Privacy Policy

Effective date: January 2026

AlumniFOX (“AlumniFOX”, “we”, “our”, “us”) is committed to protecting the privacy, confidentiality, and security of personal data. This Privacy Policy explains how personal information is collected, used, stored, processed, and protected in connection with our website and services, in compliance with applicable data protection and privacy laws worldwide.

1. Scope of This Policy

This Privacy Policy applies to:

• visitors to the AlumniFOX website, and
• customers, partners, and individuals whose personal data is processed as part of AlumniFOX’s services.

AlumniFOX provides business-to-business (B2B) data services exclusively to institutional clients such as universities, foundations, and related organisations. We do not offer consumer-facing services.

2. Our Privacy-First Approach

Privacy and data protection are core design principles at AlumniFOX.

Our services are purpose-built for institutional use and are not designed for consumer profiling, advertising, or behavioral tracking. We apply privacy by design and privacy by default principles across our technical infrastructure, workflows, and internal processes.

This means that:

• personal data is processed only where necessary and for clearly defined purposes,
• access to data is restricted to authorized personnel on a strict need-to-know basis, and
• technical and organisational safeguards are implemented throughout the data lifecycle.

AlumniFOX maintains internal documentation covering data flows, processing purposes, access controls, and retention rules. These practices are reviewed periodically to ensure continued compliance with applicable data protection regulations.

AlumniFOX does not sell personal data and does not monetise data through advertising or third-party marketing activities.

3. Categories of Personal Data Processed

Depending on the services provided and customer instructions, AlumniFOX may process limited categories of personal data, including:

• First name and last name
• Professional affiliation and job title
• Employment history and career changes
• Publicly available professional contact details (such as work email addresses)
• Publicly available online information related to professional activity

AlumniFOX intentionally limits data collection and does not require:

• personal phone numbers
• home addresses
• dates of birth
• national identification numbers
• sensitive personal data as defined under Article 9 of the GDPR

Any request to process additional data categories is subject to prior assessment, explicit customer instruction, and appropriate contractual safeguards.

4. Sources of Personal Data

Personal data processed by AlumniFOX is obtained from:

• publicly accessible online sources, and/or
• datasets provided directly by customers for processing under contract.

AlumniFOX does not access private, password-protected, or restricted systems, and does not circumvent access controls.

When processing customer-provided data, AlumniFOX acts strictly under documented customer instructions and does not determine independent purposes for such processing.

5. Legal Bases for Processing

AlumniFOX processes personal data only where a lawful basis exists. Depending on the context, this may include:

• Legitimate interests (Article 6(1)(f) GDPR), particularly for maintaining accurate alumni and professional records and supporting institutional engagement and reporting
• Performance of a contract (Article 6(1)(b) GDPR)
• Compliance with legal obligations
• Consent, where required under applicable law

Where legitimate interests are relied upon, AlumniFOX conducts and documents balancing assessments, taking into account the nature of the data, the reasonable expectations of individuals, and the safeguards implemented.

6. Purpose Limitation and Use of Data

Personal data is processed exclusively for purposes agreed with our customers, including:

• improving data accuracy and completeness
• tracking professional and career changes
• supporting alumni engagement, advancement, and institutional analytics
• enabling reporting and strategic decision-making

Personal data is never repurposed for unrelated uses and is not used for advertising, profiling, or automated decision-making with legal or similarly significant effects.

7. Data Hosting and Localization

AlumniFOX applies regional data hosting strategies aligned with regulatory expectations and customer requirements:

• data relating to individuals in the European Union is hosted within the EU or EEA,
• data relating to individuals in the United Kingdom is hosted within the UK or equivalent jurisdictions, and
• data relating to other regions is hosted in compliant environments subject to contractual and technical safeguards.

Hosting locations are determined based on customer geography, legal requirements, and contractual commitments.

8. International Data Transfers

AlumniFOX operates internationally. Where cross-border data transfers are necessary, we implement appropriate safeguards to ensure an equivalent level of protection, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements (IDTAs) or approved addenda
• technical and organisational security measures

We continuously monitor regulatory guidance related to international data transfers.

9. Security Measures

AlumniFOX maintains technical and organisational measures aligned with industry standards to protect personal data, including:

• encryption of data at rest and in transit
• role-based access controls
• internal access restrictions and authentication mechanisms
• logging, monitoring, and incident response procedures

Security controls are reviewed and updated regularly to address evolving risks.

10. Data Retention

Personal data is retained only for as long as necessary to fulfill contractual obligations and comply with applicable legal or regulatory requirements.

Retention periods are defined contractually and reviewed periodically. Data is securely deleted or anonymised when no longer required.

11. Data Subject Rights

Depending on applicable law and jurisdiction, individuals may have rights including:

• access to personal data
• rectification of inaccurate data
• erasure
• restriction or objection to processing
• data portability

Requests may be submitted by contacting: charles@alumnifox.com

Requests are handled in accordance with applicable statutory timelines and legal requirements.

12. European Union – GDPR

For individuals located in the European Economic Area (EEA), AlumniFOX processes personal data in accordance with Regulation (EU) 2016/679 (GDPR).

This includes:

• clearly defined lawful bases for processing,
• appropriate safeguards for international transfers, and
• full recognition of data subject rights under the GDPR.

13. United Kingdom – UK GDPR

For individuals located in the United Kingdom, AlumniFOX complies with the UK GDPR and the Data Protection Act 2018.

Where personal data is transferred outside the UK, AlumniFOX relies on:

• UK adequacy regulations, or
• UK-approved international transfer mechanisms such as the IDTA or Addendum.

14. United States Data Privacy

AlumniFOX complies with applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), where applicable.

AlumniFOX:

• operates exclusively in a B2B institutional context,
• does not sell personal information,
• does not share personal information for cross-context behavioral advertising, and
• does not act as a data broker.

Where required under U.S. law, individuals may submit requests to access, correct, or delete personal information by contacting charles@alumnifox.com.

15. Australian Data Privacy

For Australian institutions and individuals, AlumniFOX complies with the Privacy Act 1988 and the Australian Privacy Principles (APPs).

Key commitments include:

• lawful and transparent processing of personal information,
• reasonable steps to ensure data accuracy and security,
• compliance with cross-border disclosure requirements under APP 8, and
• support for access and correction requests.

16. Google API Services Disclosure

AlumniFOX’s use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

Information obtained via Google APIs is:

• used solely to provide requested functionality,
• not used for advertising or unrelated analytics, and
• not retained beyond what is necessary to deliver the service.

17. Changes to This Policy

This Privacy Policy may be updated periodically to reflect regulatory, operational, or legal changes. The most current version will always be made available on the AlumniFOX website.

Trusted by universities & colleges across the globe

Join our clients in saving hundreds of hours per year on research