Join waitlist
Privacy Policy

How we handle your data.

We process personal data only where necessary to provide and improve the Ateliaro service. This policy explains what we collect, why, and what rights you have under the General Data Protection Regulation (GDPR).

Last updated: May 2026  |  Applies to: ateliaro.com

Contents
  1. Data controller
  2. What data we collect
  3. How we use personal data
  4. Legal basis for processing
  5. Who we share data with
  6. How long we keep data
  7. Your rights under GDPR
  8. International data transfers
  9. Cookies and similar technologies
  10. Children
  11. Changes to this policy
  12. How to contact us

1. Data controller

The controller responsible for the processing of personal data in connection with Ateliaro is:

Ateliaro
[Street address]
[City, postal code], Germany
Email: contact@ateliaro.com

If you have any questions about data processing, please contact us at the email address above.

2. What data we collect

When you contact us or request access:

  • Name and email address provided through contact forms or direct email
  • Content of messages you send to us
  • IP address and timestamp of the request

When you register an account or join the waitlist:

  • Name and email address
  • Workspace name and type of goods you produce
  • Password stored as a one-way cryptographic hash (we cannot read it)
  • Referral source if voluntarily provided

When you use the application:

  • Account activity logs (logins, actions, timestamps) for security and support
  • Business data you enter - materials, recipes, batches, orders, costs - this data belongs to you
  • Browser type, operating system and IP address for security logging

We do not collect:

  • Payment card numbers - these are handled entirely by our payment processor
  • Biometric data, health data or special categories under Art. 9 GDPR
  • Data from social networks beyond what you explicitly provide

3. How we use personal data

  • To respond to contact and support inquiries
  • To create and manage your account
  • To provide, operate and improve the Ateliaro service
  • To send transactional messages such as account confirmation, password reset and access approval notifications
  • To send product updates and early-access communications where you have opted in
  • To detect and prevent fraud, unauthorized access and abuse
  • To comply with applicable legal obligations

We do not sell personal data to third parties. We do not use personal data for automated individual decision-making that produces legal or similarly significant effects.

4. Legal basis for processing

We process personal data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): processing necessary to provide the Ateliaro service you signed up for, including account management and transactional communications.
  • Legitimate interests (Art. 6(1)(f)): processing necessary for fraud prevention, service security and reliability. Our interests do not override your fundamental rights.
  • Consent (Art. 6(1)(a)): where you have explicitly opted in to receive product news or marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legal obligation (Art. 6(1)(c)): where processing is required under applicable EU or German law.

5. Who we share data with

We share personal data only where necessary, and only with processors who handle it on our behalf under written data processing agreements. Categories of processors include:

  • Cloud infrastructure provider for hosting the application and its database
  • Email service provider for sending transactional and notification emails
  • Payment processor for billing - they handle payment data directly and we do not receive full card details
  • Error monitoring service for detecting technical failures - error reports contain no personally identifiable content

We do not share personal data with third parties for their own marketing. We may disclose data if required by law, court order or to protect the rights, property or safety of Ateliaro, our users or others.

6. How long we keep data

  • Contact and inquiry data: up to 24 months from last contact, or longer if needed to resolve an ongoing matter.
  • Account data: for the duration of your active account. After deletion, most personal data is removed within 30 days. Anonymised aggregated statistics may be retained indefinitely.
  • Security and access logs: up to 12 months.
  • Billing records: for the period required by German and EU tax law, typically 10 years for invoice documents.

When data is no longer required we delete it or anonymise it so it cannot be re-linked to you.

7. Your rights under GDPR

As a data subject in the European Economic Area you have the following rights:

  • Access (Art. 15): request a copy of the personal data we hold about you.
  • Rectification (Art. 16): ask us to correct inaccurate or incomplete data.
  • Erasure (Art. 17): request deletion of your data where no legal basis for retention remains.
  • Restriction (Art. 18): ask us to limit processing while a dispute is resolved.
  • Portability (Art. 20): receive your data in a structured machine-readable format where processing is based on consent or contract.
  • Objection (Art. 21): object to processing based on legitimate interests at any time.
  • Withdraw consent: revoke consent at any time where processing relies on it.

To exercise any right, email contact@ateliaro.com with the subject line "Privacy request". We will respond within 30 days.

If you believe we are handling your data unlawfully, you have the right to lodge a complaint with the supervisory authority. The competent authority in Germany is the Bundesbeauftragte fur Datenschutz und Informationsfreiheit (BfDI), reachable at www.bfdi.bund.de.

8. International data transfers

We aim to process personal data within the European Economic Area. Where a service provider transfers data to a third country, we ensure an adequate level of protection through one or more of the following:

  • An adequacy decision by the European Commission
  • Standard contractual clauses (SCCs) adopted by the European Commission
  • Other appropriate safeguards recognised under GDPR

You can request details of any specific transfers and safeguards in place by contacting us.

9. Cookies and similar technologies

The public website (ateliaro.com) uses strictly necessary cookies for session management and navigation only. We do not currently use third-party analytics, advertising or tracking cookies on the public website.

The application uses session cookies to maintain your authenticated session. These expire when you log out or close your browser.

We do not use persistent cross-site tracking, fingerprinting or third-party tracking pixels.

10. Children

Ateliaro is a professional business tool intended for adults. We do not knowingly collect personal data from persons under 18 years of age. If you believe a child has provided us data, contact us and we will delete it promptly.

11. Changes to this policy

We may update this policy from time to time. When we do, we will update the date shown at the top. For material changes, we will notify active account holders by email at least 14 days before the change takes effect. Continued use of the service after that date constitutes acceptance.

12. How to contact us

Email: contact@ateliaro.com
Subject: "Privacy request" helps us route your message correctly.
We respond within 30 days, usually sooner.