Last updated: 13/11/2025

Controller: ALYGN MEDIA LTD (registered in the UK)

Data Protection Lead: Oscar Goldblatt — hello@alygnmedia.com — ALYGN MEDIA LTD, London, UK. 1.

1. Introduction — purpose and scope

ALYGN is a curated creative marketplace that connects Brands / Clients with vetted freelance Creatives and uses an AI-assisted matching engine called ALYGN Intelligence.

This Privacy Policy explains:

● what personal data we collect and why;

● how we use and share personal data (including with Brands/Clients and third parties);

● the rights you have (including how to unsubscribe from emails you receive from us); and

● what happens when you fill in the ALYGN waitlist / interest form.

This Policy applies to all people who interact with ALYGN: Creatives, Clients (brands), visitors to the site and third parties who engage with projects. By signing up, submitting a waitlist/interest form, creating a profile, or otherwise using ALYGN, you accept this Policy.

2. Key consent statement for waitlist / interest forms (explicit)

Important — what happens when you fill the waitlist / interest form

By filling in ALYGN’s waitlist or interest form (whether you are a Creative or a Client), you expressly give ALYGN permission to:

1. Contact you by email about ALYGN, onboarding, pilot invitations, service updates, events, partnership opportunities, pilot offers, product information, related marketing and outreach; and

2. Share the information you supply (subject to the visibility settings and descriptions below) with relevant Brands, Clients, or third parties that may be interested in contacting you or inviting you to apply for projects, pilot opportunities or commercial engagements.

You may unsubscribe from our marketing emails at any time by clicking the unsubscribe link included at the bottom of each email. Unsubscribing stops marketing and promotional communications only; it does not prevent transactional or service emails that are necessary to operate your account (for example: password resets, critical account notices, project delivery messages, or billing receipts). If you require deletion or restriction beyond unsubscribing, follow the data subject rights procedures in Section 12. Any issues contact hello@alygnmedia.com

Note on consent law: We rely on the interest form as a lawful basis for initial contact and outreach. Where local law requires explicit prior consent for marketing, we will obtain that consent via the form’s explicit checkboxes. For Creatives and Clients in jurisdictions that require affirmative opt-in, the Waitlist form includes an Contact Opt-in checkbox; however, by submitting the Waitlist/Interest Form you are granting us permission to contact you for the purposes stated above and to share your information for matching purposes as described in this Policy.

3. Quick summary

● Why we process: to match creatives with briefs, run projects, process payments, communicate with users, and maintain the platform.

● Who we share with: Brands / Clients, project partners, subprocessors (Zapier, Airtable, Framer, OpenAI, etc.), and law enforcement when required. We do not sell personal data.

● Automated matching: ALYGN Intelligence scores and shortlists creatives, developed version to be revealed in mid-late 2026; human review is retained and you have rights to explanation and human review.

● Contact: Hello@alygnmedia.com (Data Protection Lead: Oscar Goldblatt).

4. What personal data we collect:

We collect and process the categories of data needed to provide ALYGN services. For exact data collected individually contact: hello@alygnmedia.com. Summaries below:

ALYGN INTELLIGENCE and AI results won't be taken until platform is fully operational

● Clients (brands): company name, contact name, email, billing email, phone, website, logo, social handles, industry, company size, HQ city/country, descriptions, typical roles, budgets, project frequency, preferred work style, owner, lifecycle stage, email opt-in/status, unsubscribe token and UTM fields, timestamps, Slug and Record ID, CRM status, and other operational fields.

● Creatives (individuals): name, email, roles, profile photo, city/country, day rate,
availability, portfolio links, social links, tags/specialisms, bio, languages, equipment,
preferred project types, VAT/tax info, payout method, timezone, visibility, approval status, profile complete flag, email opt-in/status, unsubscribe token, dedup key and Slug/Record ID, and related fields.

● Briefs: brief title, brief ID, client link, status, budgets, location preference, roles needed, description, deadline, AI status, Needs AI Match checkbox, match count, webhook IDs, error notes and timestamps.
● Matches (junction): brief linkage, creative linkage, match ID, AI score, AI reason,
shortlisted flag, client feedback, outcome, timestamps.
● Projects, Reviews, Portfolios: project and delivery metadata, ratings, review text, asset metadata, visibility flags.
● Emails (operational log): to-type, to record ID, to email, to name, subject, body
(text/HTML), trigger type, provider, message ID, status, sent at (created time). This audit log supports deliverability, diagnostics and compliance and is used to support
unsubscribe handling.
● System & audit data: automation logs, webhook/run IDs, AI prompt logs (where
required), error logs, anonymised analytics, IP addresses, browser/device metadata
when you use our site.

(Full field-by-field mapping is included in Appendix A for traceability between the Privacy Policy and your Airtable implementation.)

5. Sources of personal data

● Directly from you (sign-up, profile, waitlist forms, briefs).

● Created by our systems (AI match scores, automation logs).

● From public sources if you link them (e.g., portfolio pages, social profiles).

● From third parties necessary to serve you (payment providers, accounting services, identity information where required).

6. Purposes of processing & lawful bases

We process personal data for these purposes with the associated lawful bases under UK GDPR:

1. Provide ALYGN services (matching, contracting, delivery): performance of a
   contract; legitimate interests (platform functioning).

2. Automated matching & profiling (ALYGN Intelligence): legitimate interests &
   performance of a contract. Where automated decisions have a legal or similarly
   significant effect, we provide explanation and human review rights. We conduct DPIAs for such processing.

3. Payments & accounting: legal obligation & performance of a contract (Xero). Financial data is retained for statutory periods.

4. Onboarding & marketing communications: consent when required; otherwise
   legitimate interests balanced against your rights. Filling the waitlist / interest form gives ALYGN the right to contact you by email as described in Section 2.

5. Security, fraud prevention & legal compliance: legitimate interests & legal obligation.

6. Analytics & product improvement (aggregated): legitimate interests.

7. Sharing & disclosure (explicit)

We will only share personal data where necessary for the above purposes:

7.1. Sharing with Brands / Clients and third-party requestors

● Creatives: By submitting the waitlist or by creating and publishing a profile, Creatives allow ALYGN to present and share their profile (name, portfolio, contact details, availability, rates, bio and relevant project history) with Clients and other third parties for matching, hiring and project purposes. Creatives control profile Visibility (Public vs Private) — public profiles are visible to Clients and public directories; private profiles are shared only when shortlisted/approved. This right to share is granted by the Creative upon sign-up or waitlist submission and can be changed via account settings (before account creative please contact hello@alygnmedia.com. (Profiles to be built in mid-late 2026)

● Clients / Brands: By submitting the waitlist or by registering, clients allow ALYGN to contact their named representatives and to share company contact details with creatives, vendors and project partners as necessary for fulfilling projects, verifications, contracting, or payroll/accounting purposes.

By signing up or joining the waitlist, you consent to this sharing — we will only share the data necessary for the purpose and will use contractual controls with subprocessors to protect it. If you do not wish your details to be shared for commercial outreach or introductions, do not check relevant consent boxes or do not submit the waitlist form; or contact hello@alygnmedia.com to discuss limited sharing.

7.2. Subprocessors & service providers

We use processors such as OpenAI Business, Zapier, Airtable, Framer, Softr, Xero, Google Workspace, Google Analytics, and others. We maintain DPAs, SCCs and contractual controls where required and a published subprocessor list on request. For AI processing we use ChatGPT Business in a private enterprise workspace which does not use customers information to model training on customer data per our enterprise DPA.

7.3. Legal obligations, safety & M&A

We may disclose to comply with legal obligations or to protect rights/security. If ALYGN merges or is sold, personal data may be transferred subject to confidentiality and compliance.

8. Automated decision-making, profiling & ALYGN Intelligence

How ALYGN Intelligence works (high level): ALYGN Intelligence analyses briefs and creative profiles to produce Scores (0–100) and reasons for matches. Those scores and reasons are stored in Matches records. Human reviewers validate and adjust shortlists prior to client delivery; ALYGN maintains human oversight.

Your rights and safeguards:

● Right to explanation: You may request meaningful information about logic, significance and likely consequences of profiling.

● Right to human review: You may request that a human reviews an automated result and challenge it.

● DPIA & bias testing: ALYGN performs DPIAs for material profiling and monitors models for bias, fairness and performance. A DPIA summary is available on request (see Appendix C).

If you wish to request a human review or explanation of an ALYGN Intelligence decision, contact hello@alygnmedia.com.

9. Emails, waitlist communications & unsubscribe mechanics

Waitlist / interest form emails: As explained in Section 2, by submitting a waitlist/interest form (for Creatives or Clients) you give ALYGN permission to send you emails related to ALYGN — including onboarding, pilot invites, marketing, product updates and partner offers — and to share your details with relevant parties for matching and outreach.

Unsubscribe & Email Opt-out:

● Every marketing or promotional email you receive from ALYGN will contain an unsubscribe link at the bottom which you can use to stop receiving marketing communications. Once you unsubscribe, we will update the Email Status field in your account (Active/Bounced/Unsubscribed) and respect your choice going forward. The operational fields and unsubscribe token we use for this process are recorded in our Emails and Clients/Creatives tables (for example: Unsubscribe Token = LEFT(RECORD_ID(),8)). This ensures automated flows honor your preference.

● Transactional & service emails (e.g., account creations, match notifications that are contractual, payment receipts, security notices) are necessary for the functioning of the service and may still be sent after you unsubscribe from marketing.

● Email logs & diagnostics: We keep email logs (To Email, To Name, Subject, Body, Trigger Type, Provider, Provider Message ID, Status, Sent At) to support deliverability, compliance and troubleshooting. These logs are retained per the Retention schedule in Section 11.

If you believe you still receive emails after unsubscribing or wish help, contact hello@alygnmedia.com and we will correct it promptly.

10. Retention & deletion (detailed)

We retain personal data only for as long as necessary for the purposes set out and to comply with law.

Retention highlights:

● Financial records/payments (Xero): 7 years (statutory tax/accounting retention).

● Active Client & Creative accounts: Retained while account active and archived 12 months after last activity.

● Briefs, Matches, Projects, Reviews: Retained while project lifecycle continues; archived after 12 months; retained up to 7 years for legal reasons when necessary.

● Emails (operational log): 12 months.

● Automation & AI logs: 12 months (or as required by the operations team).

● Backups: Stored for up to 90 days before secure deletion.

Deletion & subprocessors: On deletion requests we will remove the record from active systems and instruct subprocessors to delete data in accordance with DPAs. Deleted data may persist in backups for a limited period. If legal obligations require continued retention, we will retain the minimal necessary data (e.g., billing records) and delete other data.

11. Security & technical measures

We implement a layered approach to security:

● Encryption in transit (HTTPS/TLS) and encryption at rest where supported by vendors; role-based access control and audit logs in Airtable and other systems; admin accounts protected by MFA/2FA.

● Automation health monitoring: daily automation health checks and weekly system digests; error logging and admin alerts.

● Vendor controls: DPAs, SCCs and contractual obligations for subprocessors to process only on our instructions.

● Operational controls: least privilege, incident response plan, vulnerability scanning and periodic audits. We will publish relevant pen-test/SOC2/ISO reports upon request for enterprise customers.

If you need a security attestation for enterprise procurement, contact hello@alygnmedia.com.

12. Data subject rights & how to exercise them

You may exercise the following rights (subject to legal exceptions): access, rectification, erasure, restrict processing, portability, object, and rights in respect of automated decision-making.

How to make a request: Email hello@alygnmedia.com. We will verify identity and respond within one month (may extend by two months for complex requests). We will explain any refusal.

Complaint: If unhappy with the outcome, you may complain to the UK Information Commissioner’s Office (ICO).

13. Data breaches & incident response

We maintain an incident response plan and run tabletop exercises. Where a breach is likely to result in a risk to rights/freedoms of individuals we will notify the ICO within 72 hours and notify affected individuals without undue delay, unless legally prohibited. We maintain recorded runbooks for notification and remediation.

14. Cookies & analytics

We use cookies (essential and non-essential) and a cookie consent management platform (CMP) to obtain consent for analytics cookies. We use Google Analytics via Framer (consent-based) for anonymous usage tracking and will give granular cookie choices.

15. Children

Our service is for adults and businesses. We do not knowingly collect data from creatives or clients under 18. If we learn we have collected such data, we will delete it.

16. Changes to this Policy

We may update this Policy for legal, regulatory or operational reasons. Significant changes will be communicated to active users. The “Last updated” date appears at the top.

17. Contact & supervisory authority

Data Protection Lead: Oscar Goldblatt — Hello@alygnmedia.com — ALYGN MEDIA LTD, London, UK.

You may lodge a complaint with the UK Information Commissioner’s Office (ICO).

Appendix A — WAITLIST/ INFORMATION SCHEMA (operational mapping)

Note: This Appendix includes Airtable schema provided so that the Privacy Policy maps directly to the record fields used by ALYGN. Treat this Appendix as the operative field mapping for data subject requests, retention and exports.

Global ID Best Practices

● Record ID (Formula): RECORD_ID() — used for linking and updates via Zapier/Softr/API.

● Unique Slugs: append a short Record ID suffix to avoid collisions.

● Auto Codes: use Autonumber fields and formulas (Brief ID, Project ID).

● Relationships: use Linked Record fields (never plain text IDs).

Roles

● Role (Primary): Single line text

Clients (Brands)

Please see website waitlist / sign up section for more detail: alygn.co.uk

Creatives

Please see website waitlist / sign up section for more detail: alygn.co.uk

Briefs / Matches / Projects / Reviews / Portfolios / Emails (Log)

● Full field lists and formulas per your schema (Matches include AI Score, Reason; Emails include To Type, To Record ID, Provider, Provider Message ID and Status).

Appendix B — Key subprocessors & references

Key processors we currently use (DPAs and SCCs applied where required):

● OpenAI (ChatGPT Business) — AI engine; enterprise DPA & SCC coverage; private workspace; contractual protections to prevent model training on customer data.

● Airtable — central data store; role-based permissions and audit logs; DPA + SCC.

● Framer — site & forms; Google Analytics via Framer (consent-based).

● Xero — accounting (DPA + SCC).

● Google Workspace — Gmail/Drive (DPA + 2FA).

We keep the subprocessor list and links to DPAs up to date and make them available upon request.

Appendix C — DPIA summary & ALYGN Intelligence oversight

● Appendix C — DPIA summary: ALYGN Intelligence ALYGN Intelligence is an AI-assisted matching engine that converts Client briefs and Creative profiles into ranked shortlists (an “AI Score” and a brief reason). ALYGN has carried out a Data Protection Impact Assessment (DPIA) for this processing. The DPIA describes the scope, the categories of personal data used (profile fields, portfolio links, availability, ratings and brief metadata), the principal risks (bias, erroneous matches, privacy leakage, and unauthorised access), and the safeguards we apply: mandatory human review of all AI shortlists, monthly bias and performance testing, role-based access controls and encryption, contractual DPAs/SCCs with subprocessors (including OpenAI, Zapier and Airtable), and a documented retention and deletion policy.

● If an automated matching decision materially affects you, you have the right to request a human review and an explanation of the main factors involved. A non-technical DPIA summary is available on request and a fuller DPIA can be provided to enterprise customers under NDA. Contact: privacy@alygnmedia.com.

● (The DPIA is reviewed at least quarterly or whenever we make a material change to ALYGN Intelligence.)

Final acceptance clause:

By submitting the ALYGN waitlist / interest form or creating an account on ALYGN, you confirm that you have read and accept this Privacy Policy — including that ALYGN may contact you by email (initial outreach, marketing, onboarding and service messages) and may share the details you provide with Brands/Clients and relevant third parties for the purpose of matching, hiring and project delivery. You may unsubscribe from marketing emails using the unsubscribe link included in our emails or by contacting us at: hello@alygnmedia.com; transactional/service emails necessary for account operation will continue unless you request deletion of your account per Section 12.