1. Data controller and contact
Amenti (“we”, “us”, or “our”) is currently a business operating as a company in formation and is in the process of incorporating. Until incorporation is completed, references to “Amenti” refer to the business operated by Alexander Gitman on behalf of Amenti.
Address: Available upon request
Email: [email protected]
General support: [email protected]
2. Personal data we process
Depending on how you use the service, we may process the following categories of personal data:
- Account and identity data: name, email, login credentials, organization details.
- Billing data: invoice information, payment status, tax details (payment card data is handled by payment providers).
- Service usage data: logs, events, settings, feature usage, device and browser information.
- Support and communication data: support requests, chat records, and service communications.
- Customer content data you upload or generate in the platform, which may include training and nutrition information.
3. Purposes and legal bases (GDPR Art. 6)
| Purpose | Example data | Legal basis |
|---|---|---|
| Provide and operate the SaaS service | Account, service usage, customer content | Contract performance (Art. 6(1)(b)) |
| Billing, invoicing, accounting, taxes | Billing and transaction records | Legal obligation (Art. 6(1)(c)) |
| Security, fraud prevention, abuse detection | Logs, device, network, and activity data | Legitimate interests (Art. 6(1)(f)) |
| Support and service communication | Support requests and communication records | Contract performance or legitimate interests |
| Optional analytics and marketing communications | Cookie identifiers, campaign engagement | Consent (Art. 6(1)(a)) where required |
4. Recipients and processors
We share personal data only when necessary to provide the service and meet legal obligations. Typical recipient categories:
- Cloud hosting and infrastructure providers.
- Payment and billing providers.
- Customer support, communications, and email delivery providers.
- Security and monitoring providers.
- Professional advisors and authorities when required by law.
We use written data processing agreements (DPAs) with processors as required by GDPR Art. 28.
5. International data transfers
If personal data is transferred outside the EEA, we rely on lawful safeguards such as:
- European Commission adequacy decisions.
- Standard Contractual Clauses (SCCs) and supplementary safeguards where needed.
- Other lawful transfer mechanisms recognized under GDPR Chapter V.
6. Retention periods
- Account and service records: retained for the contract duration plus applicable limitation periods.
- Billing and tax records: retained for statutory accounting and tax periods.
- Security logs: retained for a limited period necessary for security monitoring and investigations.
- Customer content: deleted or anonymized based on contract terms and documented deletion schedules.
7. Your GDPR rights
Subject to legal conditions, you may have the right to access, rectify, erase, restrict processing, object, and data portability. You may also withdraw consent at any time where processing is based on consent.
To exercise your rights, contact [email protected]. We may request verification of identity before responding.
8. Security measures
We implement technical and organizational measures designed to protect personal data, including encryption in transit, access controls, environment segregation, and monitoring. No method of transmission or storage is fully risk free.
10. Children data
The service is not directed to children under 16. If you believe a child has provided personal data without proper legal basis, contact us so we can investigate and take appropriate action.
11. Changes to this policy
We may update this policy as laws or services evolve. If changes are material, we will provide notice through the service or by email where appropriate.
12. Complaints and supervisory authorities
You have the right to lodge a complaint with your local supervisory authority in the EEA. We encourage you to contact us first at [email protected] so we can address the issue directly.