Effective date: 1 May 2026 · Last updated: 1 May 2026
Data Controller
Tulin Aldemir — Trading under: Algora
Chamber of Commerce (KVK): 98992937
Address: Jan Steenstraat 96D, 3443 GZ Woerden, the Netherlands
Contact: info@algoraapp.com · Website: algoraapp.com
Algora is an AI-powered brand visibility audit platform operated by Tulin Aldemir (KVK 98992937), trading under the name Algora, based in Woerden, the Netherlands.
Algora is the data controller within the meaning of the General Data Protection Regulation (GDPR / AVG) for all personal data processed through the algoraapp.com platform.
We take the protection of your personal data seriously. This Privacy Policy explains what data we collect, why we collect it, how it is stored, who it is shared with, and what rights you have. Please contact us at info@algoraapp.com if you have any questions.
The following provides an overview of the personal data Algora processes, the purpose, the legal basis, and the retention period.
What: Email address.
Why: To create and manage your account. Authentication is handled via a one-time password (OTP) system. We do not store passwords.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
Retention: Until you delete your account. Account data is permanently deleted within 90 days of account closure.
What: Brand name, website URL, industry, competitor names, target region, company description, and audit language preference.
Why: To configure and execute AI visibility audits. This data is used to generate queries sent to AI model providers and to produce audit reports and action plans.
Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
Retention: For the duration of the account. Deleted within 90 days of account closure.
What: Billing name, billing address, and VAT number (if applicable). Payment method data (card details) is processed exclusively by Stripe — Algora never sees or stores card numbers.
Why: To process subscription payments and issue invoices.
Legal basis: Performance of a contract and legal obligation (Article 6(1)(b) and (c) GDPR).
Retention: Invoice data is retained for 7 years in accordance with Dutch Tax and Customs Administration (Belastingdienst) requirements. All other billing data is deleted upon account closure.
What: Session tokens stored in the browser (via localStorage or secure cookies) to maintain your logged-in state.
Why: To enable secure access to your account. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Legal basis: Legitimate interest in providing a functional and secure service (Article 6(1)(f) GDPR).
Retention: Session tokens expire automatically and are cleared upon sign-out or account deletion.
What: Email address and content of messages submitted via the contact form or to info@algoraapp.com.
Why: To respond to your enquiries and resolve complaints.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention: Deleted upon resolution of the enquiry, unless retention is required by law.
If you choose to register or log in to Algora using a third-party service (such as Google), we receive certain information about you from that provider. This typically includes your name, email address, and profile picture. This data is used solely to create your account and verify your identity. We do not access your private files, contacts, or any other data stored with the third-party provider beyond what is necessary for authentication.
Algora does not sell your personal data to third parties. We share data only where strictly necessary for the operation of the Service, and only with providers who are contractually bound to protect your privacy.
Your account data, brand data, audit results, and session information are stored on Supabase infrastructure. Supabase servers used by Algora are located within the European Union (EU), ensuring your data does not leave EU jurisdiction for storage purposes.
Supabase provides encrypted data storage and secure authentication. Data is encrypted at rest and in transit (TLS). Supabase acts as a data processor under a Data Processing Agreement (DPA).
All payment transactions are processed by Stripe, Inc. Algora does not receive, store, or have access to your full payment card details. Stripe processes payment data in accordance with PCI-DSS standards and its own Privacy Policy (stripe.com/privacy).
Stripe may process data in the United States. Such transfers are governed by Standard Contractual Clauses (SCCs) as required under GDPR.
Algora uses Resend to send transactional emails, including OTP (one-time password) login codes and system notifications. Your email address is transmitted to Resend solely for the purpose of delivering these messages.
Resend may process data outside the EU. Such transfers are covered by appropriate safeguards including Standard Contractual Clauses (SCCs).
When you initiate an audit, Algora sends query inputs — including your brand name, competitor names, and audit parameters — to third-party AI model providers. These currently include:
Important: Query data sent to AI model providers via API is not used to train or fine-tune AI models, in accordance with each provider's API data usage policies. Your brand data is used solely to generate real-time query responses and is not retained by these providers beyond their standard API processing terms.
These providers may process data outside the EU. All such transfers are subject to Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.
We use Google OAuth to provide a seamless login experience. By using this feature, you acknowledge that your data will be processed by Google Inc. in accordance with their own Privacy Policy (policies.google.com/privacy). We recommend reviewing Google's privacy settings to manage the information shared with us.
Algora does not use advertising cookies, tracking cookies, or third-party analytics scripts.
The platform may use technically necessary mechanisms to maintain your session, including:
No data collected via these mechanisms is shared with advertisers or used for behavioural profiling.
Algora is based in the Netherlands and primarily stores data within the European Union via Supabase EU infrastructure. Some third-party service providers (including Stripe, Resend, OpenAI, Anthropic, and Perplexity) operate from or process data in the United States or other non-EU countries.
Where personal data is transferred outside the European Economic Area (EEA), Algora relies on the following safeguards:
By using the Service, you acknowledge that query inputs (brand name, competitor names) may be processed by AI model providers in the United States in order to generate audit results. This processing is limited to what is strictly necessary to deliver the Service.
Algora retains your personal data only for as long as is necessary for the purposes described in this policy:
To request early deletion of your data or to close your account, contact us at info@algoraapp.com. We will confirm deletion within 30 days.
As a data subject under the GDPR, you have the following rights with respect to your personal data:
To exercise any of these rights, send a written request to info@algoraapp.com. Please include sufficient information to verify your identity. We will respond within 30 days.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl if you believe your data is being processed unlawfully.
Algora takes appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. These measures include:
Despite these measures, no internet-based service can guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected users without undue delay.
Algora uses automated processing to calculate brand visibility scores and generate action plans based on AI model outputs. These scores are computed algorithmically and form the basis of the reports delivered to you.
These automated outputs are advisory in nature and do not produce legal or similarly significant effects on individuals. No automated decisions are made about individuals' creditworthiness, eligibility, or other rights-affecting matters.
You may contact us at info@algoraapp.com at any time to request human review of any output generated by the Service.
The Algora Service is intended for use by businesses and individuals aged 18 or over. We do not knowingly collect personal data from persons under 18 years of age. If we become aware that a minor has created an account without parental consent, we will delete that account and associated data promptly.
Algora may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. When we make material changes, we will notify you by email or through an in-app notification at least 14 days before the changes take effect.
The most current version of this policy is always available at algoraapp.com/privacy. We recommend reviewing it periodically.
For any questions, requests, or concerns regarding this Privacy Policy or the handling of your personal data, please contact:
Privacy Contact
Tulin Aldemir (Algora)
Email: info@algoraapp.com
Address: Jan Steenstraat 96D, 3443 GZ Woerden, the Netherlands
If you are not satisfied with our response, you have the right to file a complaint with the Dutch Data Protection Authority:
Algora · algoraapp.com · info@algoraapp.com
KVK 98992937 · Jan Steenstraat 96D, 3443 GZ Woerden, the Netherlands