Privacy Policy

1. Introduction

Atherion LLC ("Atherion," "we," "us," or "our") is an AI-powered platform dedicated to empowering developers and non-technical users to build, share, and deploy web applications using natural language prompts and modern development tools. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy ("Policy") outlines how we collect, use, share, and otherwise process personal information from users ("User," "you," or "your") of our website (https://atherion.app), our AI-powered platform, and all related services (collectively, our "Services").

By using our Services, you acknowledge this Policy. If you do not agree with the terms of this Policy, please discontinue your use of our Services.

We are committed to compliance with applicable privacy laws in the United States (including CCPA/CPRA, VCDPA, CPA, and other state privacy statutes), European Economic Area (GDPR), United Kingdom (UK GDPR), Switzerland, and Canada (PIPEDA).

2. Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide when you register for an account, use our Services, or communicate with us:

• Account Information: Name, email address, username, phone number, profile picture, and passwords.
• Payment Information: Payment card details, billing address, and transaction history. All payment data is stored and processed by our payment processor (Stripe) in accordance with PCI-DSS standards.
• Social Media Login Data: If you register using a social media account (Google, GitHub, etc.), we receive information from those services such as your name, email address, and profile photo.
• Customer Data: Content, code, text, images, files, prompts, and other data you input, upload, or generate through the Services.
• Communications: Messages, support requests, feedback, and other communications you send to us.

Information Collected Automatically

When you interact with our Services, we automatically collect certain technical and usage information:

• Device Information: IP address, browser type and version, operating system, device type and identifiers, screen size, and language preferences.
• Usage Information: Pages visited, features used, clicks, searches, prompts submitted, code generated, time spent on pages, referring/exit pages, and timestamps.
• Location Information: City and country derived from IP address. We do not collect precise geolocation data.
• Log Data: Server logs, error reports, performance metrics, and diagnostic information.

Information from Third Parties

We may receive information about you from third parties, including:

• Analytics providers (usage patterns and trends)
• Payment providers (transaction verification, fraud metrics)
• Marketing partners (lead information, campaign data)
• Third-party integrations you connect (GitHub repositories, database connections)

3. How We Use Your Information

We process your information for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our Services, including AI-powered code generation, hosting, and deployment.
• Account Management: To create and manage your account, process transactions, and send billing and administrative information.
• AI Processing: To transmit your inputs and prompts to AI systems (including third-party AI providers) to generate code, content, and other outputs.
• Personalization: To customize your experience, remember preferences, and provide relevant content and features.
• Communication: To respond to inquiries, provide customer support, send product updates, and deliver marketing communications (with your consent).
• Security: To detect, investigate, and prevent fraud, abuse, security incidents, and other harmful activities.
• Analytics: To analyze usage patterns, measure performance, and improve our Services.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

4. AI and Data Processing

As an AI-powered platform, Atherion processes data to generate code, designs, and other content:

• Input Processing: Text prompts, code snippets, and other inputs you provide are processed by AI models to generate responses.
• Third-Party AI Providers: We use third-party AI providers (such as OpenAI, Anthropic, Google) to power certain features. Your inputs are transmitted to these providers solely for generating the requested output and are subject to their respective privacy policies and data processing agreements.
• No Private Data Training: We do not use your private Customer Data or proprietary code to train our public AI models without your explicit consent.
• Opt-Out: You may opt out of having your Customer Data used for any purpose beyond providing the Services by contacting us or upgrading to an Enterprise plan.

AI Output Disclaimer: AI-generated content may contain errors, inaccuracies, or issues. You are solely responsible for reviewing and validating any AI Output before use.

5. Legal Bases for Processing

We process personal data only where a valid legal ground applies:

• Performance of Contract: To provide, maintain, and support the Services you have requested under our Terms of Service.
• Legitimate Interests: To secure the platform, detect fraud, generate analytics, and improve our Services where these interests are not outweighed by your privacy rights.
• Consent: For non-essential cookies, marketing emails, and any other processing that requires consent. You may withdraw consent at any time.
• Legal Obligations: To comply with bookkeeping rules, export controls, court orders, and other legal duties.

6. How We Share Your Information

We only share information as described below:

• Service Providers: Third-party vendors that help us provide the Services, including cloud hosting (infrastructure providers), payment processing (Stripe), analytics, customer support, and security services.
• AI Providers: Third-party AI providers (OpenAI, Anthropic, Google) to process inputs and generate AI Output.
• Corporate Affiliates: Our subsidiaries and affiliates under common ownership or control.
• Legal Requirements: When required by law, legal process, court order, or governmental request.
• Business Transfers: In connection with any merger, acquisition, sale of assets, or bankruptcy proceeding.
• With Your Consent: When you direct us to share information with third parties.

We do not sell your personal information. We do not share your personal data with third parties for their own marketing purposes without your explicit consent.

7. Cookies and Tracking Technologies

We use cookies, pixels, and similar technologies to operate, secure, and analyze our Services:

• Strictly Necessary Cookies: Required for core functions like sign-in, session management, and security. These do not require consent.
• Analytics Cookies: To measure feature adoption, diagnose errors, and improve performance. We obtain consent for these in the EEA/UK/Switzerland.
• Functional Cookies: To remember your preferences (language, theme, layout).
• Marketing Cookies: To measure advertising effectiveness. These require consent where required by law.

You can manage or withdraw cookie preferences through your browser settings or by enabling Global Privacy Control (GPC). Disabling non-essential cookies will not affect core functionality.

8. Data Retention

We retain personal information only as long as necessary to fulfill the purposes outlined in this Policy:

• Account data is retained while your account is active and for a reasonable period thereafter.
• Customer Data is retained as needed to provide the Services.
• Log data is typically retained for up to 90 days.
• Billing records are retained as required by tax and accounting obligations.

Upon account termination or deletion request, we will delete your personal data within 30 days, except for data required for fraud prevention, legal compliance, or legal defense. Backups may retain data for up to 90 days before permanent deletion.

9. Data Security

We implement industry-standard safeguards to protect your information:

• Encryption: Data in transit is protected with TLS/SSL encryption. Data at rest is encrypted with secure key management.
• Access Controls: Role-based access, multi-factor authentication, and regular access reviews.
• Infrastructure Security: Data hosted in SOC 2 and ISO 27001 certified data centers with 24/7 monitoring.
• Security Monitoring: Real-time monitoring, intrusion detection, and incident response procedures.

Despite our safeguards, no electronic transmission or storage technology is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information.

10. International Data Transfers

If you are located outside the United States, your information may be transferred to and processed in the United States and other countries. We safeguard international transfers through:

• EU-US Data Privacy Framework: Where applicable, we rely on DPF certification for transfers from the EEA, UK, and Switzerland.
• Standard Contractual Clauses (SCCs): EU Commission-approved SCCs for data transfers.
• UK International Data Transfer Addendum: For transfers from the UK.

11. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

• Right to Access: Request access to and a copy of your personal information.
• Right to Rectification: Request correction of inaccurate or incomplete information.
• Right to Deletion: Request deletion of your personal information, subject to legal exceptions.
• Right to Data Portability: Request a copy in a structured, machine-readable format.
• Right to Restrict Processing: Request that we limit how we use your information.
• Right to Object: Object to processing based on legitimate interests.
• Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information. You may opt out of any sharing for targeted advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights.

To exercise your rights: Email us at privacy@atherion.app with your request. We will verify your identity and respond within 30 days (or as required by applicable law).

Authorized Agents: You may authorize an agent to submit requests on your behalf with written permission.

12. US State-Specific Information

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other US states with privacy laws, you have additional rights as described in Section 11.

Categories of Information Collected: Identifiers, commercial information, internet/network activity, geolocation (city/country), professional information, and inferences.

Sources: Directly from you, automatically through the Services, and from third-party partners.

Business Purposes: Service delivery, account management, security, analytics, and legal compliance.

Sale/Sharing: We do not "sell" personal information as defined by CCPA. We may "share" information for cross-context advertising; you may opt out by contacting us.

13. EEA, UK, and Switzerland Residents

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have the rights described in Section 11 under the GDPR and related laws.

Data Controller: Atherion LLC is the data controller for personal information collected through the Services.

Right to Lodge a Complaint: You have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, the Irish DPC in the EEA).

Contact our DPO: dpo@atherion.app

14. Children's Privacy

Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children. If we discover that we have collected personal information from a minor without verifiable parental consent, we will promptly delete that information. If you believe we may have collected such data, please contact us at privacy@atherion.app.

15. Third-Party Services

Our Services may contain links to or integrations with third-party websites, products, or services not operated by Atherion. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing any personal information.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or the Services. We will post any revised Policy at this URL and indicate the "Last Updated" date. For material changes that reduce your rights or expand our processing purposes, we will provide at least 30 days' advance notice by email or in-product notification. Your continued use of the Services after the new Policy takes effect constitutes acceptance.

17. Contact Us

If you have questions, concerns, or wish to exercise your privacy rights, please contact us: