Contents
Alpha Nur operates in a regulated nuclear environment. Some of the collection, use, retention, and sharing described below is required by U.S. federal law — including export-control requirements under 10 CFR Part 810 — or by our agreements with the U.S. Department of Energy (DOE) and other federal agencies.
1.Information we collect
On alphanur.com (this website)
This site has no user accounts, sets no cookies, and runs no analytics or advertising trackers. Our hosting provider (Google Firebase Hosting) keeps standard access logs — IP address, browser type, pages requested, timestamps — which we use only for security and operations. Page fonts are delivered by Google Fonts, which receives the technical request data needed to serve them. If you use a linked form (for example “Apply Now,” our mailing list, or a meeting request), the information you submit is collected through Google Forms into our Google Workspace and used only for that request.
On visit.alphanur.com (visitor pre-registration)
When you pre-register for a visit — typically through an invitation link from your Alpha Nur host — we collect the information a regulated nuclear facility needs to authorize access:
- Identity: full legal name, date of birth, sex, and (for passports) place of birth.
- Government ID details: your REAL ID–compliant state ID/driver’s license or passport — document number, issuing authority and jurisdiction, issue and expiry dates, REAL ID status, and height — entered manually or verified with a Digital ID (section 2).
- Contact: email address, phone number, and the residential address shown on your ID.
- Professional: employer, job title, employer’s country of incorporation, ultimate parent organization and its country (used for foreign ownership, control, or influence screening), and citizenship(s).
- Visit details: your host, visit dates, and purpose of visit.
- Access certification (only when the access you request requires it): Social Security number, DOE/DoD security-clearance details and sponsoring organizations, need-to-know justification, and related certifications (for example, visit authorization request, HSPD-12 credential, dosimetry, and health & safety certifications).
- Acknowledgements: your consent selections, the version of the notice text you agreed to, and the name you type to certify your submission.
On-site at our facilities
Consistent with the notices you acknowledge during pre-registration, visits to facility grounds may involve badging records, photographs and video (CCTV), screening of persons and property, and — where security requirements apply — collection of biometric information (for example, facial or fingerprint data) by Alpha Nur and/or federal authorities.
Technical and security data
Our visitor-system infrastructure keeps request logs (IP address, user agent, request metadata) for security monitoring and abuse prevention behind a web application firewall. Sensitive values such as invitation tokens and credentials are redacted from application logs.
2.Digital ID verification (Verify with Wallet)
You may choose to verify your identity with a Digital ID — an ISO/IEC 18013-5 mobile driver’s license or state ID stored in a wallet app such as Apple Wallet or Google Wallet — instead of typing your document details.
- We request exactly ten data elements: given name, family name, date of birth, sex, resident address, document number, issue date, expiry date, issuing authority, and issuing jurisdiction. We do not request your portrait or photo.
- You approve every share on your device. Your wallet shows you each requested element before anything is shared; nothing is transmitted unless you approve.
- Shared elements are retained. The elements you approve become part of your visit record — encrypted as described in section 5 — exactly as if you had entered them manually. Your wallet’s consent screen reflects this (“data will be kept” / intent to retain), and section 6 describes how long visit records are kept.
- Verification is checked against official issuer certificates. Responses are validated against state issuing-authority certificates published through the AAMVA Digital Trust Service. Cryptographic artifacts used to secure the exchange (session identifiers, one-time nonces, transcripts) are single-use and are not retained after verification completes.
- Digital ID is optional. Manual entry is always available and equivalent. Digital IDs are not accepted at the gate in place of the physical document — bring the physical ID you verified with.
3.How we use information
- To administer your visit: process your pre-registration, coordinate with your host, and manage facility access.
- To verify your identity and eligibility for access, including REAL ID compliance.
- To meet security, safety, and regulatory obligations: U.S. export control (10 CFR Part 810), DOE directives and agreements, applicable NRC requirements, and radiological safety (dosimetry).
- To conduct security reviews of visit requests, including verification by Alpha Nur and cognizant federal agencies.
- To protect our systems, facilities, and personnel: security monitoring, abuse prevention, and auditing.
- To comply with law and respond to lawful requests.
5.How we protect information
- Encryption in transit and at rest: connections use TLS (HTTPS is enforced), and all visitor personal information is encrypted with Google Cloud Key Management Service before it is written to our database.
- Extra protection for the most sensitive fields: Social Security numbers and ID document numbers are never displayed in our operational dashboards.
- U.S. data residency: visitor records are stored in a single U.S. region inside a FedRAMP Moderate–authorized cloud boundary (Google Cloud Assured Workloads).
- Access control and auditing: only authenticated, authorized Alpha Nur personnel can review visit records, and review actions are written to an append-only audit trail.
- Perimeter defenses: a web application firewall (including OWASP rule sets), rate limiting, and security logging.
No system is perfectly secure, but we review and harden these controls on an ongoing basis.
6.How long we keep information
We keep visitor information as long as necessary to administer your visit and to meet security obligations under applicable federal law, DOE directives and records schedules, and Alpha Nur’s agreements with the U.S. Department of Energy. Consistent with U.S. Department of Energy security records schedules, our baseline retention for visit and facility-access records is 25 years; records connected to potential radiological or hazardous-material exposure are kept indefinitely. Retention may run longer where federal law, DOE direction, or an active security matter requires:
| Record | How long we keep it |
|---|---|
| Completed visit records — the pre-registration you submit, including identity details verified via Digital ID or entered manually, any access-certification details, and the visit’s review history | 25 years after your visit (or last scheduled visit date), consistent with U.S. Department of Energy security records schedules; longer where required by federal law, DOE direction, a litigation hold, or an active security matter |
| Records connected to potential radiological or hazardous-material exposure during your visit (for example, dosimetry records) | Retained indefinitely, consistent with federal exposure-records requirements |
| Incomplete pre-registrations (started but never submitted) | Removed on a routine basis after the invitation link expires, unless federal security requirements direct otherwise |
| Invitation links (your host’s identity and any name/email used to pre-fill your form) | Same schedule as the associated visit record |
| Digital ID protocol artifacts (presentation requests, one-time nonces, session transcripts) | Not retained beyond the verification exchange |
| Biometric identifiers collected on-site by Alpha Nur (for example, fingerprint or facial-geometry data) | Retained only as long as the security purpose of collection requires, consistent with applicable law (including the Illinois Biometric Information Privacy Act) and federal security directives |
| Other on-site security records (badging, CCTV) | Badge and facility-access records follow the 25-year schedule above; video monitoring (CCTV) is kept for limited operational periods under applicable federal directives unless preserved for a security matter |
| Operational and security logs (both sites) | Kept for limited periods appropriate to security monitoring and audit needs |
| Website form submissions (careers, mailing list, meeting requests) | As long as needed for your request; mailing-list entries until you unsubscribe |
When a retention period ends, records are deleted or irreversibly de-identified. Where federal agencies hold copies of records shared under section 4, retention by those agencies is governed by their own schedules.
7.Your choices and rights
- Providing information is voluntary, but we cannot authorize facility access without the required fields.
- Digital ID verification is optional — manual entry is always available.
- To review, correct, or ask questions about your information, contact us (section 10). We will honor requests to the extent consistent with federal security and recordkeeping requirements.
- Depending on where you live, you may have additional rights under state privacy laws. We do not “sell” or “share” personal information as those terms are defined in those laws.
8.Children
Our websites and visitor system are intended for adults and working professionals. We do not knowingly collect personal information from children under 16.
9.Changes to this policy
If we change this policy, we will post the updated version here with a new effective date. Material changes will be noted prominently on this page.
10.Contact us
Alpha Nur, Inc. — Privacy
6720 Powell St, Downers Grove, IL 60516
communications[at]alphanur.com