ATHOMIC

Privacy Policy

Last updated: 6 April 2025

1. Data controller

ATHOM AS (org. 831 754 702), Kongens gate 51C, 7012 Trondheim, Norway is the data controller for personal data processed through ATHOMIC.

Questions regarding this policy may be directed to privacy@athomic.no.

2. What data we collect

We collect the following categories of personal data:

  • Account data: name, email address, and password hash (via Supabase Auth).
  • Store data: Shopify store domain, product data, pricing data, and configuration settings you provide.
  • Usage data: log data, error reports, and feature usage metrics collected through Sentry and server logs.
  • Billing data: handled directly by our payment processor and not stored on our servers.

3. Legal basis for processing

We process your personal data on the following legal bases under GDPR:

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the ATHOMIC service you have subscribed to.
  • Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, and service improvement.
  • Legal obligation (Art. 6(1)(c)): retention of financial records as required by Norwegian accounting law.

4. How we use your data

  • Providing and operating the ATHOMIC repricing service.
  • Sending transactional emails (account events, pricing alerts).
  • Monitoring service health and diagnosing errors.
  • Complying with legal obligations.

We do not sell your personal data to third parties.

5. Sub-processors and data sharing

We use the following third-party services that may process your data:

  • Supabase — database and authentication (EU region).
  • Vercel — application hosting (EU region where available).
  • Resend — transactional email delivery.
  • Sentry — error monitoring (EU region).
  • Shopify — store integration platform.

Each sub-processor is bound by data processing agreements ensuring GDPR compliance.

6. Data retention

We retain your account and store data for as long as your account is active. Upon account deletion, all personal data is deleted within 30 days, except where retention is required by law (e.g. financial records for 5 years under Norwegian bookkeeping law).

7. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request erasure of your data (right to be forgotten).
  • Restrict or object to processing.
  • Receive your data in a portable format.
  • Lodge a complaint with Datatilsynet (the Norwegian Data Protection Authority) at datatilsynet.no.

To exercise any of these rights, contact us at privacy@athomic.no.

8. Cookies

ATHOMIC uses session cookies required for authentication. We do not use third-party tracking or advertising cookies.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email or an in-app notice. Continued use of ATHOMIC after such notice constitutes acceptance of the updated policy.

10. Contact

ATHOM AS
Kongens gate 51C, 7012 Trondheim, Norway
Org. 831 754 702
privacy@athomic.no