Introduction

At Atheris OÜ (“Atheris”, “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use the Atheris website, platform, and related services (collectively, the “Service”). It also describes your rights and choices regarding your personal data and how you can contact us about our privacy practices.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. We will not use or share your information with anyone except as described here. If you do not agree with this policy, please do not use our Service. Any terms used in this Privacy Policy have the same meanings as defined in our Terms of Use (unless otherwise defined in this Policy).

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the “Last updated” date at the end of this policy and, if appropriate, provide additional notice (such as by email or a notification within the Service). We encourage you to review this Privacy Policy periodically for any updates. Your continued use of the Service after the effective date of an updated Privacy Policy will constitute your acknowledgment of the changes and agreement to abide by them.

1. Information We Collect

We collect several types of information to provide and improve our Service to you. The types of data we may collect include:

1.1 Personal Information You Provide: While using our Service, you may directly provide us with certain personally identifiable information. This happens, for example, when you register for an account, fill out forms on our website, subscribe to a newsletter, correspond with us (via email or chat), or use certain Service features. This information may include:

• Contact Data: such as your name, email address, telephone number, job title, company/organization name, and other similar contact details.

• Account Credentials: such as username and password that you create to register an account with us.

• Profile Information: if applicable, any profile details you choose to provide for your account (like a profile photo or preferences).

• Communication Content: copies of your communications with us (for example, support requests or feedback you provide).

• Payment Information: if you make purchases or subscribe to paid services, we (or our third-party payment processor) may collect information necessary to process your payments, such as billing name and address and payment card details. (Note: We do not store full payment card numbers ourselves; that information is handled by secure third-party processors.)

We will indicate on our forms what information is requested and what information is optional. You can choose not to provide certain personal information; however, this may limit your ability to use some features of the Service (for instance, you cannot create an account without providing a valid email address).

1.2 Information We Collect Automatically (Usage Data): When you access or use our Service, we automatically collect certain information about your device and usage of the Service. This “Usage Data” may include:

• Log Data: Our servers automatically record information (“log files”) when you use the Service. This log data may include your device’s Internet Protocol (“IP”) address, browser type and version, operating system, the pages or features of our Service that you use and the time spent on those pages, the date and time of your visit, unique device identifiers, and other diagnostic data. We use log data to monitor Service performance, analyze trends, detect security incidents, and administer the Service.

• Device and Connection Information: We may collect information about the computer, phone, tablet, or other device you use to access the Service. This can include device type, device identifiers (like MAC address or UUID), browser type, operating system, and mobile network information. We may also collect telemetry data (such as crash reports) to help us improve your experience.

• Cookies and Similar Technologies: We and our third-party partners use cookies, beacons, and similar tracking technologies to track activity on our Service (see Section 4: Cookies & Tracking Technologies below for more detail). This usage data helps us understand how users interact with our Service and enables certain functionality like remembering your preferences.

1.3 Information from Third Parties: We may receive information about you from third-party sources if you use any integrated services or sign in through a third-party platform. For example, if you choose to register or log in via a third-party identity provider (like signing in with a Google or other account), that service may send us your name, email address, and an authentication token to verify your identity. We will handle any such third-party-sourced information in accordance with this Privacy Policy. Additionally, if your employer or another organization provides you with access to our Service (such as through an enterprise account), they may provide us certain information about you to set up your account (like your name and business email). In all such cases, we treat the provided information according to this Policy once it’s in our possession.

We do not intentionally collect any special categories of personal data (such as information about racial or ethnic origin, political opinions, health, or biometric data), nor do we typically collect any information about criminal convictions/offenses. Please refrain from providing such sensitive personal data on our Service. If you choose to store any personal data (including sensitive data) in content you upload to the Service, you are responsible for ensuring you have the right to do so and that it is adequately protected as needed.

2. How We Use Your Information

Atheris uses the collected information for various purposes in connection with operating, protecting, and improving our Service. The primary uses of your information include:

• Providing and Maintaining the Service: We use your personal data to create and manage your user account, authenticate you when you log in, and deliver the features and services you request. For example, we use your information to host your data, back up and restore data, display content, and allow collaboration if the Service has such features.

• Service Improvements and Development: Usage Data and feedback you provide help us understand how our Service is being used and how we can improve it. We analyze trends and usage patterns to debug issues, develop new features, and enhance the user experience. For instance, crash reports or error logs are used to fix technical problems and ensure the Service works properly across different devices and browsers.

• Communication: We may use your email address or other contact information to send you important administrative or account-related communications. These include confirmations of sign-up, notices of subscription renewal, invoices, security alerts (like if we detect suspicious activity on your account), or important updates about our Service (such as changes to our terms or privacy policy). We may also send you promotional communications about new features, services, newsletters, or events that we think may be of interest to you. You can opt-out of marketing or non-essential communications at any time by clicking the “unsubscribe” link in an email or contacting us (but note that you cannot opt out of essential service or account communications).

• Customer Support: If you contact us with a problem or question, we will use your provided information (including any contact info and the content of your inquiry) to respond to you and resolve your issue. This may involve contacting you via email or other channels to troubleshoot and provide assistance.

• Payments and Transactions: If you make a purchase or pay for a subscription, we use your personal data to process payments and manage billing. This includes using payment information to complete transactions and send receipts or notices of payment status. We also use third-party payment processors who adhere to appropriate security standards to handle your payment information.

• Enforcing Terms, Safety and Security: We use information to maintain the security of our Service and users. This can include monitoring for fraudulent or suspicious activity, investigating violations of our Terms of Use or other policies, and detecting and preventing malicious behavior. If we detect potential fraud or security issues, we may use certain data (like IP addresses or user activity patterns) to mitigate and block such threats. We also may use personal data to comply with applicable legal obligations, such as verifying user identity to prevent prohibited usage (for example, ensuring no use by persons under the required age).

• Legal Compliance: We may process your personal information as required to comply with applicable laws and regulations, or to respond to lawful requests or court orders. This includes using data to meet record-keeping obligations, to demonstrate compliance with privacy laws, or to cooperate with regulators and law enforcement in investigations (when we are legally obligated to do so).

Legal Bases for Processing (EU users): If you are in the European Economic Area (EEA) or another region with laws requiring a legal basis for processing personal data, our legal bases include:

• Contract: We process personal data to perform our contract with you (i.e., to provide the Service you requested, such as processing your registration and providing the Service’s functionality).

• Legitimate Interests: We process personal data as necessary for our (or others’) legitimate interests, such as to improve our Service, secure our platform, conduct analytics, communicate with you, and manage business operations, provided those interests are not overridden by your rights and interests.

• Legal Obligation: In some cases, we need to process data to comply with a legal obligation, such as financial record-keeping for tax purposes or responding to legal process.

• Consent: Where we rely on your consent (for example, for sending certain marketing communications or using certain cookies), you have the right to withdraw your consent at any time.

3. How We Share and Disclose Information

We understand the importance of your personal data and we do not sell your personal information to third parties. We only share your information in the following circumstances:

• Service Providers (Processors): We employ trusted third-party companies and individuals to perform services on our behalf that support our Service. For example, this includes hosting providers, data center or cloud services (to store our databases and run the application), email delivery services (to send out notifications), analytics providers (to help us understand usage of our Service), customer support tools, and payment processors. These service providers only receive the personal information necessary to perform their specific services for us. We require that they protect your information and not use it for any other purpose. They are bound by contractual obligations to keep your data confidential and secure, and to comply with applicable data protection laws.

• Within Our Corporate Group: If Atheris OÜ has affiliates, parent companies, or subsidiaries (for example, if we establish branch offices in other countries), we may share your information within our corporate family for purposes consistent with this Privacy Policy. All such entities will honor the commitments we have made in this Policy. (Currently, Atheris OÜ operates primarily in Estonia.)

• Business Transfers: If Atheris is involved in a merger, acquisition, sale of assets, reorganization, bankruptcy, or other business transaction, your personal data may be transferred to the successor or acquiring entity. We would ensure that any such entity is bound by terms that are at least as protective of your privacy as those in this Policy. If a transfer of personal data occurs as part of a business transaction, we will provide notice to you (for example, by email and/or a prominent notice on our Service) of any change in ownership or use of your personal information, as well as any choices you may have regarding your personal information.

• Legal Requirements and Protection: We may disclose your personal information when we believe in good faith that such action is necessary to: (a) comply with a legal obligation or respond to lawful requests by public authorities (such as a court order, subpoena, or government demand); (b) enforce our Terms of Use or other agreements; (c) protect and defend the rights, property, or safety of Atheris, our customers, or others; or (d) investigate or assist in preventing any violation of law (for example, fraud or security issues). We will only disclose the limited information that is reasonably necessary in these circumstances.

• Your Consent: Apart from the cases listed above, we will share your personal data with third parties only with your consent. For instance, if you opt-in to a feature that involves sharing information with a third party (such as participating in a co-sponsored event or integrating our Service with a partner’s service where data sharing is required), we will disclose your information only with your permission. You have the right to withdraw such consent at any time.

No Third-Party Marketing: We do not share or sell your personal information to third-party companies for their direct marketing purposes. We also do not host third-party advertisements that would track you across different sites. Any analytics or tracking on our Service is primarily for our own product improvement purposes (see Cookies below).

4. Cookies & Tracking Technologies

What Are Cookies: Cookies are small text files placed on your device (computer or mobile device) by websites that you visit. They are widely used to make websites work efficiently and to provide information to the owners of the site. Similar technologies include local storage, web beacons (pixel tags), and scripts that collect information.

How We Use Cookies: Atheris uses cookies and similar tracking technologies for several reasons:

• Essential Cookies: These cookies are necessary for the Service to function and cannot be switched off. For example, authentication cookies keep you logged in as you navigate the platform and allow us to secure your connection.

• Preference Cookies: We use these to remember your settings and preferences (such as language or layout choices) so that you have a better experience each time you return.

• Analytics Cookies: These cookies help us understand how users engage with our Service. We use them to collect information about usage and performance of our site or app, such as which pages are visited, how long users stay, and any errors encountered. This data is aggregated and does not directly identify individuals. It helps us improve the content and functionality of the Service.

• Security Cookies: We may use cookies to help identify and prevent security risks. For example, we might use cookies to store session information to prevent others from hijacking your session.

• Advertising Cookies: Currently, we do not use third-party advertising networks or cookies for targeted advertising on our Service. (If this changes in the future, we will update this policy and provide you with any required opt-in or opt-out options.)

Third-Party Cookies: Some content or applications on our site may be served by third parties, which might set their own cookies. For example, if we embed a video from a third-party platform or allow you to log in via an external service, those providers may set cookies. We do not control the use of third-party cookies. However, we do not knowingly allow third parties to track or collect your personal data on our site for their own advertising purposes.

Your Choices: When you first visit our site, you may be presented with a cookie notice or preferences tool that allows you to accept or reject non-essential cookies. Even after consenting, you can always manage your cookie preferences:

• Browser Controls: Most web browsers allow you to control cookies through their settings preferences. You can set your browser to refuse all or some cookies, or to alert you when cookies are being sent. Use your browser’s help function to learn how to adjust these settings. If you use multiple browsers or devices, set cookie preferences on each.

• Cookie Banner: If we provide a cookie consent banner or settings on our site, you can revisit those settings to adjust your preferences for different categories of cookies.

• Opt-Out: For analytics cookies, some providers offer direct opt-out mechanisms. For example, if we use Google Analytics (a common analytics tool), you can install the Google Analytics Opt-out Browser Add-on to prevent analytics cookies from being used.

Please note that if you disable or refuse cookies, some parts of the Service might become inaccessible or not function properly. Essential cookies (if you choose to block them via browser) may prevent you from logging in or using key features.

For more detailed information about the cookies and tracking technologies we use, you can refer to our Cookie Policy (if available) or contact us at office@atheris.tech.

5. Data Storage and International Transfers

Data Hosting Location: Atheris is based in Estonia, and we primarily store and process personal data on servers located in the European Union (EU). We strive to keep your personal data within the EU/European Economic Area (EEA) to ensure it is protected under strong European data protection standards. For example, your account data and content are stored on secure servers located in data centers within the EU.

No Routine Transfers Outside EU: As of the date of this Privacy Policy, we do not routinely transfer your personal data to countries outside the EEA. All our main service providers and infrastructure are selected to keep data within jurisdictions that are deemed adequate under EU data protection law or are bound by contractual safeguards. If in the future we need to transfer your personal data to a third country (outside EEA) — for example, if we engage a service provider based in another country or you access the Service from outside the EU — we will ensure appropriate safeguards are in place to protect your data. These safeguards may include an adequacy decision by the European Commission (if the country is recognized as providing adequate protection), or using standard contractual clauses and requiring additional technical measures to secure the data.

Your Consent to Transfers: By using our Service or submitting your information to us, you acknowledge that your personal data may be processed in the country where it was collected as well as other countries (which may include jurisdictions outside your own) where data protection laws might be different or less strict. However, we will always protect your information as described in this Privacy Policy. If we transfer data outside of the EU/EEA, we will take steps to ensure that appropriate security measures and legal safeguards (such as EU Standard Contractual Clauses) are in place so that your privacy rights continue to be protected as per EU standards.

We will notify you and seek your consent if required by applicable law before processing your personal data in a country or by an entity that provides a lower level of data protection than your home jurisdiction.

6. Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.

• Account Information: For as long as you have an active account with us, we will keep your account information and content you have stored on our Service. If you delete your account or if your account is terminated, we will initiate deletion of your personal data from our active systems, generally within a reasonable period after the account closure. However, some information may be retained in backups or archives for a certain period (usually limited) until those are cycled out, or as required to comply with legal obligations.

• Communication and Support Records: If you have communicated with us (e.g., emails or support tickets), we may retain those communications for a period of time to manage our relationship and in case of any follow-up needed. Typically, support records are kept for a couple of years, unless a longer retention is needed for legal purposes (for example, to establish a history of support interactions).

• Legal and Regulatory Retention: We might need to retain certain data for longer periods if required by law (for instance, financial transaction records may be kept for a number of years to comply with tax and accounting laws), or for legitimate business purposes such as handling any disputes or enforcing our agreements. When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and the applicable legal requirements.

In all cases, when personal data is no longer necessary for the purpose for which it was collected, or upon verified request from you to delete (see Your Rights below), we will either delete, anonymize, or securely isolate that data (such that it is no longer accessible in normal operations).

7. Data Security

Security Measures: We take the security of your personal data seriously. Atheris implements appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (using TLS or similar protocols) to ensure that data exchanged between your device and our servers remains private.

• Firewalls and network security measures to guard against external attacks.

• Secure server environments with access controls, where personal data is stored.

• Regular updates and patching of software and infrastructure to address security vulnerabilities.

• Limited access to personal data by Atheris staff on a need-to-know basis – only authorized personnel or contractors who require access to operate or improve the Service will have such access, and they are subject to strict confidentiality obligations.

• Periodic review of our information collection, storage, and processing practices to guard against unauthorized access.

• If we use third-party service providers for hosting or other functions, we choose reputable providers and require them to maintain adequate security measures.

No Absolute Security: Despite all our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. For example, email communications might not be secure if you’re sending us information. You should take steps to secure your own devices and login credentials (like using strong passwords and not sharing them). If you have reason to believe that your interaction with us is no longer secure (for instance, if you feel your account has been compromised), please contact us immediately.

Security Warranties Disclaimer: While we strive to protect your information and follow all applicable data protection laws, we provide our Service as-is and, as noted in our Terms of Use, we cannot warrant the absolute security of any information you transmit to us. In the unfortunate event of a data breach or security incident, we will follow applicable laws to inform affected users and authorities, and we will take necessary steps to mitigate the impact.

8. Your Rights and Choices

Depending on your jurisdiction (for example, if you are in the European Union, United Kingdom, or other regions with data protection laws), you may have certain rights regarding the personal data we hold about you. We are committed to honoring these rights and provide mechanisms for you to exercise them. These rights may include:

• Right to Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it. We will provide you with a copy of your data in a commonly used electronic format, if requested and as required by law.

• Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to request that we correct or update it. You can also make certain changes directly by logging into your account settings (for information like your name, email, etc.).

• Right to Erasure: You can request that we delete your personal data, under certain conditions. This is sometimes called the “right to be forgotten.” We will honor deletion requests so long as we do not have a legal obligation or overriding legitimate interest to retain the data. For example, if you cancel your account, you may ask us to delete all personal data we have about you. Keep in mind we might retain some limited information as noted in our Data Retention section (e.g., for legal compliance or backups for a short period).

• Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal data in certain scenarios – for instance, if you contest the accuracy of the data or you object to us processing it based on our legitimate interests, we may restrict processing until we have resolved the issue.

• Right to Data Portability: Where applicable, you have the right to obtain your personal data from us in a structured, commonly used, machine-readable format, and to have that data transmitted to another controller (for example, another service provider), when the processing is based on your consent or a contract and done by automated means.

• Right to Object: You have the right to object to our processing of your personal data when we are relying on a legitimate interest (or those of a third party) and you believe your rights outweigh our interests. You also have the right to object at any time to processing of your personal data for direct marketing purposes (including any profiling related to direct marketing).

• Right to Withdraw Consent: If we have asked for your consent to process certain data, you have the right to withdraw that consent at any time. For example, you may unsubscribe from marketing emails or opt-out of certain optional data collection. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

• Right not to be Subject to Automated Decision-Making: Atheris does not make any significant decisions about you using purely automated means without any human involvement (such as automated profiling that has legal or similarly significant effects). If we ever introduce automated decision-making, you would have the right to contest the decision and request human review.

Exercising Your Rights: To exercise any of your rights, you can contact us at office@atheris.tech with your specific request. For certain requests (like accessing or deleting data), we may need to verify your identity to ensure the security of your account and data. We will respond to your request within a reasonable timeframe and in accordance with applicable law (typically within 30 days for EU data requests). If we are unable to fulfill your request (due to legal reasons or other specific circumstances), we will explain the reasons in our response.

Choices – Opting Out of Communications:

• Emails: As mentioned, if you no longer want to receive marketing or promotional emails from us, you can opt out by clicking the “unsubscribe” link in those emails or by contacting us. Note that even after you opt out of marketing messages, we may still send you transactional or administrative emails related to your account or our ongoing business relations (like service notifications or billing emails, if applicable).

• Cookies: Refer to Section 4 on how to adjust cookie preferences. You can also typically opt out of interest-based advertising cookies by using industry tools (like the EDAA or DAA opt-out sites), though as of now, we don’t use such advertising cookies.

• Do Not Track: Some browsers have a “Do Not Track” feature. At this time, our Service does not respond to “Do Not Track” signals in a standardized way, but you can manage cookies as described above.

If you have any questions about your rights or how to exercise them, you can always contact our team at office@atheris.tech for assistance.

9. Children’s Privacy

Our Service is not directed to individuals under the age of 13, and we do not knowingly collect personal information from children under 13 years of age. If you are under 13, please do not use the Service or provide any personal information to us. In the event we learn that we have inadvertently gathered personal information from a child under 13 without proper consent, we will take steps to delete such information as soon as possible.

If you are between 13 and 18 (or the age of majority in your jurisdiction), you should only use the Service under the supervision of a parent or legal guardian and with their consent. Certain features of our Service may be restricted to users who are at least 18 years old.

If you are a parent or guardian and you believe that a child under 13 (or a minor under your guardianship) has provided us with personal information, please contact us at office@atheris.tech. We will work to delete the child’s personal data from our records promptly. We encourage parents and guardians to supervise their children’s online activities and educate them about safe use of the Internet.

10. Links to Other Sites

The Atheris Service may contain links to external websites or services that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site or service. This Privacy Policy does not apply to your activities on those third-party websites. We strongly advise you to review the privacy policies of every website or service you visit through external links from our Service.

Atheris has no control over and assumes no responsibility for the content, privacy policies, or practices of any third-party sites or services. Inclusion of a link toward a third-party site does not imply endorsement of its content or services. If you choose to visit or use any third-party products or services, the personal data you provide to them is governed by their privacy policies.

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we update the policy, we will revise the “Last updated” date at the bottom of this document. If changes are significant, we will provide a more prominent notice (such as by email notification or a banner on our website) to inform you of the update.

We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting the personal information we collect. Your continued use of the Service after any changes to this Privacy Policy have been posted constitutes your acceptance of the revised policy.

If you do not agree with any updates or changes to the Privacy Policy, you should stop using the Service and, if you wish, delete your account.

12. Contact Us

If you have any questions or concerns about this Privacy Policy, or if you would like to exercise any of your privacy rights, please contact us:

• By Email: You can reach our data protection team at office@atheris.tech. We will do our best to respond promptly to your inquiry.

• By Mail: You may also write to us at the following address:
  Atheris OÜ
  Harju maakond, Tallinn, Kristiine linnaosa, Krüüsli tn 7
  Estonia

(Please include “Privacy Inquiry” in the subject line or correspondence to ensure it reaches the correct team.)

We are committed to resolving any complaints about our collection or use of your personal data. If you believe your privacy rights have been violated, please contact us so that we can investigate and address your concerns. European Union or Estonian residents who are not satisfied with our response have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or another competent supervisory authority in the EU.

Thank you for trusting Atheris with your data. We value your privacy and will continue working hard to keep your personal information safe.