GDPR Privacy Notice

Last Updated: November 14, 2024

1. Introduction

This GDPR Privacy Notice specifically addresses the rights and protections afforded to individuals in the European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

2. Data Controller

Avatero (“we,” “us,” “our”) is the data controller for personal data collected through our mobile application and services. You can contact us regarding your data protection rights at:

Email: info@avatero.ai

3. Legal Basis for Processing

We process your personal data under the following legal bases:

3.1 Contract Performance (Art. 6(1)(b) GDPR)

  • Account creation and management
  • Processing your payments
  • Providing our AI character interaction services
  • Handling customer support requests

3.2 Legitimate Interests (Art. 6(1)(f) GDPR)

  • Service improvement and development
  • Fraud prevention and security
  • Analytics and performance monitoring
  • AI model training and optimization

3.3 Consent (Art. 6(1)(a) GDPR)

  • Marketing communications
  • Use of non-essential cookies
  • Processing of voice recordings
  • Optional feature usage data collection

3.4 Legal Obligations (Art. 6(1)(c) GDPR)

  • Tax and accounting requirements
  • Law enforcement requests
  • Data protection obligations

4. Data Categories and Retention

4.1 Data We Process

  • Account information (email, username)
  • Profile data (name, profile picture)
  • Communication data (messages, voice recordings)
  • Technical data (device info, IP address)
  • Usage data (interactions, preferences)
  • Payment information
  • Authentication data

4.2 Retention Periods

  • Account data: Duration of account plus 30 days after deletion
  • Communication data: 12 months from creation
  • Payment data: 7 years (legal requirement)
  • Technical logs: 90 days
  • Marketing preferences: Until consent withdrawal

5. Your Rights Under GDPR

You have the following rights:

5.1 Access (Art. 15 GDPR)

  • Request confirmation of data processing
  • Obtain copy of your personal data
  • Review processing purposes and categories

5.2 Rectification (Art. 16 GDPR)

  • Correct inaccurate personal data
  • Complete incomplete personal data

5.3 Erasure (Art. 17 GDPR)

  • Request deletion of personal data
  • Remove data no longer necessary
  • Withdraw consent-based processing

5.4 Processing Restriction (Art. 18 GDPR)

  • Limit processing while verifying accuracy
  • Restrict unlawful processing
  • Preserve data for legal claims

5.5 Data Portability (Art. 20 GDPR)

  • Receive data in structured format
  • Transmit data to another controller
  • Direct transmission where technically feasible

5.6 Objection (Art. 21 GDPR)

  • Object to processing based on legitimate interests
  • Object to direct marketing
  • Object to automated decision-making

6. International Transfers

We transfer data outside the EEA using appropriate safeguards:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Binding Corporate Rules where applicable

7. Automated Decision-Making

Our AI character interactions involve automated processing. However:

  • No significant decisions affecting you are made automatically
  • AI responses are for entertainment purposes only
  • You can request human review of any concerns

8. Data Security

We implement appropriate technical and organizational measures:

  • End-to-end encryption for communications
  • Access controls and authentication
  • Regular security assessments
  • Employee training and confidentiality agreements
  • Incident response procedures

9. Third-Party Processing

We use the following categories of processors:

  • Cloud hosting providers
  • Analytics services
  • Payment processors
  • Authentication providers
  • Error monitoring services

All processors are bound by data processing agreements compliant with Art. 28 GDPR.

10. Complaints

You have the right to lodge a complaint with your local supervisory authority. However, we encourage you to contact us first at info@avatero.ai to address your concerns.

11. Updates to this Notice

We will notify you of any material changes to this notice through:

  • In-app notifications
  • Email communications
  • App store updates

12. Additional Information

For detailed information about:

  • Cookie usage
  • Marketing practices
  • AI data processing
  • Security measures

Please refer to our main Privacy Policy or contact info@avatero.ai

13. Data Protection Officer

While we have not appointed a formal DPO, data protection inquiries can be directed to:

Email: info@avatero.ai
Response Time: Within 72 hours

14. Important Notes

  • All requests will be processed within 30 days
  • Complex requests may require a 60-day extension
  • We may request verification of identity
  • Some requests may be limited by legal obligations
  • Service functionality may be impacted by certain requests