Website Navigation

Sitemap

Explore the complete ALIFE AIR digital ecosystem. From revolutionary vehicles to breakthrough energy solutions.

Live Pages
Coming Soon
23
Live Pages
54
Planned Pages
6
Product Lines
4
Global Regions

Home

KBi Series

Cabin Cycles

A-Bike

Electric Scooters

V28 Series

Premium Scooters

ALF Energy

Energy Storage Solutions

Charging Network

DC Fast Charging — AURIX™

ALIFE AIR Power

LAES Cryogenic Technology

Corporate

About ALIFE AIR

Investor Relations

Financial Information & IR Portal

Global Operations

Worldwide Presence

  • Global Presence Map
  • Singapore HQ (R&D)
  • Malaysia Manufacturing
  • China Supply Chain
  • USA Corporate
  • Europe Expansion

Support

Customer Service

  • Contact Us
  • Support Home
  • FAQ
  • Service Center Locator
  • Warranty Information

Legal

Policies & Terms

Development Roadmap

Upcoming features and pages

Q2 2026 Priority

Phase 1: Launch

  • KBi Trivia T2 Launch
  • Investor Relations Hub
  • Charging Network Overview
  • Global Expansion Page
  • Sodium-Ion Technology
  • ALF Energy Hub
Q3 2026 Growth

Phase 2: Infrastructure

  • Charging Station Locator
  • Sodium-Ion Production
  • AURIX Swap 24 & Home 7
  • Customer Support Hub
  • Press Releases
Q4 2026 Expansion

Phase 3: E-Commerce

  • Merchandise Store
  • Careers Section
  • Europe Operations
  • V28 Pro Edition

Data Governance & Cybersecurity Framework

Full Compliance Architecture

ALIFE AIR INC.'s enterprise cookie consent, data privacy, and cybersecurity consent architecture — designed for global regulatory defensibility, IPO-level audit readiness, and institutional investor transparency.

🇪🇺 GDPR Compliant 🇺🇸 SEC 2023 Aligned 🇸🇬 PDPA Compliant IPO Due Diligence Ready
01

High-Level System Architecture

End User
EU / US / SG / Global Visitor

Any visitor to alifeair.com, regardless of jurisdiction.

Cookie Banner UI — Frontend
Consent Collection Layer
  • No pre-ticked boxes
  • Accept / Reject equal visual prominence
  • Granular category customization modal
  • Zero tracking before consent
Consent Decision Handler — Client JS
Script Blocking & State Manager
  • Blocks analytics / marketing until consent received
  • Temporary localStorage cache (not source of truth)
  • Sends structured payload to secure backend endpoint
Firebase Cloud Function — Server-Side
Secure Consent Logging Engine
  • Reads real IP from request headers
  • SHA-256 hashes IP — raw IP never stored
  • GeoIP region from Cloudflare CF-IPCountry
  • Attaches consentVersion, policyVersion, timestamp
  • Schema validation + writes immutable Firestore record
Firestore Database
cookie_consents Collection
  • Write-only via Admin SDK (server)
  • Zero public read access
  • Versioned, immutable consent records
Internal Admin / Audit Access — Secure
Role-Based Access Control
  • Admin SDK authentication only
  • Audit queries and export for regulatory review
  • Time-bound access for external auditors
02

Data Flow Diagram — GDPR Defensible

1
User Visits Website
  • Analytics not loaded
  • Marketing scripts not loaded
  • Strictly necessary cookies only
2
User Selects Consent

Client sends a structured JSON consent payload to the Cloud Function endpoint (/api/logCookieConsent) via HTTPS POST with keepalive.

3
Server Processes Request
  • Reads IP from Cloudflare headers
  • SHA-256 hashes IP — never stored raw
  • Attaches region, timestamp, versions
  • Validates schema, writes immutable record
4
Script Loader Executes
  • analytics = true → GA loaded dynamically
  • marketing = true → pixel scripts loaded
  • No consent = no tracking, ever
03

Firestore Structure — Audit-Ready

Firestore · cookie_consents / {autoDocId}
collection: cookie_consents
document: autoDocId

consentVersion: "v1.0"
policyVersion: "cookie_policy_v1.0"
necessary: true
analytics: false
functional: false
marketing: false
timestamp: "2026-02-22T10:00:00.000Z"
recordedAt: ServerTimestamp
ipHash: "a3f1b2c4..." // SHA-256
userAgent: "Mozilla/5.0..."
region: "EU"
pageUrl: "https://alifeair.com/"
userId: null
source: "cookie_consent_banner"
Firestore Security Rules
match /cookie_consents/{id} {
allow read: if false;
allow write: if false;
// Admin SDK bypasses rules
}
Immutability Guarantee

Every consent record is written atomically by the Cloud Function using the Firebase Admin SDK. No client — including authenticated admins via the web interface — can create, update, or delete records directly. This ensures a tamper-evident, legally defensible audit trail.

04

Security Layer Architecture

Layer 1
Script Control
  • No third-party tracking loaded pre-consent
  • Dynamic injection only after explicit approval
  • Safe server-rendered default state
Layer 2
Backend Validation
  • Cloud Function schema validation on every request
  • Malformed or missing fields are rejected (HTTP 400)
  • Origin allowlist — CORS restricted to known domains
Layer 3
Data Minimization
  • Raw IP address never stored — SHA-256 hash only
  • No PII collected in consent logs
  • User-agent truncated to 512 characters
Layer 4
Firestore Rules
  • allow read: if false
  • allow update: if false
  • allow delete: if false
  • Write-only via Cloud Function service account
05

Consent Version Control

When any of the following change, the version is incremented:

  • Cookie policy wording
  • Banner text or category descriptions
  • Tracking categories added or removed
consentVersion = "v1.0" "v1.1"
policyVersion = "cookie_policy_v1.0"

Version bump invalidates existing localStorage cache, forcing re-consent on next visit. All historical records retain their original version — enabling point-in-time audit replay.

Proof of which text the user agreed to
Historical legal defensibility
Clear unbroken audit trace
06

Withdrawal & Modification Flow

User clicks "Manage Cookie Preferences" in site footer:

  1. 1

    Settings modal opens with current preferences pre-loaded

  2. 2

    User modifies category toggles as desired

  3. 3

    New consent record written to Firestore — old record preserved (no overwrite)

  4. 4

    Tracking scripts updated immediately; page reloads to apply withdrawal cleanly

Each change creates a new Firestore document, establishing a complete, immutable modification history that satisfies GDPR Art. 7(3) withdrawal requirements.

07

SEC Cybersecurity Disclosure Alignment

Supporting disclosure under SEC 2023 Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Rules (17 CFR §§ 229.106, 249.310).

Consent data is encrypted in transit (HTTPS/TLS) and at rest (Firebase GCP encryption)

No raw IP address stored — SHA-256 one-way hash only

Role-based access control implemented — developers have no read access to consent DB

Immutable audit logging maintained via Firestore Admin SDK write-only path

No client-side trust for sensitive logging — all writes server-side only

Tracking completely blocked until affirmative user consent received

Data governance framework implemented and publicly disclosed

GeoIP region captured server-side (Cloudflare CF-IPCountry) — cannot be spoofed by client

08

Data Retention Model

Data Type Retention Period
Cookie consent logs 3–5 years
Audit exports As required by SEC
IP hash Same as consent log
localStorage cache Until user clears browser

Scheduled deletion implemented via Firebase Cloud Scheduler + Firestore TTL policy. Records beyond retention window are automatically purged in compliance with GDPR Art. 5(1)(e) storage limitation.

09

Global Scalability Model

Infrastructure Stack
  • Firebase Hosting + Cloud Functions (multi-region)
  • Firestore multi-region — auto-ID, no write contention
  • CDN edge delivery via Cloudflare
  • GeoIP via Cloudflare CF-IPCountry header
Supported Jurisdictions
🇪🇺 European Union 🇺🇸 United States 🇸🇬 Singapore 🇨🇳 China 🌐 Global
Design Scale

Auto-ID Firestore documents eliminate write contention. Stateless Cloud Functions scale horizontally on demand. Frontend JS is ~10 KB, zero external dependencies, non-blocking. Architecture supports millions of concurrent consent records with sub-200ms function cold-start.

10

Data Governance Model

Internal access control matrix — incorporated into ALIFE AIR's formal Data Governance Policy.

Role Consent DB Access Notes
Developer
No Access No read access to consent collection
Security Officer
Audit Read-Only Read-only queries for compliance audits
Legal Counsel
Export Access Can export records for regulatory proceedings
CTO
Full Admin Firebase Admin SDK access; full audit capability
External Auditor
Time-Bound Scoped, time-limited access for IPO due diligence

Public Governance Disclosure

ALIFE AIR Data Governance Framework

This compliance architecture is publicly disclosed as part of ALIFE AIR INC.'s commitment to regulatory transparency, investor confidence, and responsible data stewardship. The architecture described herein reflects the production implementation as of 22 February 2026.

Privacy Policy · Terms of Use · Cookie Preferences · Data Enquiries