Effective Date: December 1st, 2025 | Last Updated: December 1st, 2025
This GDPR Privacy Statement ("Statement") supplements the Privacy Policy of Altyaa LLC ("Altyaa," "we," "us," or "our") and applies exclusively to individuals located in the European Economic Area ("EEA"), the United Kingdom ("UK"), and Switzerland.
For questions or requests under this Statement, contact us at: legal@altyaa.com
1. Scope of This Statement
This Statement describes how Altyaa processes personal data of individuals in the EEA, UK, and Switzerland in accordance with:
- The EU General Data Protection Regulation ("GDPR")
- The UK General Data Protection Regulation ("UK GDPR")
- The Swiss Federal Act on Data Protection (FADP)
This Statement applies to personal data processed through:
- The Altyaa.ai website
- Altyaa's SaaS platform
- Reputation management tools
- Social media publishing tools
- AI Agents and AI-assisted content creation
- Integrations with third-party platforms (e.g., Google, Meta, Instagram, TikTok)
2. Purposes of Processing
Personal data is processed for the purposes described in the Altyaa Privacy Policy, including:
- Creating and managing user accounts
- Providing reputation management and social media services
- AI-assisted content generation and agent automation
- Sending operational messages and tools updates
- Securing and improving platform performance
- Processing subscription payments (via Stripe)
- Enabling posting to connected platforms
- Providing customer support
- Complying with legal obligations
Personal data collected via cookies or tracking tools is processed for analytics, functionality, and performance reasons.
3. Lawful Bases for Processing
Altyaa processes personal data under the following lawful grounds:
3.1 Legitimate Interests
For operating and improving our Services, including:
- Authentication
- Monitoring platform performance
- Detecting abuse
- Developing new features
- Ensuring security
- Providing social media posting and reputation management functions
3.2 Consent
Where required, we rely on your consent for:
- Optional marketing communications
- Cookie-based analytics
- Connecting external integrations
- AI functions that require personal data input
- Media content upload (photos/videos) for posting
You may withdraw consent at any time.
3.3 Contractual Necessity
To:
- Provide access to the Altyaa platform
- Deliver AI-assisted tools
- Manage subscription billing
- Post content to connected platforms at your direction
3.4 Legal Obligations
To meet compliance requirements, including:
- Tax and financial laws
- Security investigations
- Regulatory obligations
4. Categories of Personal Data Processed
Altyaa may process the following types of personal data:
- Name
- Email address
- Business name & type
- Login credentials (hashed)
- IP address & device data
- Usage analytics
- Social media content you upload
- Photos and videos uploaded for posting
- Review responses, templates, captions
- AI-generated content created within your account
- Connected platform identifiers (e.g., Google Business Profile IDs)
We do not intentionally process sensitive data (special categories under GDPR) unless voluntarily provided.
5. Recipients of Personal Data
We may share personal data with the following categories of recipients:
5.1 Service Providers (Processors)
Including:
- Hosting & cloud infrastructure
- Email and notification providers
- AI processing providers under strict terms
- Security, monitoring, and analytics tools
- Payment processor (Stripe)
All service providers are bound by GDPR-compliant DPAs.
5.2 Third-Party Integrations
If you connect an external account (Google, Meta, TikTok, etc.), we may share data required to enable posting, insights, or monitoring — as authorized by you.
5.3 Legal and Regulatory Authorities
When legally required under:
- Subpoenas
- Court orders
- Government investigations
5.4 Corporate Successors
In the event of a merger, acquisition, or corporate reorganization.
6. Transfers of Personal Data Outside the EEA, UK, and Switzerland
Altyaa LLC is based in the United States, where most data processing occurs.
To ensure GDPR compliance:
If Altyaa self-certifies under the Data Privacy Framework (DPF), this Statement will be updated accordingly.
7. Retention Periods
We retain personal data only as necessary for:
- Delivering the Services
- Protecting platform integrity
- Fulfilling legal obligations
- Resolving disputes
- Enforcing agreements
7.1 Media Content (Photos & Videos)
Photos and videos uploaded for social posting are:
- Stored securely
- Retained only while your account is active
- Deleted upon account deletion or request (subject to legal obligations)
Content already posted to third-party platforms remains under their control.
8. Security Measures
Altyaa maintains GDPR-compliant security measures, including:
Encrypted Transmission
TLS encryption
Encrypted Storage
Sensitive metadata encrypted at rest
Access Controls
Strict RBAC policies
Password Security
Secure hashing
Multi-Region
Redundant infrastructure
Monitoring
Continuous security monitoring
Backup & DR
Disaster recovery systems
Incident Response
Documented protocols
9. Your GDPR Rights
Individuals in the EEA, UK, and Switzerland have the following rights:
To exercise these rights, email: legal@altyaa.com
We may require verification of your identity.
10. No Obligation to Provide Data
You are not legally required to provide personal data. However, without certain information:
- Account creation may not be possible
- Posting to external platforms may not work
- Subscription billing may not be processed
- AI features may be limited
11. GDPR Requests Procedure
To make a GDPR request (access, restriction, deletion, portability, or objection), email:
We will respond within the legally required timeframe.
12. Updates to This Statement
We may update this Statement from time to time. Material changes will be communicated through:
- Email notification, or
- In-app notice
Your continued use of the Services indicates acceptance of the updated Statement.