Privacy Policy

At atyati, we are firmly committed to the privacy of our customers and the data that is stored on our cloud platform.

What information do we collect?

We may collect, store, and use the following kinds of personal information:

• Information about your computer and about your use of this website. This may include your IP address, your location, your browser type and version, your operating system, your referral source, your length of visit, your page views, and website navigation.
• Information relating to any transactions carried out between you and us on or in relation to our website. This may include information related to any purchases you make of our goods or services. We may also ask for your contact information, including information such as your name, your company name, your address, your email address, and your telephone number. We will never ask you to share any sensitive information.
• Information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters
• Information that you provide to us in the form of support to our platform

How we use your information

We use the information we collect from you in various ways, such as:

• to provide, operate, and maintain our services.
• to improve, personalize, and expand our services.
• to understand and analyse how you use our services.
• to develop new products, services, features, and functionalities
• to communicate with you to provide you with updates and other information relating to our services.
• to communicate with you for marketing and promotional purposes when we have your previous consent.
• to process your transactions
• to keep our website secure and prevent fraud.
• to send you email notifications that you have specifically requested.
• for compliance purposes, including enforcing our Terms of Service or other legal rights, or as it may be required by applicable laws and regulations or requested by any judicial process or governmental agencies.

We will not, without your express consent, share your personal information with any third parties for the purpose of direct marketing.

Data retention

We retain the personal information we collect from you if we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.

If and when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it within one (1) month after the legitimate business need has ended.

If this is not possible (e.g., because your personal information has been stored in our backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

About your customers

Any information that you add on atyati technologies platform about your customers will be deleted when there is no ongoing legitimate business need (e.g. if you cancel your account).

You can also request a clean-up/removal of order data placed before a certain period (e.g. more than two years old). If you do not need your data retained after a specific period of time, please send us your request at privacy.support@atyati.com

Third-party accounts

If you choose to link our services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account, in order to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

How we share your information

We may share the information we collect from you in various ways, including:

• Vendors and Service Providers.

  We may share information with third-party vendors and service providers that provide services on our behalf and to provide you with information relevant to you, such as product announcements, software updates, special offers, or other information. An extensive list of what our main service providers do follows in the next section.

• Aggregated Information.

  Where legally permissible, we may use and share information about users with our partners in an aggregated or de-identified form that cannot reasonably be used to identify you.

• Third-Party Partners.

  We also share information about our users with third-party partners in order to receive additional and publicly available information about you.

• Analytics.

  We use analytics providers such as Google Analytics. Google Analytics uses cookies to collect non-identifying information. Google provides some additional privacy options regarding its Analytics cookies at http://www.google.com/policies/privacy/partners/.

• Business Transfers.

  Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction or in the event of insolvenc, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.

• As Required By Law and Similar Disclosures.

  We may also share information to:

1. satisfy any applicable law, regulation, legal process, or governmental request;
2. enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof;
3. detect, prevent, or otherwise address fraud, security, or technical issues;
4. respond to your requests; or
5. protect our rights, property or safety, our users, and the public

This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

• With Your Consent. We may share information with your consent.

Vendors and service providers and sub-processors

All our vendors and service providers are GDPR compliant. While we do not disclose the full list of the vendors online, the sub-processors fall into the following categories:

• Server hosting providers
• Email marketing service.
• Email sending service.
• Customer support software
• Online chat software
• CRM software
• Application analytics software
• Subscription management software
• Webpage editing software.
• Invoicing software (if applicable)
• Accounting firm
• Payment gateways (if applicable)

Unless there is a specific integration in place (e.g., accounting software or payment gateways), the only sub-processor/vendor with which we share your customers' data is our email sending service, and that is solely for purposes instructed by you (e.g.,an update on a customer's order).

Legal basis for processing personal information

Our legal basis for collecting and using the personal information described above will depend on the personal information shared and the specific context in which we collect it.

However, we will normally collect personal information from you only:

• when we need the personal information to perform a contract with you
• in case the processing is in our legitimate interests and not overridden by your rights or
• when we have your consent to do so
• when we have a legitimate interest in operating our services and communicating with you as necessary to provide these services. For example, when responding to your queries, when asking you how to improve our platform, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need your personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences, if you do not provide your personal information).

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We use both “session” cookies and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted or until they reach a specified expiration date.

We will use the session cookies to

• keep track of you while you navigate our website
• prevent fraud and increase our website security

We will use the persistent cookies to

• enable our website to recognize you when you visit it
• keep track of your preferences in relation to your use of our website
• keep track of the marketing performance of our services

We use Google Analytics to analyze the performance of our website. Google Analytics generates statistical and other information about website use by means of cookies that are stored on users’ computers. The information generated relating to our website is used to create reports about how our website is used. Google will store this information. Google's privacy policy is available at http://www.google.com/privacypolicy.html.

Disclosures

We may disclose your personal information to our employees, officers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.

In addition, we may disclose your personal information:

• to the extent that we are required to do so by law
• in connection with any ongoing or prospective legal proceedings
• in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
• to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling
• to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information

We will not provide your information to third parties except as designated in this Privacy Policy,

Communications

All communications with atyati technologies are transmitted over TLS (HTTPS) for all of our services (SSL grade A+).

The atyati technologies platform software responds only to secure https requests. Plain http is disabled for both trial and paid accounts.

Data center colocation attestations and certifications

Atyat technologies data center is stored, audited, and/or certified by various internationally-recognized attestation and certification compliance standards.

Our data center complies with the following reports and certifications:

• SOC 1 Type II
• SOC 2 Type II
• ISO/IEC 27001:2013
• PCI-DSS

Security

We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. We will store all the personal information you provide on our secure (password-protected and firewall-protected) servers.

Passwords are encrypted, and we are not able to recover any password on our own. You can only reset your password if you have forgotten it. Login attempts per IP are restricted to a certain number.

We monitor the security advisories of the software we use on a regular basis, and we perform a penetration test on our application each month. Should any breach of security occur, we are obliged to inform you within seventy-two (72) hours for all the affected parties.

Policy amendments

We may update this Privacy Policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Third-party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.

Your data protection rights under the General Data Protection Regulation (GDPR)

Data processor and data controller definitions

When using atyati technologies, you (the customer) are the “data controller” in the sense that you control the data that comes in and out of our platform. atyati is the “data processor” in the sense that we process the data that you input into our service.