Privacy Policy

Last updated: March 2026

TSALAMAGKAKIS GEORGIOS CHRISTOS PETROS ("we", "us", or "our") operates the Proteas platform (the "Service"). This Privacy Policy explains how we collect, use, and protect information when you use the Service.

We are established in Greece and subject to the General Data Protection Regulation (EU) 2016/679 ("GDPR").

1. Who We Are

Controller: TSALAMAGKAKIS GEORGIOS CHRISTOS PETROS Contact: gc@theartofecomm.com

2. Information We Collect

Account information

When you register or are invited to the Service, we collect your name and email address.

Organisation data

We store the organisation name, membership roles, and settings you configure, including API credentials you provide for third-party platforms (Klaviyo, Recharge, Skio, and similar subscription management tools). API keys are stored encrypted and are only used to communicate with those platforms on your behalf.

Subscriber data processed on your behalf

When you run a rule, the Service retrieves email addresses and subscription records from your connected platforms and processes them to generate batch updates. This data belongs to your customers. You are the data controller for your subscribers; we act as a data processor on your instructions.

Usage data

We collect standard server logs (IP address, browser type, pages visited, timestamps) for security and operational purposes.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To authenticate users and enforce access controls
  • To execute bulk subscription operations on your instruction
  • To send transactional emails (batch ready for review, batch completed)
  • To respond to support requests

We do not sell your data or your customers' data to third parties. We do not use subscriber data for our own marketing purposes.

4. Legal Basis for Processing (GDPR)

| Purpose | Legal basis | |---|---| | Providing the Service under contract | Art. 6(1)(b) — performance of a contract | | Security and fraud prevention | Art. 6(1)(f) — legitimate interests | | Compliance with legal obligations | Art. 6(1)(c) — legal obligation |

Processing of your customers' subscriber data is carried out under Art. 28 GDPR as a data processor acting on your documented instructions.

5. Third-Party Services

The Service integrates with third-party platforms you connect:

  • Klaviyo — to read list and segment membership
  • Recharge, Skio, Loop, Stay — to read and update subscription records

We also use:

  • Upstash / QStash — background job processing
  • Email delivery provider — transactional emails

Each third party is subject to its own privacy policy. We only share data with them to the extent necessary to operate the Service.

6. Data Retention

  • Account and organisation data is retained for as long as your account is active.
  • Batch records (including the email addresses processed) are retained to provide audit history. You may contact us to request deletion.
  • Server logs are retained for up to 90 days.

7. Your Rights Under GDPR

If you are located in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority — in Greece, the Hellenic Data Protection Authority (HDPA) at www.dpa.gr

To exercise any of these rights, contact us at gc@theartofecomm.com.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption of API credentials at rest and HTTPS for all data in transit.

9. Changes to This Policy

We may update this policy from time to time. We will notify you by email or in-app notice if we make material changes. Continued use of the Service after changes take effect constitutes acceptance.

10. Contact

For any privacy-related questions or requests:

TSALAMAGKAKIS GEORGIOS CHRISTOS PETROS gc@theartofecomm.com