A
Athera

Privacy Policy

Last updated: 2026-02-15

Athera processes customer messages to provide automated support and operational workflows. This Privacy Policy explains how we collect, use, store, and protect your data when you use the Athera platform. By using Athera, you agree to the practices described in this policy.

1. What Data We Collect

A. Business Account Data

  • Company name
  • User name and email address
  • Phone number
  • Login credentials (encrypted)
  • IP address
  • Device and browser information
  • Billing and payment information

B. End Customer Data

  • Phone number
  • Name (if available)
  • Message content across all connected channels
  • Channel source (WhatsApp, Instagram, web chat, etc.)
  • Order or task data created via conversations

C. System-Generated Data

  • Conversation metadata (timestamps, channel, status)
  • AI-generated messages and responses
  • Agent actions and workflow logs
  • Audit trails and system logs

2. Why We Collect Data

  • To provide unified inbox and multi-channel messaging services
  • To enable AI agents and automated workflows
  • To send and receive messages on behalf of our clients
  • To create and manage tasks, orders, and contacts
  • To improve platform performance and reliability
  • For billing, compliance, and security purposes

3. Legal Basis for Processing (GDPR Aligned)

We process data based on:

  • Contract performance: Processing is necessary to deliver the services you subscribed to
  • Legitimate business interest: For platform improvement, security, and fraud prevention
  • User consent: Where required by applicable law
  • Our clients (businesses) are responsible for collecting end customer consent before messaging through Athera

4. Third Parties We Share Data With

We may share data with the following service providers:

  • Twilio: Messaging middleware for SMS and WhatsApp delivery
  • Meta: WhatsApp Business API and Instagram Messaging API
  • Cloud hosting provider: Secure infrastructure for data storage and processing
  • Analytics and logging services: For platform monitoring and improvement
  • AI model providers: For natural language processing and automated responses

5. International Data Transfers

Data may be processed outside the European Economic Area (EEA). When we transfer data internationally, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, encryption in transit and at rest, and compliance with applicable data protection regulations including the GDPR. We ensure that all third-party processors maintain adequate levels of data protection.

6. Data Retention

  • Active accounts: Data is retained while the account is active and the service agreement is in effect
  • Closed accounts: Data is deleted within 90 days of account closure, unless retention is required by law
  • Logs and audit trails: Retained for up to 12 months for security and compliance purposes

7. AI and Automated Processing Disclosure

Athera uses artificial intelligence to process messages and provide automated support and operational workflows. Automated decision-making may occur when AI agents create tasks, orders, or responses. Messages may be processed by AI models to improve service quality. You may opt out of data being used for system improvement by contacting us. We log all AI agent actions for transparency and auditability. We store conversation metadata for platform security and performance monitoring.

8. Your Rights

  • Right to access: Request a copy of your personal data
  • Right to rectification: Request correction of inaccurate data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to data portability: Receive your data in a structured, machine-readable format

9. Contact Us

For any privacy-related questions or to exercise your rights, please contact us at [email protected].