Privacy Policy

1. Introduction

Atherion LLC ("Atherion," "we," "us," or "our") is an AI-powered platform dedicated to empowering developers and non-technical users to build, share, and deploy web applications using natural language prompts and modern development tools. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy ("Policy") outlines how we collect, use, share, and otherwise process personal information from users ("User," "you," or "your") of our website (https://atherion.app), our AI-powered platform, and all related services (collectively, our "Services").

By using our Services, you acknowledge this Policy. If you do not agree with the terms of this Policy, please discontinue your use of our Services.

We are committed to compliance with applicable privacy laws in the United States (including CCPA/CPRA, VCDPA, CPA, and other state privacy statutes), European Economic Area (GDPR), United Kingdom (UK GDPR), Switzerland, and Canada (PIPEDA).

Data Controller: Atherion LLC, a Delaware limited liability company, is the data controller for personal information collected through the Services. For purposes of applicable privacy laws referencing a "Business" (CCPA/CPRA) or "Data Controller" (GDPR/UK GDPR), Atherion LLC is the responsible legal entity.

2. Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide when you register for an account, use our Services, or communicate with us:

• Account Information: Name, email address, username, phone number, profile picture, and passwords.
• Payment Information: Payment card details, billing address, and transaction history. All payment data is stored and processed by our payment processor (Stripe) in accordance with PCI-DSS standards.
• Social Media Login Data: If you register using a social media account (Google, GitHub, etc.), we receive information from those services such as your name, email address, and profile photo.
• Customer Data: Content, code, text, images, files, prompts, and other data you input, upload, or generate through the Services.
• Communications: Messages, support requests, feedback, and other communications you send to us.

Information Collected Automatically

When you interact with our Services, we automatically collect certain technical and usage information:

• Device Information: IP address, browser type and version, operating system, device type and identifiers, screen size, and language preferences.
• Usage Information: Pages visited, features used, clicks, searches, prompts submitted, code generated, time spent on pages, referring/exit pages, and timestamps.
• Location Information: City and country derived from IP address. We do not collect precise geolocation data.
• Log Data: Server logs, error reports, performance metrics, and diagnostic information.

Information from Third Parties

We may receive information about you from third parties, including:

• Analytics providers (usage patterns and trends)
• Payment providers (transaction verification, fraud metrics)
• Marketing partners (lead information, campaign data)
• Third-party integrations you connect (GitHub repositories, database connections)

Sensitive Personal Data

We do not intentionally collect or process sensitive personal data, including racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic or biometric data used for identification, health or medical information, sexual orientation, or financial account credentials beyond what is necessary for billing. If you voluntarily submit such categories of data through the Services, you do so at your own discretion. We strongly advise against submitting sensitive personal data through the platform.

3. How We Use Your Information

We process your information for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our Services, including AI-powered code generation, hosting, and deployment.
• Account Management: To create and manage your account, process transactions, and send billing and administrative information.
• AI Processing: To transmit your inputs and prompts to AI systems (including third-party AI providers) to generate code, content, and other outputs.
• Personalization: To customize your experience, remember preferences, and provide relevant content and features.
• Communication: To respond to inquiries, provide customer support, send product updates, and deliver marketing communications (with your consent).
• Security: To detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activities.
• Analytics: To analyze usage patterns, measure performance, and improve our Services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

4. AI and Data Processing

As an AI-powered platform, Atherion transmits and processes data through automated systems to fulfill your service requests. This includes:

• Input Processing: Text prompts, code snippets, and other inputs you provide are processed by AI models to generate responses.
• Third-Party AI Providers: We use third-party AI providers (such as OpenAI, Anthropic, Google) to power certain features. Your inputs are transmitted to these providers solely for generating the requested output. These providers act as data processors or subprocessors on our behalf, and we enter into Data Processing Agreements (DPAs) with them as required by applicable law. Their processing is governed by those agreements in addition to their respective privacy policies.
• No Private Data Training: We do not use your private Customer Data or proprietary code to train our public AI models without your explicit consent.
• Opt-Out: You may opt out of having your Customer Data used for any purpose beyond providing the Services by contacting us or upgrading to an Enterprise plan.

AI Output: Outputs generated by AI systems operating on the Services are produced on-demand in response to your inputs. You are responsible for evaluating the suitability and accuracy of such outputs for your intended use.

5. Legal Bases for Processing

We process personal data only where a valid legal ground applies:

• Performance of Contract: To provide, maintain, and support the Services you have requested under our Terms of Service.
• Legitimate Interests: To secure the platform, detect fraud, generate analytics, and improve our Services where these interests are not outweighed by your privacy rights.
• Consent: For non-essential cookies, marketing emails, and any other processing that requires consent. You may withdraw consent at any time.
• Legal Obligations: To comply with statutory accounting and recordkeeping obligations, export controls, court orders, and other legal duties.

6. How We Share Your Information

We only share information as described below:

• Service Providers: Third-party vendors that help us provide the Services, including cloud hosting (infrastructure providers), payment processing (Stripe), analytics, customer support, and security services.
• AI Providers: Third-party AI providers (OpenAI, Anthropic, Google) to process inputs and generate AI Output.
• Corporate Affiliates: Our subsidiaries and affiliates under common ownership or control.
• Legal Requirements: When required by law, legal process, court order, or governmental request.
• Business Transfers: In connection with any merger, acquisition, sale of assets, or bankruptcy proceeding.
• With Your Consent: When you direct us to share information with third parties.

We do not sell your personal information. We do not share your personal data with third parties for their own marketing purposes without your explicit consent.

Do Not Sell or Share My Personal Information: Although we do not sell personal information, California residents and other eligible users may submit a "Do Not Sell or Share" request by emailing privacy@atherion.app with the subject line "Do Not Sell or Share Request." Upon receipt of a verified request, we will cease sharing your personal information for cross-context behavioral advertising purposes.

7. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate, secure, and analyze our Services:

• Strictly Necessary Cookies: Required for core functions like sign-in, session management, and security. These do not require consent.
• Analytics Cookies: To measure feature adoption, diagnose errors, and improve performance. We obtain consent for these in the EEA/UK/Switzerland.
• Functional Cookies: To remember your preferences (language, theme, layout).
• Marketing Cookies: To measure advertising effectiveness. These require consent where required by law.

You can manage or withdraw cookie preferences through your browser settings or by enabling Global Privacy Control (GPC). Disabling non-essential cookies will not affect core functionality.

Where required by applicable law, we deploy a consent management platform (CMP) to collect and record your cookie consent preferences prior to placing non-essential cookies. You may update your preferences at any time through the cookie settings available on our website.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy:

• Account data is retained while your account is active and for up to three (3) years following account closure, unless a longer period is required by law.
• Customer Data is retained as needed to provide the Services and for up to ninety (90) days following account termination, after which it is permanently deleted.
• Log data is typically retained for up to 90 days.
• Billing records are retained as required by applicable tax and accounting obligations, generally up to seven (7) years.

Upon account termination or deletion request, we will delete your personal data within 30 days, except for data required for fraud prevention, legal compliance, or legal defense. Backups may retain data for up to 90 days before permanent deletion.

9. Data Security

We implement industry-standard safeguards to protect your information:

• Encryption: Data in transit is protected with TLS/SSL encryption. Data at rest is encrypted with secure key management.
• Access Controls: Role-based access, multi-factor authentication, and regular access reviews.
• Infrastructure Security: Our hosting infrastructure partners maintain SOC 2 Type II and ISO 27001 certified facilities with 24/7 monitoring.
• Security Monitoring: Real-time monitoring, intrusion detection, and incident response procedures.

Breach Notification: In the unlikely event of a security breach that compromises your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with applicable laws.

Despite our safeguards, no electronic transmission or storage technology is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information.

10. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in the United States and other countries. We safeguard international transfers through:

• EU-US Data Privacy Framework: Where applicable, we rely on the EU-US Data Privacy Framework (DPF), the UK Extension to the EU-US DPF, and the Swiss-US DPF as grounds for transferring personal data to the United States. Where DPF does not apply to a particular transfer, we rely on Standard Contractual Clauses as the primary transfer mechanism.
• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for data transfers where DPF certification does not apply.
• UK International Data Transfer Addendum: For transfers from the UK.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request access to and a copy of your personal information.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Deletion: Request deletion of your personal information, subject to legal exceptions.
• Right to Data Portability: Request a copy in a structured, machine-readable format.
• Right to Restrict Processing: Request that we limit how we use your information.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. You may opt out of any sharing for targeted advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights: Email us at privacy@atherion.app with your request. We will verify your identity and respond within 30 days (or as required by applicable law).

Authorized Agents: You may authorize an agent to submit requests on your behalf with written permission.

12. US State-Specific Information

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other US states with privacy laws, you have additional rights as described in Section 11.

Categories of Information Collected: Identifiers, commercial information, internet/network activity, geolocation (city/country), professional information, and inferences.

Sources: Directly from you, automatically through the Services, and from third-party partners.

Business Purposes: Service delivery, account management, security, analytics, and legal compliance.

Sale/Sharing: We do not "sell" personal information as defined by CCPA/CPRA. We may "share" personal information for cross-context behavioral advertising purposes, including device identifiers, browsing activity, and usage data shared with analytics and advertising technology partners. You may opt out of such sharing at any time by emailing privacy@atherion.app with the subject line "Do Not Sell or Share Request," or by exercising your rights through the Global Privacy Control (GPC) signal where recognized. We will process verified requests promptly and in accordance with applicable law.

13. EEA, UK, and Switzerland Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the rights described in Section 11 under the GDPR and related laws.

Data Controller: Atherion LLC is the data controller for personal information collected through the Services.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, the Irish DPC in the EEA).

Contact our DPO: dpo@atherion.app

14. Children's Privacy

Our Services are not directed at children. Consistent with the Children's Online Privacy Protection Act ("COPPA"), we do not knowingly collect personal information from children under the age of 13. We additionally restrict access to users who have not reached the age of 18, in accordance with our Terms of Service eligibility requirements.

If we discover that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will take prompt steps to delete that information. Parents or guardians of children under 13 may contact us to review, delete, or refuse further collection of their child's personal information. If you believe we may have collected data from a child under 13, please contact us immediately at privacy@atherion.app.

15. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because there is currently no industry-agreed standard for how websites should respond to DNT signals, we do not alter our data collection or use practices in response to DNT signals. You may use the cookie controls described in Section 7 to limit non-essential tracking.

16. Automated Decision-Making

Certain features of the Services involve automated processing of your data, including AI-generated outputs produced in response to your inputs. These processes do not, in the ordinary course of our Services, produce decisions with legal or similarly significant effects on you without human review.

Where automated processing with significant effects does occur (for example, automated account suspension for policy violations), you have the right to request human review of that decision by contacting us at support@atherion.app. If you are located in the EEA or UK, you have additional rights under Article 22 of the GDPR, including the right to a meaningful explanation of automated decisions, the right to contest such decisions, and the right to human review.

17. Third-Party Services

Our Services may contain links to or integrations with third-party websites, products, or services not operated by Atherion. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing any personal information.

18. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or the Services. We will post any revised Policy at this URL and indicate the "Last Updated" date. For material changes that reduce your rights or expand our processing purposes, we will provide at least 30 days' advance notice by email or in-product notification. Your continued use of the Services after the new Policy takes effect constitutes acceptance.

19. Your Choices

Here is a quick reference of the key privacy choices available to you:

• Delete your account: You may delete your account at any time through your account settings. We will delete your personal data within 30 days, subject to legal retention requirements.
• Opt out of marketing emails: Click "Unsubscribe" in any marketing email, or email privacy@atherion.app. Transactional and service-related messages will continue.
• Manage cookie preferences: Use your browser settings, the Global Privacy Control (GPC) signal, or our consent management tool to manage non-essential cookies.
• Access or export your data: Email privacy@atherion.app to request a copy of your personal data in a portable format.
• Opt out of data sharing: Email privacy@atherion.app with the subject line "Do Not Sell or Share Request" to opt out of any sharing for cross-context behavioral advertising.
• Exercise other privacy rights: Submit a request to privacy@atherion.app to access, correct, restrict, or delete your data, or to lodge a complaint.

20. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us: