one of the Article 46 safeguards: an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum, supplemented by appropriate technical and organizational measures.

8.How long we keep data

  • Customer CRM data: retained for the duration of your subscription and hard-deleted within 30 days of cancellation. You may request earlier deletion via the workspace settings or by emailing hello@alpndigital.com.
  • Account data: retained for the duration of your relationship with us and for up to 24 months after closure for legitimate business records.
  • Billing records: retained for six years after the end of the relevant accounting period to comply with HMRC requirements.
  • Audit logs: retained for 12 months for security and incident response, then aggregated and anonymized.
  • Marketing contacts: retained until you unsubscribe or two years after our last interaction, whichever is earlier.

9.Your rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights in respect of your personal data. To exercise any of them, contact hello@alpndigital.com. We will respond within one calendar month, extendable by two further months for complex requests.

  • Access (Art. 15): a copy of the personal data we hold about you.
  • Rectification (Art. 16): correction of inaccurate or incomplete data.
  • Erasure (Art. 17): deletion of your data where we have no overriding lawful ground to retain it.
  • Restriction (Art. 18): pause processing while a query is resolved.
  • Portability (Art. 20): a machine-readable copy of data you provided to us.
  • Objection (Art. 21): object to processing carried out under legitimate interests, including for direct marketing.
  • Automated decision-making (Art. 22): Recon does not make decisions producing legal or similarly significant effects on data subjects on the basis of automated processing alone.
  • Withdraw consent: at any time, where processing is based on consent.
  • Complain: to the UK Information Commissioner’s Office (ico.org.uk) if you believe your data has been mishandled.

Where you are an end-user whose personal data appears in a customer’s CRM connected to Recon, please direct rights requests to that customer first; we will assist them in fulfilling the request.

10.Security

We employ technical and organizational measures appropriate to the risk of the processing, including: TLS 1.2 or higher in transit; AES-256 encryption at rest; AES-256-GCM encryption of OAuth refresh tokens with workspace-scoped derived keys; row-level security at the database layer; least-privilege production access gated by single sign-on and two-factor authentication; comprehensive audit logging; and formal vendor due diligence for every sub-processor.

We will notify the UK Information Commissioner’s Office and affected individuals of a personal data breach within the timeframes required by the UK GDPR where the breach is likely to result in a risk to rights and freedoms.

11.Cookies and similar technologies

We use a small number of essential and analytics cookies on this website and within the Recon application:

  • Authentication: a session cookie that keeps you signed in. Without this cookie, the service does not function.
  • Security: short-lived cookies for cross-site request forgery prevention.
  • Product analytics: a single first-party PostHog cookie that measures aggregate, anonymized usage. You may opt out via your account settings.

We do not use advertising cookies or tracking pixels for retargeting.

12.Children

Recon is a B2B service provided to organizations and their employees. It is not directed at children under the age of 18 and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact hello@alpndigital.com and we will delete it.

13.Changes to this policy

We may update this policy to reflect changes in our practices, the law, or the service. The effective date at the top of this page indicates when the most recent version took effect. Material changes will be notified to account holders by email at least 30 days before they take effect.

14.Contact

ALPN Digital Ltd.
Email: hello@alpndigital.com
For complaints to a supervisory authority, the lead authority is the UK Information Commissioner’s Office (ico.org.uk).

These terms are provided in good faith and reflect ALPN Digital Ltd’s current practice. They are not a substitute for advice from a qualified solicitor on your specific situation. Customers entering into bespoke commercial arrangements may request a redlined version under negotiation by contacting hello@alpndigital.com.