GDPR & Data Protection Notice

This notice explains how Athera complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. It applies to all users and data subjects whose personal data is processed through the Athera platform.

1. Our Role: Data Processor

Athera acts as a Data Processor. We process personal data on behalf of our clients (businesses), who act as Data Controllers. Our clients determine the purposes and means of processing end customer data. Athera processes data only in accordance with our clients' instructions and applicable law.

2. Your Client's Role: Data Controller

As a Athera client, you are the Data Controller for any end customer data processed through the platform. You are responsible for: ensuring lawful basis for processing, obtaining necessary consents from end customers, responding to data subject requests, and notifying data subjects about how their data is used.

3. Rights of Data Subjects

Under the GDPR and applicable data protection laws, data subjects have the following rights:

• Right of access: The right to obtain confirmation of whether personal data is being processed and access to that data
• Right to rectification: The right to request correction of inaccurate or incomplete personal data
• Right to erasure (right to be forgotten): The right to request deletion of personal data when it is no longer necessary
• Right to restriction of processing: The right to request limitation of data processing in certain circumstances
• Right to data portability: The right to receive personal data in a structured, commonly used, machine-readable format
• Right to object: The right to object to processing based on legitimate interests or direct marketing
• Right related to automated decision-making: The right not to be subject to decisions based solely on automated processing that produce legal or significant effects

4. Automated Decision-Making and AI

Athera uses AI to process messages and automate operational workflows. When AI agents take autonomous actions (creating orders, tasks, or responses), this constitutes automated decision-making. Clients are responsible for ensuring appropriate human oversight of AI-driven decisions, particularly those that may significantly affect end customers.

5. Data Processing Activities

We process data for the following purposes:

• Receiving and delivering messages across connected channels (WhatsApp, Instagram, web chat)
• Processing messages through AI agents to generate responses, create tasks, orders, and customer records
• Storing conversation history and metadata for platform functionality, security, and audit purposes

6. Data Breach Notification

In the event of a personal data breach, we will notify affected clients within 72 hours of becoming aware of the breach, in accordance with GDPR Article 33. We will provide details of the breach, its likely consequences, and the measures taken to address it.

7. Supervisory Authority

Data subjects have the right to lodge a complaint with their local data protection supervisory authority if they believe their data protection rights have been violated. You may contact the supervisory authority in your country of residence, place of work, or place of the alleged infringement.

8. Contact for Data Protection Inquiries

For any data protection inquiries or to exercise your rights as a data subject, please contact us at privacy@Athera.app.