This Privacy Policy describes how Altanest SAS ("we," "us," or "our"), operating as Authensight.io, collects, uses, and shares your personal information when you use our services, visit our website, or interact with us.

We respect your privacy and are committed to protecting your personal data. This policy informs you about your privacy rights and how the law protects you.

Owner and Data Controller:
Altanest SAS
20 rue Guillaume Fichet
74000 Annecy
France

Owner contact email: contact@authensight.io

We may collect, use, store, and transfer different kinds of personal data about you:

• Identity Data: First name, last name, username, title, position
• Contact Data: Email address, telephone numbers, business address
• Technical Data: Internet protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform
• Usage Data: Information about how you use our website and services
• Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences
• Beta Program Data: Additional information collected specifically during the beta program, as detailed in section 3.1 below

We use different methods to collect data from and about you including through:

• Direct interactions: When you create an account, join our beta program, request marketing materials, or otherwise provide us with your personal information
• Automated technologies: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns
• Beta program tools: During the beta phase, we may use specialized analytics tools, feedback forms, and monitoring systems to collect data about your experience
• Third parties: We may receive personal data about you from various third parties such as analytics providers, payment service providers, and business partners

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• To provide and maintain our service
• To manage your beta program participation
• To contact you regarding your account, the services we provide, or other information you have requested
• To provide customer support
• To gather analysis or valuable information so that we can improve our service
• To monitor the usage of our service
• To detect, prevent and address technical issues
• To provide you with news, special offers, and general information about other goods, services, and events which we offer

Beta Program Specific Uses: During the beta program, we will also use your data to:

• Evaluate the performance and usability of new features
• Identify and fix bugs or issues in the service
• Gather feedback on your experience with the service
• Make decisions about which features to include in the final release
• Communicate with you about beta-specific updates, changes, or requests for feedback

Under the General Data Protection Regulation (GDPR), we rely on the following legal bases to process your personal information:

• Consent: Where you have given us explicit consent to process your personal data
• Contractual Necessity: Where processing is necessary for the performance of a contract with you, including our beta program agreement
• Legal Obligation: Where processing is necessary for compliance with a legal obligation
• Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party

For beta program participants, we primarily rely on your consent and our legitimate interests in developing and improving our services.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorised use or disclosure
• The purposes for which we process your personal data
• Whether we can achieve those purposes through other means
• The applicable legal requirements

Specific retention periods:

• Account information: We retain your account information for the duration of your account plus 12 months after account closure
• Beta program data: We retain beta-specific data for up to 12 months after the conclusion of the beta program
• Transaction data: We retain financial transaction records for 7 years to comply with tax and accounting requirements
• Communication data: Email communications and support requests are retained for 2 years
• Usage data: Website usage and analytics data are retained in an identifiable form for 26 months
• Marketing data: If you have subscribed to marketing communications, we retain your contact details until you unsubscribe, after which we retain only enough information to respect your preferences

We operate globally and may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, including:

• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe
• Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission
• Using service providers that are certified under the EU-US Privacy Shield Framework

These safeguards apply to all data, including beta program data.

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

• Right to Access: You have the right to request copies of your personal data
• Right to Rectification: You have the right to request that we correct any inaccurate personal data
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data
• Right to Data Portability: You have the right to request that we transfer your personal data to another organisation or directly to you in a structured, commonly used, and machine-readable format (such as CSV or JSON). To exercise this right, please contact us at contact@authensight.io with the subject line "Data Portability Request". We will respond to your request within 30 days and provide your data in a secure manner.
• Right to Object: You have the right to object to our processing of your personal data
• Rights Related to Automated Decision Making: You have rights related to how we use your data for automated decision-making

If you wish to exercise any of these rights, please contact us at contact@authensight.io. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We will respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

As a beta program participant, you have the same rights regarding your personal data as any other user.

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

Beta Program Security: We apply the same security standards to beta program data as we do to all other personal data. However, please note that as the service is still in development, there may be a higher risk of bugs or security issues. We will promptly address any security concerns that arise during the beta period.

Data Breach Notification: In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach. The notification will include:

• The nature of the personal data breach
• The categories and approximate number of data subjects affected
• The likely consequences of the breach
• The measures taken or proposed to address the breach
• Contact information for our data protection officer or other contact point

We maintain a breach register and have implemented internal procedures for detecting, reporting, and investigating personal data breaches.

We may employ third-party companies and individuals to facilitate our service, provide the service on our behalf, perform service-related services, or assist us in analysing how our service is used. These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Categories of third-party service providers we use:

• Analytics providers: To help us understand website usage patterns (e.g., Google Analytics)
• Email service providers: To send communications and newsletters (e.g., Resend)
• Beta testing platforms: To collect feedback and monitor beta program usage
• Cloud service providers: To host our platform and store data

We ensure all third-party providers maintain appropriate security measures and process your data only as permitted by applicable law and our agreements with them.

We use cookies and similar tracking technologies to track activity on our service and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.

Beta Program Cookies: During the beta program, we may use additional cookies and tracking technologies to collect more detailed information about your interactions with the service. These beta-specific cookies help us analyze feature usage and identify areas for improvement.

Types of cookies we use:

• Strictly Necessary Cookies: These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. These cookies don't collect information that identifies you and cannot be turned off. They are typically only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms. Duration: Session to 1 year
• Functional Cookies: These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. Duration: 30 days to 1 year
• Analytics Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Duration: 1 day to 2 years
• Beta Testing Cookies: These cookies collect information about your interactions with beta features to help us evaluate and improve them. Duration: Session to 90 days
• Marketing Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. Duration: 30 days to 1 year

We obtain your consent before placing non-essential cookies on your device. You can change your cookie preferences at any time through our Cookie Preferences tool available on our website.

Our service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

During the beta program, we may update this Privacy Policy more frequently as we refine our data practices. We will notify beta participants of any significant changes.

16.1 European Union (GDPR)

As a company based in France, we comply with the GDPR. The details of our compliance are outlined throughout this policy.

16.2 United States

For California residents, we comply with the California Consumer Privacy Act (CCPA). You have the right to know what personal information we collect, request deletion of your personal information, opt-out of the sale of your personal information, and not be discriminated against for exercising your rights.

To exercise your CCPA rights, please contact us at contact@authensight.io with the subject line "CCPA Request" or visit our dedicated Do Not Sell My Personal Information page.

16.3 Other Jurisdictions

We are committed to complying with the applicable data protection laws in all countries where our users are located. If you have specific questions about how we comply with the laws in your country, please contact us.

If you have any questions about this Privacy Policy, please contact us:

• By email: contact@authensight.io
• By mail: Altanest SAS, 20 rue Guillaume Fichet, 74000 Annecy, France

If you are located in the European Union, you also have the right to make a complaint at any time to your local supervisory authority for data protection issues. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).