Privacy Policy

1.Scope and purpose of this policy

This policy applies to every natural person who registers for the ATMOS ERP system, tries its demo interface, or visits our website. We may modify this policy at any time; significant changes will be communicated by email or in-app.

2.Legal basis for processing

The legal basis for processing personal data is based on Article 6(1)(a), (b) and (f) of the GDPR: the consent of the data subject (marketing outreach), the performance of a contract (paid subscriptions), and the legitimate interest of the controller (abuse prevention, service provision).

3.Scope of data processed

During demo signup and use of the system we may collect the following data:

• ›Name and email address — for identification and contact
• ›Company name (optional) — for segmentation and preparing business offers
• ›Marketing consent (yes/no) — for newsletter delivery
• ›IP address in hashed form — protection against abuse
• ›Browser identifier (user-agent) — compatibility measurements
• ›User activity (page views, clicks) — to improve the system and inform our account managers

4.Purpose of processing

We use your data only for the following purposes:

• ›Providing demo access and operating the system securely
• ›Product demonstrations, offers and contact (if you consented)
• ›Sending newsletters, product updates and marketing content (opt-in, unsubscribe anytime)
• ›Improving our service based on anonymised, aggregated statistics

5.Retention period

We store personal data only for the necessary period:

• ›Demo signup data: 24 months from last activity
• ›Activity log (clicks): 12 months
• ›Marketing consent revoked: deleted immediately
• ›Billing data (paid customers): 8 years per accounting law
• ›IP hash data: 30 days
• ›Contract documentation: 5 years after contract termination

6.Your rights

Under the GDPR you have the following rights:

• ›Right of access — find out what data we hold about you
• ›Right to rectification — request correction of inaccurate data
• ›Right to erasure ("right to be forgotten")
• ›Right to restriction of processing
• ›Right to data portability — receive your data in a machine-readable format

7.Data processors

Secure data handling is supported by the following providers: Supabase Inc. (data storage, EU region), Hostinger International Ltd. (server infrastructure), Resend Inc. (email delivery), Anthropic PBC (AI services — anonymised requests only). We have signed GDPR-compliant data processing agreements with each provider.

8.Cookies

We use cookies that are strictly necessary for the website to function (e.g. login state, demo session). We do not use third-party advertising cookies. You can disable cookies in your browser settings at any time, but this may affect system functionality.

9.Data security

We transmit data over encrypted channels (TLS 1.3) and store it encrypted on servers (AES-256). Our authorisation system logs every access. Our systems undergo regular security audits and are continuously updated.

10.Authority requests

We only share your data with third parties when legally required. We will inform you of every such request — unless prohibited by law.

11.Card payments and Barion Pixel

The Service Provider processes online card payments via Barion Payment Zrt. (registered seat: Irinyi József utca 4-20., 2nd floor, 1117 Budapest; company reg. no.: 01-10-048552; tax no.: 25353192-2-43; MNB licence no.: H-EN-I-1064/2013; e-money issuer institution). The Service Provider does not see, store or transmit card data — the entire transaction takes place within Barion's PCI-DSS Level 1 certified system. Under the Barion Smart Gateway terms, the Barion Pixel (Base) script is embedded in the website for fraud prevention purposes, transmitting the data listed below to Barion. The Pixel is used solely for fraud prevention and does not perform marketing data processing, therefore no separate cookie consent is required; personal identifiers collected by the Pixel are hashed in the browser, so Barion does not see actual visitor identifiers either. Acceptance of the Barion Pixel supplementary terms (https://www.barion.com/en/general-terms-and-conditions/) is the Service Provider's obligation; no separate visitor declaration is required.

• ›Hashed (irreversible) device and browser identifier
• ›Timing of user actions on payment pages (page load, click)
• ›Pseudonymised IP address (also stored only in hashed form on Barion's side)
• ›Identifier of purchase flow steps (cart, checkout) — strictly bound to the transaction, in minimal volume
• ›Pixel data is retained by Barion for at most 2 years and used solely for payment fraud prevention