Privacy Policy

This Privacy Policy describes how Aktis SL ("we", "us"), operator of the Euphania service, collects, uses, and protects personal information. It applies to the euphania.com website and all related services.

We are committed to data minimization: we collect only what is necessary to operate the Service, and we never sell personal data.

1. Data controller

Aktis SL
Urbanització La Plana, Xalet 27
AD700 Escaldes-Engordany, Andorra
Email: info@aktisandorra.com

2. Information we collect

Information you provide

• Account information: email address, name, billing details.
• Communications: messages you send us (support, sales).

Information from connected platforms

When you connect a store (e.g. Shopify), we access only the data scopes you authorize during OAuth:

• Product data: titles, descriptions, meta fields, images, variants, pricing.
• Store name and domain.

We do not access orders, customer records, payment methods, or any other data outside of the authorized scopes.

Information collected automatically

• Usage data: pages visited, features used, timestamps.
• Device data: IP address, browser type, operating system.
• Cookies: see our Cookie Policy.

3. How we use information

We use personal data to:

• Provide, maintain, and improve the Service.
• Process payments and manage subscriptions.
• Communicate with you about the Service (transactional emails, updates, support).
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.
• Send occasional marketing communications (with your consent, where required by law; you can unsubscribe anytime).

We do not use your product data or AI-generated content to train artificial intelligence models.

4. Legal bases (GDPR)

For users in the European Economic Area and the United Kingdom, we rely on the following legal bases:

• Contract: to provide the Service you have subscribed to.
• Legitimate interests: to improve the Service, prevent fraud, and communicate operationally.
• Consent: for marketing communications and non-essential cookies.
• Legal obligation: to comply with accounting, tax, and other regulatory requirements.

5. Sharing and subprocessors

We share personal data only with trusted subprocessors that help us operate the Service. Current subprocessors include:

• Railway (USA) — application hosting.
• Anthropic (USA) — AI model provider (Claude API). Data sent for inference is not used for training.
• Lemon Squeezy / Stripe (USA) — payment processing and Merchant of Record services.
• Resend (USA) — transactional email delivery.
• Netlify (USA) — website hosting.

International transfers rely on Standard Contractual Clauses or other lawful transfer mechanisms. A current list of subprocessors is maintained in our Data Processing Agreement.

We never sell personal data. We do not share personal data with advertisers.

6. Data retention

• Account data: retained while your account is active and for up to 30 days after termination, unless legally required otherwise.
• Product data imported from your store: retained while your account is active; deleted within 30 days of account termination or upon request.
• Billing records: retained for the period required by tax law (typically 6–10 years).
• Support communications: retained for up to 3 years.

7. Your rights

Depending on your jurisdiction, you may have the following rights over your personal data:

• Access — request a copy of the personal data we hold.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data.
• Restriction — limit our processing.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — for any processing based on consent.
• Complain — lodge a complaint with your local data protection authority. For residents of the EU/UK, you may also contact the Andorran Data Protection Agency (APDA).

California residents have additional rights under the CCPA, including the right to know what personal information we collect and the right to request deletion. We do not sell personal information, so the "right to opt out" of sale does not practically apply.

To exercise any right, email us at info@aktisandorra.com. We respond within 30 days.

8. Security

We implement reasonable technical and organizational measures to protect personal data: encryption in transit (TLS) and at rest, strict access controls, regular security reviews, and isolated production environments. No system is perfectly secure; we commit to notifying affected users and regulators of a data breach as required by law.

9. Children's privacy

The Service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced by email or a prominent notice in the Service. The "Last updated" date above reflects the most recent revision.

11. Contact

For privacy questions, data subject requests, or to designate a point of contact, email info@aktisandorra.com.