How We Handle Your Data
& What We Stand For
At Alchex, we don't just process data — we protect it with the same rigor we bring to every audit. Here's what you need to know about our values, our commitments, and how we operate.
We Understand What's at Stake
Alchex provides audit analytics, process mining, and operational intelligence services. We understand that financial records, internal controls, and operational data are highly sensitive.
Protecting client data, ensuring confidentiality, and maintaining service continuity are core commitments of our company.
This isn't legalese — it's a promise. Everything we do is designed to honor the trust you place in us.
The Data We Handle (And Who Owns It)
In delivering our services, we may process financial records, ERP logs, transactional data, internal control documentation, compliance records, operational process data, and audit trails.
Here's what matters most: All client data is treated as Confidential Information, regardless of classification.
You retain full ownership of your data at all times. We act only as a data processor under written agreement and documented instructions.
While your data belongs to you, we retain ownership of our proprietary tools, methodologies, templates, and analytical frameworks — the intellectual infrastructure we've built to serve you better.
What We Do With Your Data (And What We Never Do)
Client data is used strictly to perform audit analytics and process mining, identify control gaps and operational risks, generate reports and insights, and support your regulatory and compliance objectives.
We Never:
- Sell client data
- Use data for competitive purposes
- Access data beyond agreed scope
- Use client data to train public AI systems
What We May Do:
We may use anonymized and aggregated data to improve our services — but never in a way that identifies any client.
How We Protect Your Data
Both Alchex and its clients agree to protect confidential information and use it solely for agreed business purposes. Audit findings, operational insights, and analytical outputs are treated as confidential unless otherwise agreed in writing.
Our Security Measures:
Access to client systems and data is strictly limited to authorized personnel. No exceptions.
Prepared for the Unexpected
Alchex maintains documented Business Continuity and Disaster Recovery plans designed to ensure data integrity and service reliability.
- Encrypted backups
- Redundant infrastructure (where applicable)
- Defined recovery objectives
- Tested recovery procedures
- Formal incident response protocols
If something goes wrong: In the event of a security incident affecting client data, we'll notify you without undue delay, provide relevant information regarding the impact, take immediate mitigation steps, and cooperate with applicable legal or regulatory obligations.
Partners & Data Retention
Alchex may engage trusted infrastructure or service providers to support service delivery. All subprocessors are contractually bound by confidentiality, must maintain comparable security standards, and are subject to due diligence review.
Data retention is simple: Client data is retained only for the duration of the engagement, or as required by law or contractual obligation.
Upon termination, data will be securely returned or deleted upon request. Clean, complete, and final.
Liability & Compliance
Except in cases of gross negligence, willful misconduct, breach of confidentiality, or violation of applicable law, Alchex's liability is limited to fees paid during the preceding 12 months.
Both parties agree to comply with applicable data protection and financial regulatory requirements relevant to audit and process analysis engagements.
Our Values, In Practice
This isn't just policy — it's how we operate every day. Your trust is our most valuable asset, and we treat it accordingly.
These terms are governed by the laws of [Jurisdiction].