Effective date: April 10, 2026
This Privacy Policy explains how ayana group AG ("Alp", "we", "us", or "our") collects, uses, shares, and protects personal data when you use letsalp.com, the Alp mobile applications, and related services (together, the "Service").
If you do not agree with this Privacy Policy, please do not use the Service.
1. Controller and EU Representative
The controller responsible for the processing of personal data under this Privacy Policy is:
ayana group AG
Rinderweid 5
8707 Uetikon am See
Switzerland
CHE-225.435.183
Email: [email protected]
EU representative pursuant to Article 27 GDPR:
ayana group AG
Postfach
Westerwaldstr. 35
65549 Limburg
Germany
Email: [email protected]
EU residents and supervisory authorities may contact the EU representative directly for any matters relating to the processing of personal data under this Privacy Policy.
2. Scope
This Privacy Policy applies to:
3. Personal data we collect
We collect personal data that is necessary to operate Alp, provide accounts and purchases, deliver map-based content, communicate with users, maintain security, and comply with legal obligations.
Depending on how you use Alp, we may collect the following categories of personal data:
4. How we collect personal data
We collect personal data:
5. Why we use personal data
We process personal data for the following purposes:
6. Legal bases
If you are in the EEA, UK, or Switzerland, we process personal data only where we have a valid legal basis, including:
7. Payments
Payments for Alp purchases made on the web are processed by Stripe. We do not store full payment card numbers on our own systems.
When you make a purchase, payment-related data is collected and processed directly by Stripe under its own privacy notice and terms. We receive limited information from Stripe, such as confirmation of payment, billing name, billing address, last four digits, payment status, country, and transaction identifiers, to fulfil the transaction, provide support, issue VAT records, and comply with legal obligations.
Stripe may act as both a data processor on our instructions and as an independent data controller for its own fraud prevention, financial crime, and compliance obligations. For more information, see Stripe's Privacy Policy at stripe.com/privacy.
8. Emails and communications
We send transaction emails including purchase confirmations, access instructions, invoices, and account notices through third-party email delivery providers. Those providers process your email address and message content as processors on our instructions and solely for delivery purposes.
We may also send:
Note: if you registered using Sign in with Apple with the "Hide My Email" option, transactional emails will be forwarded to your real address via Apple's relay system.
9. Location and device permissions
The Alp apps may request access to certain device permissions when needed for specific features you choose to use. For example:
10. Cookies and similar technologies
We may use cookies and similar technologies on the website for security and fraud prevention, core website functionality, and measuring performance or usage where permitted.
If we use non-essential cookies or trackers, we will obtain your consent where required by applicable law.
11. Sharing of personal data
We do not sell personal data.
We share personal data only where necessary with the following categories of recipients:
All third parties that process personal data on our behalf do so under appropriate contractual safeguards.
12. International transfers
Some of our service providers are located or operate in countries outside Switzerland, the EEA, or the UK. Where personal data is transferred internationally, we take appropriate safeguards as required by applicable law, such as:
13. Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by applicable law.
In general:
Where account deletion is requested, active account data will be deleted or anonymized within 30 days, unless a longer retention period is required by law or is technically necessary for backups, fraud prevention, security, dispute handling, or regulatory compliance.
14. Security
We use appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and unauthorized disclosure. These include access controls, encrypted data transmission, server-side security configurations, and regular review of our infrastructure.
No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and we encourage you to use strong passwords, keep your credentials confidential, and contact us immediately at [email protected] if you suspect unauthorized access to your account.
15. Children
Alp is not intended for users below the age at which they can validly use the Service under applicable law. We do not knowingly collect personal data from children in violation of applicable law.
If you believe a child has provided us personal data without appropriate consent or authority, contact us at [email protected] and we will investigate and take appropriate action, including deletion where required.
16. Do-Not-Track
Some browsers and mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your preference not to have your online browsing activity tracked. No uniform technical standard for recognizing and acting on DNT signals has been finalized. We do not currently respond to DNT browser signals. If a standard is adopted that we are required to follow in the future, we will update this Privacy Policy accordingly.
17. Your rights
Depending on where you are located, you may have the following rights under applicable data protection law:
Account deletion: You can request deletion of your account and associated personal data either from within the Alp app through the in-app account deletion function or through our public web account deletion page on letsalp.com. Deletion will permanently delete or anonymize your account data, except for data we must retain to comply with legal obligations, resolve disputes, enforce our agreements, prevent fraud and abuse, maintain security, or preserve records required for tax, VAT, accounting, or backup integrity. We will process deletion requests without undue delay and normally within 30 days.
California residents (CCPA): California residents may contact us at [email protected] to exercise rights under the CCPA, including the right to know, the right to access, the right to correct, the right to delete, and the right not to be discriminated against for exercising these rights. We do not sell personal data as defined under the CCPA.
Switzerland: You may contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
EEA: You may contact your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.
18. App stores and third parties
If you download Alp through the Apple App Store or Google Play, those platforms may process certain data independently in connection with distribution, billing on their own platforms, analytics, fraud prevention, and account management. Their processing is governed by their own privacy terms and is outside our control.
Similarly, third-party websites, mapping services, payment services, and other external services linked to or integrated with Alp process data under their own privacy notices.
19. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above. Where legally required, we will provide additional notice by email, in-app notice, or prominent website notice.
We encourage you to review this Privacy Policy periodically.
20. Contact
For questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact:
ayana group AG
Rinderweid 5
8707 Uetikon am See
Switzerland
[email protected]
This Privacy Policy explains how ayana group AG ("Alp", "we", "us", or "our") collects, uses, shares, and protects personal data when you use letsalp.com, the Alp mobile applications, and related services (together, the "Service").
If you do not agree with this Privacy Policy, please do not use the Service.
1. Controller and EU Representative
The controller responsible for the processing of personal data under this Privacy Policy is:
ayana group AG
Rinderweid 5
8707 Uetikon am See
Switzerland
CHE-225.435.183
Email: [email protected]
EU representative pursuant to Article 27 GDPR:
ayana group AG
Postfach
Westerwaldstr. 35
65549 Limburg
Germany
Email: [email protected]
EU residents and supervisory authorities may contact the EU representative directly for any matters relating to the processing of personal data under this Privacy Policy.
2. Scope
This Privacy Policy applies to:
- our website at letsalp.com;
- the Alp mobile apps, including beta versions distributed via TestFlight;
- purchases made through our website;
- communications with us; and
- content, accounts, and transactions connected to the Alp platform.
3. Personal data we collect
We collect personal data that is necessary to operate Alp, provide accounts and purchases, deliver map-based content, communicate with users, maintain security, and comply with legal obligations.
Depending on how you use Alp, we may collect the following categories of personal data:
- Account and profile data, such as your name, email address, username, password hash, profile information, company name, and similar registration data.
- Purchase and billing data, such as billing name, billing address, country, VAT or tax information where relevant, purchase history, subscription status, transaction metadata, and limited payment-related information received from our payment provider.
- Content and user-submitted data, such as maps, lists, routes, descriptions, images, reviews, comments, in-app feedback, support messages, and other content you create, upload, publish, or send through Alp.
- Technical and usage data, such as IP address, browser type, device type, operating system, app version, log data, timestamps, request data, crash reports, error logs, and general service usage and session information.
- Location data, if you grant location access in the app or use location-based features. This may include approximate or precise location, depending on your device settings and permissions.
- Communication data, such as emails you send to us, support messages, transaction-related emails, and records of communications relating to your account or purchases.
- Device permissions data, where you choose to use features that require access to device functionality, such as location or access to photos or camera for uploaded content. You can control these permissions through your device settings.
- Website data and cookies, including data collected through cookies or similar technologies that are necessary for website functionality, security, performance, or consent management.
- Social login data, if you choose to sign in or register using Sign in with Apple or Google. In that case, the relevant provider may share limited profile information with us such as your name and an email address or relay address. When you use Sign in with Apple with the "Hide My Email" option, Apple provides us with a randomly generated relay email address instead of your real address, and messages we send to that relay address are forwarded to your real inbox by Apple. We do not receive or store your actual email address in that case.
4. How we collect personal data
We collect personal data:
- directly from you, when you create an account, make a purchase, contact us, upload content, submit feedback, or use the Service;
- automatically, when you use the website or apps, including through analytics and error monitoring tools;
- from social login providers, if you choose to use Sign in with Apple or Google to create or access your account;
- from payment providers, app stores, and infrastructure providers in connection with transactions, distribution, fraud prevention, security, and service delivery; and
- from other users, if they share content or interact with you through Alp.
5. Why we use personal data
We process personal data for the following purposes:
- to create and manage user accounts;
- to provide the Alp platform and its map-based and location-based features;
- to process purchases, subscriptions, commissions, refunds, and payment-related administration;
- to send transaction emails, account notices, security alerts, and support messages;
- to host, deliver, cache, optimize, and secure website and app content;
- to monitor app and server performance, track and resolve errors and crashes, and improve reliability and stability;
- to collect and respond to in-app user feedback;
- to moderate content, investigate abuse, prevent fraud, and enforce our Terms;
- to comply with tax, accounting, sanctions, anti-fraud, legal, and regulatory obligations; and
- to respond to user requests, complaints, and legal claims.
6. Legal bases
If you are in the EEA, UK, or Switzerland, we process personal data only where we have a valid legal basis, including:
- Performance of a contract, for example to provide your account, deliver purchases, and operate the Service;
- Compliance with legal obligations, for example for tax, accounting, fraud prevention, sanctions screening, and regulatory requirements;
- Legitimate interests, for example to secure the Service, prevent abuse, maintain infrastructure, monitor performance, resolve technical issues, enforce our Terms, and communicate with users about their accounts; and
- Consent, where required by law, for example for certain optional permissions or cookies.
7. Payments
Payments for Alp purchases made on the web are processed by Stripe. We do not store full payment card numbers on our own systems.
When you make a purchase, payment-related data is collected and processed directly by Stripe under its own privacy notice and terms. We receive limited information from Stripe, such as confirmation of payment, billing name, billing address, last four digits, payment status, country, and transaction identifiers, to fulfil the transaction, provide support, issue VAT records, and comply with legal obligations.
Stripe may act as both a data processor on our instructions and as an independent data controller for its own fraud prevention, financial crime, and compliance obligations. For more information, see Stripe's Privacy Policy at stripe.com/privacy.
8. Emails and communications
We send transaction emails including purchase confirmations, access instructions, invoices, and account notices through third-party email delivery providers. Those providers process your email address and message content as processors on our instructions and solely for delivery purposes.
We may also send:
- security and service emails, such as password resets and important operational notices; and
- support responses to requests you submit.
Note: if you registered using Sign in with Apple with the "Hide My Email" option, transactional emails will be forwarded to your real address via Apple's relay system.
9. Location and device permissions
The Alp apps may request access to certain device permissions when needed for specific features you choose to use. For example:
- location access may be used to show nearby content, improve map functionality, or enable location-based features;
- camera or photo access may be used if you upload images or similar content through the app.
10. Cookies and similar technologies
We may use cookies and similar technologies on the website for security and fraud prevention, core website functionality, and measuring performance or usage where permitted.
If we use non-essential cookies or trackers, we will obtain your consent where required by applicable law.
11. Sharing of personal data
We do not sell personal data.
We share personal data only where necessary with the following categories of recipients:
- Cloud hosting, storage, and infrastructure providers, that host our servers, store files, cache and deliver content, secure and route traffic, process images and other media, and provide the underlying technical infrastructure of the Service;
- Analytics and app performance providers, including Firebase (a service of Google Ireland Limited, Ireland), which may collect app usage, session, device, and event data to help us understand how the app performs and is used. Google Ireland Limited may act as an independent data controller for certain Firebase analytics data under its own privacy terms. See Google's Privacy Policy at policies.google.com/privacy for details;
- Error tracking and crash monitoring providers, including Sentry (Sentry Inc., United States), which receive technical data such as crash reports, error logs, device information, and related diagnostic data to help us identify and resolve technical issues. Sentry acts as a data processor on our instructions;
- In-app feedback providers, including Wiredash (Wiredash GmbH, Germany), which collect user-submitted feedback, device information, and related metadata when you submit feedback through the app. Wiredash acts as a data processor on our instructions;
- Payment providers, including Stripe, to process purchases, handle fraud and compliance checks, issue VAT records, and meet financial regulatory obligations;
- Email delivery providers, to send transactional, service, and support emails;
- App stores and platform providers, including Apple and Google, in connection with app distribution, beta testing via TestFlight, and platform-level operations;
- Social login and authentication providers, including Apple and Google, when you choose to authenticate using those services. Each provider acts as an independent data controller and processes data about your authentication event under their own privacy terms. Where those providers are located outside the EEA or Switzerland, they rely on standard contractual clauses or applicable adequacy decisions as the transfer mechanism. See Apple's Privacy Policy at apple.com/privacy and Google's Privacy Policy at policies.google.com/privacy for details;
- Infrastructure monitoring tools, used internally to monitor server and application performance and reliability;
- Professional advisers, such as lawyers, accountants, auditors, and insurers, where required;
- Public authorities and counterparties, where required by law, court order, legal process, or to protect the rights, property, or safety of Alp, our users, or others; and
- Corporate transaction parties, where necessary in connection with a restructuring, financing, merger, asset sale, or similar transaction.
All third parties that process personal data on our behalf do so under appropriate contractual safeguards.
12. International transfers
Some of our service providers are located or operate in countries outside Switzerland, the EEA, or the UK. Where personal data is transferred internationally, we take appropriate safeguards as required by applicable law, such as:
- standard contractual clauses or equivalent approved transfer mechanisms; or
- transfers to countries recognized by the relevant authority as providing an adequate level of data protection.
- Firebase (Google Ireland Limited) processes data primarily in Ireland and may transfer data to the United States. Google relies on standard contractual clauses for such transfers.
- Sentry (Sentry Inc.) is based in the United States and processes data there under standard contractual clauses.
- Social login providers including Apple and Google process authentication data in the United States and rely on standard contractual clauses or equivalent mechanisms for EU and Swiss transfers.
13. Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by applicable law.
In general:
- account data is kept while your account is active and for a reasonable period afterwards for support, dispute resolution, enforcement, and legal compliance;
- transaction and billing records are kept for as long as required by tax, VAT, accounting, and regulatory obligations, typically up to ten years under Swiss and EU law;
- technical logs, crash reports, and error data are retained for limited periods necessary for security, troubleshooting, and legal protection;
- backup copies may persist for a limited period and will be purged on a scheduled basis.
Where account deletion is requested, active account data will be deleted or anonymized within 30 days, unless a longer retention period is required by law or is technically necessary for backups, fraud prevention, security, dispute handling, or regulatory compliance.
14. Security
We use appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, and unauthorized disclosure. These include access controls, encrypted data transmission, server-side security configurations, and regular review of our infrastructure.
No method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, and we encourage you to use strong passwords, keep your credentials confidential, and contact us immediately at [email protected] if you suspect unauthorized access to your account.
15. Children
Alp is not intended for users below the age at which they can validly use the Service under applicable law. We do not knowingly collect personal data from children in violation of applicable law.
If you believe a child has provided us personal data without appropriate consent or authority, contact us at [email protected] and we will investigate and take appropriate action, including deletion where required.
16. Do-Not-Track
Some browsers and mobile operating systems include a Do-Not-Track ("DNT") feature you can activate to signal your preference not to have your online browsing activity tracked. No uniform technical standard for recognizing and acting on DNT signals has been finalized. We do not currently respond to DNT browser signals. If a standard is adopted that we are required to follow in the future, we will update this Privacy Policy accordingly.
17. Your rights
Depending on where you are located, you may have the following rights under applicable data protection law:
- to access your personal data and receive a copy of it;
- to receive information about how it is processed;
- to correct inaccurate or incomplete personal data;
- to request deletion of your personal data;
- to request restriction of processing in certain circumstances;
- to object to processing based on legitimate interests;
- to receive your personal data in a portable format where technically feasible;
- to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal; and
- to lodge a complaint with a competent data protection supervisory authority.
Account deletion: You can request deletion of your account and associated personal data either from within the Alp app through the in-app account deletion function or through our public web account deletion page on letsalp.com. Deletion will permanently delete or anonymize your account data, except for data we must retain to comply with legal obligations, resolve disputes, enforce our agreements, prevent fraud and abuse, maintain security, or preserve records required for tax, VAT, accounting, or backup integrity. We will process deletion requests without undue delay and normally within 30 days.
California residents (CCPA): California residents may contact us at [email protected] to exercise rights under the CCPA, including the right to know, the right to access, the right to correct, the right to delete, and the right not to be discriminated against for exercising these rights. We do not sell personal data as defined under the CCPA.
Switzerland: You may contact the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.
EEA: You may contact your local supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.
18. App stores and third parties
If you download Alp through the Apple App Store or Google Play, those platforms may process certain data independently in connection with distribution, billing on their own platforms, analytics, fraud prevention, and account management. Their processing is governed by their own privacy terms and is outside our control.
Similarly, third-party websites, mapping services, payment services, and other external services linked to or integrated with Alp process data under their own privacy notices.
19. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date above. Where legally required, we will provide additional notice by email, in-app notice, or prominent website notice.
We encourage you to review this Privacy Policy periodically.
20. Contact
For questions, requests, or complaints about this Privacy Policy or our handling of personal data, contact:
ayana group AG
Rinderweid 5
8707 Uetikon am See
Switzerland
[email protected]